| blob | e5c7365b46ac2910ff7436931dcacf687467458c |
1 <!doctype debiandoc system [
2 <!-- include version information so we don't have to hard code it
3 within the document -->
5 <!-- current Debian changes file format -->
7 ]>
8 <debiandoc>
10 <book>
11 <titlepag>
16 <abstract>
17 This manual describes the policy requirements for the Debian
18 distribution. This includes the structure and
19 contents of the Debian archive and several design issues of
20 the operating system, as well as technical requirements that
21 each package must satisfy to be included in the distribution.
22 </abstract>
24 <copyright>
25 <copyrightsummary>
27 and Christian Schwarz.
28 </copyrightsummary>
29 <p>
30 These are the copyright dates of the original Policy manual.
31 Since then, this manual has been updated by many others. No
32 comprehensive collection of copyright notices for subsequent
33 work exists.
34 </p>
36 <p>
37 This manual is free software; you may redistribute it and/or
38 modify it under the terms of the GNU General Public License
39 as published by the Free Software Foundation; either version
40 2, or (at your option) any later version.
41 </p>
43 <p>
44 This is distributed in the hope that it will be useful, but
46 warranty of merchantability or fitness for a particular
47 purpose. See the GNU General Public License for more
48 details.
49 </p>
51 <p>
52 A copy of the GNU General Public License is available as
54 distribution or on the World Wide Web at
57 obtain it by writing to the Free Software Foundation, Inc.,
59 </p>
60 </copyright>
61 </titlepag>
67 <sect>
69 <p>
70 This manual describes the policy requirements for the Debian
71 distribution. This includes the structure and
72 contents of the Debian archive and several design issues of the
73 operating system, as well as technical requirements that
74 each package must satisfy to be included in the
75 distribution.
76 </p>
78 <p>
79 This manual also describes Debian policy as it relates to
80 creating Debian packages. It is not a tutorial on how to build
81 packages, nor is it exhaustive where it comes to describing
82 the behavior of the packaging system. Instead, this manual
83 attempts to define the interface to the package management
84 system that the developers have to be conversant with.<footnote>
85 Informally, the criteria used for inclusion is that the
86 material meet one of the following requirements:
89 <item>
90 The material presented represents an interface to
91 the packaging system that is mandated for use, and
92 is used by, a significant number of packages, and
93 therefore should not be changed without peer
94 review. Package maintainers can then rely on this
95 interface not changing, and the package management
96 software authors need to ensure compatibility with
97 this interface definition. (Control file and
98 changelog file formats are examples.)
99 </item>
101 <item>
102 If there are a number of technically viable choices
103 that can be made, but one needs to select one of
104 these options for inter-operability. The version
105 number format is one example.
106 </item>
107 </taglist>
108 Please note that these are not mutually exclusive;
109 selected conventions often become parts of standard
110 interfaces.
111 </footnote>
112 </p>
114 <p>
115 The footnotes present in this manual are
116 merely informative, and are not part of Debian policy itself.
117 </p>
119 <p>
120 The appendices to this manual are not necessarily normative,
122 </p>
124 <p>
125 In the normative part of this manual,
129 distinguish the significance of the various guidelines in
130 this policy document. Packages that do not conform to the
132 will generally not be considered acceptable for the Debian
133 distribution. Non-conformance with guidelines denoted by
135 considered a bug, but will not necessarily render a package
136 unsuitable for distribution. Guidelines denoted by
138 adherence is left to the maintainer's discretion.
139 </p>
141 <p>
142 These classifications are roughly equivalent to the bug
148 items).
149 <footnote>
150 Compare RFC 2119. Note, however, that these words are
151 used in a different way in this document.
152 </footnote>
153 </p>
155 <p>
156 Much of the information presented in this manual will be
157 useful even when building a package which is to be
158 distributed in some other way or is intended for local use
159 only.
160 </p>
162 <p>
163 udebs (stripped-down binary packages used by the Debian Installer) do
164 not comply with all of the requirements discussed here. See the
167 information about them.
168 </p>
169 </sect>
171 <sect>
174 <p>
175 This manual is distributed via the Debian package
180 </p>
182 <p>
183 The current version of this document is also available from
184 the Debian web mirrors at
187 (
190 Also available from the same directory are several other
197 </p>
199 <p>
202 changes between versions of this document.
203 </p>
204 </sect>
209 <p>
210 Originally called "Debian GNU/Linux Policy Manual", this
211 manual was initially written in 1996 by Ian Jackson.
214 and reworked/restructured it in April-July 1997.
215 Christoph Lameter contributed the "Web Standard".
216 Julian Gilbey largely restructured it in 2001.
217 </p>
219 <p>
220 Since September 1998, the responsibility for the contents of
223 are discussed there and inserted into policy after a certain
224 consensus is established.
225 <!-- insert shameless policy-process plug here eventually -->
226 The actual editing is done by a group of maintainers that have
227 no editorial powers. These are the current maintainers:
229 <enumlist>
234 </enumlist>
235 </p>
237 <p>
238 While the authors of this document have tried hard to avoid
239 typos and other errors, these do still occur. If you discover
240 an error in this manual or if you want to give any
241 comments, suggestions, or criticisms please send an email to
242 the Debian Policy List,
245 </p>
247 <p>
248 Please do not try to reach the individual authors or maintainers
249 of the Policy Manual regarding changes to the Policy.
250 </p>
251 </sect>
256 <p>
257 There are several other documents other than this Policy Manual
258 that are necessary to fully understand some Debian policies and
259 procedures.
260 </p>
262 <p>
263 The external "sub-policy" documents are referred to in:
271 </list>
272 </p>
274 <p>
275 In addition to those, which carry the weight of policy, there
276 is the Debian Developer's Reference. This document describes
277 procedures and resources for Debian developers, but it is
279 belong in the Policy, such as best practices for developers.
280 </p>
282 <p>
283 The Developer's Reference is available in the
285 It's also available from the Debian web mirrors at
288 </p>
290 <p>
292 machine-readable copyright files</qref> is maintained as part of
294 procedure as the other policy documents. Use of this format is
295 optional.
296 </p>
297 </sect>
302 <p>
303 The following terms are used in this Policy Manual:
304 <taglist>
306 <item>
307 The character encoding specified by ANSI X3.4-1986 and its
308 predecessor standards, referred to in MIME as US-ASCII, and
309 corresponding to an encoding in eight bits per character of
312 </item>
314 <item>
315 The transformation format (sometimes called encoding) of
319 ASCII as a subset, so any text encoded in ASCII is trivially
320 also valid UTF-8.
321 </item>
322 </taglist>
323 </p>
324 </sect>
325 </chapt>
331 <p>
332 The Debian system is maintained and distributed as a
334 them (currently well over 15000), they are split into
336 the handling of them.
337 </p>
339 <p>
340 The effort of the Debian project is to build a free operating
341 system, but not every package we want to make accessible is
343 Guidelines, below), or may be imported/exported without
344 restrictions. Thus, the archive is split into areas<footnote>
345 The Debian archive software uses the term "component" internally
346 and in the Release file format to refer to the division of an
347 archive. The Debian Social Contract simply refers to "areas."
348 This document uses terminology similar to the Social Contract.
349 </footnote> based on their licenses and other restrictions.
350 </p>
352 <p>
353 The aims of this are:
357 <item>to allow us to encourage everyone to write free software,
358 and</item>
359 <item>to allow us to make it easy for people to produce
360 CD-ROMs of our system without violating any licenses,
361 import/export restrictions, or any other laws.</item>
362 </list>
363 </p>
365 <p>
367 </p>
369 <p>
372 distribution, although we support their use and provide
373 infrastructure for them (such as our bug-tracking system and
374 mailing lists). This Debian Policy Manual applies to these
375 packages as well.
376 </p>
380 <p>
381 The Debian Free Software Guidelines (DFSG) form our
382 definition of "free software". These are:
383 <taglist>
385 </tag>
386 <item>
387 The license of a Debian component may not restrict any
388 party from selling or giving away the software as a
389 component of an aggregate software distribution
390 containing programs from several different
391 sources. The license may not require a royalty or
392 other fee for such sale.
393 </item>
395 </tag>
396 <item>
397 The program must include source code, and must allow
398 distribution in source code as well as compiled form.
399 </item>
401 </tag>
402 <item>
403 The license must allow modifications and derived
404 works, and must allow them to be distributed under the
405 same terms as the license of the original software.
406 </item>
408 </tag>
409 <item>
410 The license may restrict source-code from being
412 license allows the distribution of "patch files"
413 with the source code for the purpose of modifying the
414 program at build time. The license must explicitly
415 permit distribution of software built from modified
416 source code. The license may require derived works to
417 carry a different name or version number from the
418 original software. (This is a compromise. The Debian
419 Project encourages all authors to not restrict any
420 files, source or binary, from being modified.)
421 </item>
423 </tag>
424 <item>
425 The license must not discriminate against any person
426 or group of persons.
427 </item>
429 </tag>
430 <item>
431 The license must not restrict anyone from making use
432 of the program in a specific field of endeavor. For
433 example, it may not restrict the program from being
434 used in a business, or from being used for genetic
435 research.
436 </item>
438 </tag>
439 <item>
440 The rights attached to the program must apply to all
441 to whom the program is redistributed without the need
442 for execution of an additional license by those
443 parties.
444 </item>
446 </tag>
447 <item>
448 The rights attached to the program must not depend on
449 the program's being part of a Debian system. If the
450 program is extracted from Debian and used or
451 distributed without Debian but otherwise within the
452 terms of the program's license, all parties to whom
453 the program is redistributed must have the same
454 rights as those that are granted in conjunction with
455 the Debian system.
456 </item>
458 </tag>
459 <item>
460 The license must not place restrictions on other
461 software that is distributed along with the licensed
462 software. For example, the license must not insist
463 that all other programs distributed on the same medium
464 must be free software.
465 </item>
467 </tag>
468 <item>
471 </item>
472 </taglist>
473 </p>
474 </sect>
482 <p>
484 distribution. Only the packages in this area are considered
485 part of the distribution. None of the packages in
487 that area to function. Anyone may use, share, modify and
488 redistribute the packages in this archive area
489 freely<footnote>
492 more about what we mean by free software.
493 </footnote>.
494 </p>
496 <p>
498 (Debian Free Software Guidelines).
499 </p>
501 <p>
504 <item>
505 must not require or recommend a package outside
510 package),
511 </item>
512 <item>
513 must not be so buggy that we refuse to support them,
514 and
515 </item>
516 <item>
517 must meet all policy requirements presented in this
518 manual.
519 </item>
520 </list>
521 </p>
523 </sect1>
528 <p>
530 packages intended to work with the Debian distribution, but
531 which require software outside of the distribution to either
532 build or function.
533 </p>
535 <p>
537 </p>
539 <p>
542 <item>
543 must not be so buggy that we refuse to support them,
544 and
545 </item>
546 <item>
547 must meet all policy requirements presented in this
548 manual.
549 </item>
550 </list>
551 </p>
553 <p>
554 Examples of packages which would be included in
557 <item>
560 in our archive at all for compilation or execution,
561 and
562 </item>
563 <item>
564 wrapper packages or other sorts of free accessories for
565 non-free programs.
566 </item>
567 </list>
568 </p>
569 </sect1>
574 <p>
576 packages intended to work with the Debian distribution that do
577 not comply with the DFSG or have other problems that make
578 their distribution problematic. They may not comply with all
579 of the policy requirements in this manual due to restrictions
580 on modifications or other limitations.
581 </p>
583 <p>
585 not compliant with the DFSG or are encumbered by patents
586 or other legal issues that make their distribution
587 problematic.
588 </p>
590 <p>
593 <item>
594 must not be so buggy that we refuse to support them,
595 and
596 </item>
597 <item>
598 must meet all policy requirements presented in this
599 manual that it is possible for them to meet.
600 <footnote>
601 It is possible that there are policy
602 requirements which the package is unable to
603 meet, for example, if the source is
604 unavailable. These situations will need to be
605 handled on a case-by-case basis.
606 </footnote>
607 </item>
608 </list>
609 </p>
610 </sect1>
612 </sect>
617 <p>
618 Every package must be accompanied by a verbatim copy of its
619 copyright information and distribution license in the file
622 </p>
624 <p>
625 We reserve the right to restrict files from being included
626 anywhere in our archives if
628 <item>
629 their use or distribution would break a law,
630 </item>
631 <item>
632 there is an ethical conflict in their distribution or
633 use,
634 </item>
635 <item>
636 we would have to sign a license for them, or
637 </item>
638 <item>
639 their distribution would conflict with other project
640 policies.
641 </item>
642 </list>
643 </p>
645 <p>
646 Programs whose authors encourage the user to make
647 donations are fine for the main distribution, provided
648 that the authors do not claim that not donating is
649 immoral, unethical, illegal or something similar; in such
651 </p>
653 <p>
654 Packages whose copyright permission notices (or patent
655 problems) do not even allow redistribution of binaries
656 only, and where no special permission has been obtained,
657 must not be placed on the Debian FTP site and its mirrors
658 at all.
659 </p>
661 <p>
662 Note that under international copyright law (this applies
664 modification of a work is allowed without an explicit
665 notice saying so. Therefore a program without a copyright
667 to it without risking being sued! Likewise if a program
668 has a copyright notice but no statement saying what is
669 permitted then nothing is permitted.
670 </p>
672 <p>
673 Many authors are unaware of the problems that restrictive
674 copyrights (or lack of copyright notices) can cause for
675 the users of their supposedly-free software. It is often
676 worthwhile contacting such authors diplomatically to ask
677 them to modify their license terms. However, this can be a
678 politically difficult thing to do and you should ask for
680 explained below.
681 </p>
683 <p>
684 When in doubt about a copyright, send mail to
686 to provide us with the copyright statement. Software
687 covered by the GPL, public domain software and BSD-like
688 copyrights are safe; be wary of the phrases "commercial
690 </p>
691 </sect>
696 <p>
700 </p>
702 <p>
703 The archive area and section for each package should be
706 archive may override this selection to ensure the consistency of
708 of the form:
710 <item>
713 </item>
714 <item>
717 archive areas.
718 </item>
719 </list>
720 </p>
722 <p>
723 The Debian archive maintainers provide the authoritative
724 list of sections. At present, they are:
725 admin,
726 cli-mono,
727 comm,
728 database,
729 debug,
730 devel,
731 doc,
732 editors,
733 education,
734 electronics,
735 embedded,
736 fonts,
737 games,
738 gnome,
739 gnu-r,
740 gnustep,
741 graphics,
742 hamradio,
743 haskell,
744 httpd,
745 interpreters,
746 introspection,
747 java,
748 kde,
749 kernel,
750 libdevel,
751 libs,
752 lisp,
753 localization,
754 mail,
755 math,
756 metapackages,
757 misc,
758 net,
759 news,
760 ocaml,
761 oldlibs,
762 otherosfs,
763 perl,
764 php,
765 python,
766 ruby,
767 science,
768 shells,
769 sound,
770 tasks,
771 tex,
772 text,
773 utils,
774 vcs,
775 video,
776 web,
777 x11,
778 xfce,
779 zope.
781 contains special packages used by the installer and is not used
782 for normal Debian packages.
783 </p>
785 <p>
786 For more information about the sections and their definitions,
789 </p>
790 </sect>
795 <p>
799 This information is used by the Debian package management tools to
800 separate high-priority packages from less-important packages.
801 </p>
803 <p>
805 Debian package management tools.
806 <taglist>
808 <item>
809 Packages which are necessary for the proper
810 functioning of the system (usually, this means that
811 dpkg functionality depends on these packages).
813 system to become totally broken and you may not even
815 so only do so if you know what you are doing. Systems
817 unusable, but they do have enough functionality to
818 allow the sysadmin to boot and install more software.
819 </item>
821 <item>
822 Important programs, including those which one would
823 expect to find on any Unix-like system. If the
824 expectation is that an experienced Unix person who
825 found it missing would say "What on earth is going on,
826 where is <prgn>foo</prgn>?", it must be an
828 This is an important criterion because we are
829 trying to produce, amongst other things, a free
830 Unix.
831 </footnote>
832 Other packages without which the system will not run
833 well or be usable must also have priority
836 or any other large applications. The
838 commonly-expected and necessary tools.
839 </item>
841 <item>
842 These packages provide a reasonably small but not too
843 limited character-mode system. This is what will be
844 installed by default if the user doesn't select anything
845 else. It doesn't include many large applications.
846 </item>
848 <item>
849 (In a sense everything that isn't required is
850 optional, but that's not what is meant here.) This is
851 all the software that you might reasonably want to
852 install if you didn't know what it was and don't have
853 specialized requirements. This is a much larger system
854 and includes the X Window System, a full TeX
855 distribution, and many applications. Note that
856 optional packages should not conflict with each other.
857 </item>
859 <item>
860 This contains all packages that conflict with others
861 with required, important, standard or optional
862 priorities, or are only likely to be useful if you
863 already know what they are or have specialized
864 requirements (such as packages containing only detached
865 debugging symbols).
866 </item>
867 </taglist>
868 </p>
870 <p>
871 Packages must not depend on packages with lower priority
872 values (excluding build-time dependencies). In order to
873 ensure this, the priorities of one or more packages may need
874 to be adjusted.
875 </p>
876 </sect>
878 </chapt>
884 <p>
885 The Debian distribution is based on the Debian
887 all packages in the Debian distribution must be provided
889 </p>
891 <p>
893 to install on the system when the package is installed, and a set
894 of files that provide additional metadata about the package or
895 which are executed when the package is installed or removed. This
897 Among those files are the package maintainer scripts
899 package control file</qref> that contains the control fields for
900 the package. Other control information files include
903 used to store shared library dependency information and
906 </p>
908 <p>
909 There is unfortunately a collision of terminology here between
910 control information files and files in the Debian control file
912 to a file in the Debian control file format. These files are
915 included in the control information file member of
917 control information files are not in the Debian control file
918 format.
919 </p>
921 <sect>
924 <p>
925 Every package must have a name that's unique within the Debian
926 archive.
927 </p>
929 <p>
930 The package name is included in the control field
933 The package name is also included as a part of the file name
935 </p>
936 </sect>
941 <p>
942 Every package has a version number recorded in its
945 </p>
947 <p>
948 The package management system imposes an ordering on version
949 numbers, so that it can tell whether packages are being up- or
950 downgraded and so that package system front end applications
951 can tell whether a package it finds available is newer than
952 the one installed on the system. The version number format
953 has the most significant parts (as far as comparison is
954 concerned) at the beginning.
955 </p>
957 <p>
958 If an upstream package has problematic version numbers they
959 should be converted to a sane form for use in the
961 </p>
963 <sect1>
966 <p>
967 In general, Debian packages should use the same version
968 numbers as the upstream sources. However, upstream version
969 numbers based on some date formats (sometimes used for
970 development or "snapshot" releases) will not be ordered
971 correctly by the package management software. For
973 greater than "96Dec24".
974 </p>
976 <p>
977 To prevent having to use epochs for every new upstream
978 version, the date-based portion of any upstream version number
979 should be given in a way that sorts correctly: four-digit year
980 first, followed by a two-digit numeric month, followed by a
981 two-digit numeric date, possibly with punctuation between the
982 components.
983 </p>
985 <p>
986 Native Debian packages (i.e., packages which have been written
987 especially for Debian) whose version numbers include dates
988 should also follow these rules. If punctuation is desired
990 cannot be used in native package versions. Period
992 </p>
993 </sect1>
995 </sect>
1000 <p>
1001 Every package must have a maintainer, except for orphaned
1002 packages as described below. The maintainer may be one person
1003 or a group of people reachable from a common email address, such
1004 as a mailing list. The maintainer is responsible for
1005 maintaining the Debian packaging files, evaluating and
1006 responding appropriately to reported bugs, uploading new
1007 versions of the package (either directly or through a sponsor),
1008 ensuring that the package is placed in the appropriate archive
1009 area and included in Debian releases as appropriate for the
1010 stability and utility of the package, and requesting removal of
1011 the package from the Debian distribution if it is no longer
1012 useful or maintainable.
1013 </p>
1015 <p>
1017 control field with their correct name and a working email
1019 control field must accept mail from those role accounts in
1020 Debian used to send automated mails regarding the package. This
1021 includes non-spam mail from the bug-tracking system, all mail
1022 from the Debian archive maintenance software, and other role
1023 accounts or automated processes that are commonly agreed on by
1024 the project.<footnote>
1025 A sample implementation of such a whitelist written for the
1026 Mailman mailing list management software is used for mailing
1027 lists hosted by alioth.debian.org.
1028 </footnote>
1029 If one person or team maintains several packages, they should
1030 use the same form of their name and email address in
1032 </p>
1034 <p>
1037 </p>
1039 <p>
1040 If the maintainer of the package is a team of people with a
1042 be present and must contain at least one human with their
1044 syntax of that field.
1045 </p>
1047 <p>
1048 An orphaned package is one with no current maintainer. Orphaned
1051 These packages are considered maintained by the Debian project
1052 as a whole until someone else volunteers to take over
1053 maintenance.<footnote>
1054 The detailed procedure for gracefully orphaning a package can
1055 be found in the Debian Developer's Reference
1057 </footnote>
1058 </p>
1059 </sect>
1064 <p>
1066 field which contains a synopsis and extended description of the
1067 package. Technical information about the format of the
1069 </p>
1071 <p>
1072 The description should describe the package (the program) to a
1073 user (system administrator) who has never met it before so that
1074 they have enough information to decide whether they want to
1075 install it. This description should not just be copied verbatim
1076 from the program's documentation.
1077 </p>
1079 <p>
1080 Put important information first, both in the synopsis and
1081 extended description. Sometimes only the first part of the
1082 synopsis or of the description will be displayed. You can
1083 assume that there will usually be a way to see the whole
1084 extended description.
1085 </p>
1087 <p>
1088 The description should also give information about the
1089 significant dependencies and conflicts between this package
1090 and others, so that the user knows why these dependencies and
1091 conflicts have been declared.
1092 </p>
1094 <p>
1095 Instructions for configuring or using the package should
1096 not be included (that is what installation scripts,
1097 manual pages, info files, etc., are for). Copyright
1098 statements and other administrivia should not be included
1099 either (that is what the copyright file is for).
1100 </p>
1104 <p>
1105 The single line synopsis should be kept brief - certainly
1106 under 80 characters.
1107 </p>
1109 <p>
1110 Do not include the package name in the synopsis line. The
1111 display software knows how to display this already, and you
1112 do not need to state it. Remember that in many situations
1113 the user may only see the synopsis line - make it as
1114 informative as you can.
1115 </p>
1117 </sect1>
1121 <p>
1122 Do not try to continue the single line synopsis into the
1123 extended description. This will not work correctly when
1124 the full description is displayed, and makes no sense
1125 where only the summary (the single line synopsis) is
1126 available.
1127 </p>
1129 <p>
1130 The extended description should describe what the package
1131 does and how it relates to the rest of the system (in terms
1132 of, for example, which subsystem it is which part of).
1133 </p>
1135 <p>
1136 The description field needs to make sense to anyone, even
1137 people who have no idea about any of the things the
1138 package deals with.<footnote>
1139 The blurb that comes with a program in its
1141 rarely suitable for use in a description. It is
1142 usually aimed at people who are already in the
1143 community where the package is used.
1144 </footnote>
1145 </p>
1147 </sect1>
1149 </sect>
1154 <p>
1155 Every package must specify the dependency information
1156 about other packages that are required for the first to
1157 work correctly.
1158 </p>
1160 <p>
1161 For example, a dependency entry must be provided for any
1162 shared libraries required by a dynamically-linked executable
1163 binary in a package.
1164 </p>
1166 <p>
1167 Packages are not required to declare any dependencies they
1169 (see below), and should not do so unless they depend on a
1170 particular version of that package.<footnote>
1171 <p>
1172 Essential is needed in part to avoid unresolvable dependency
1173 loops on upgrade. If packages add unnecessary dependencies
1174 on packages in this set, the chances that there
1176 caused by forcing these Essential packages to be configured
1177 first before they need to be is greatly increased. It also
1178 increases the chances that frontends will be unable to
1180 exists.
1181 </p>
1182 <p>
1183 Also, functionality is rarely ever removed from the
1185 the Essential set when the functionality moved to a
1186 different package. So depending on these packages <em>just
1187 in case</em> they stop being essential does way more harm
1188 than good.
1189 </p>
1190 </footnote>
1191 </p>
1193 <p>
1194 Sometimes, unpacking one package requires that another package
1196 depending package must specify this dependency in
1198 </p>
1200 <p>
1202 package before this has been discussed on the
1204 doing that has been reached.
1205 </p>
1207 <p>
1208 The format of the package interrelationship control fields is
1210 </p>
1211 </sect>
1216 <p>
1217 Sometimes, there are several packages which offer
1218 more-or-less the same functionality. In this case, it's
1220 describes that common functionality. (The virtual
1221 packages only exist logically, not physically; that's why
1224 package. Thus, any other package requiring that function
1225 can simply depend on the virtual package without having to
1226 specify all possible packages individually.
1227 </p>
1229 <p>
1230 All packages should use virtual package names where
1231 appropriate, and arrange to create new ones if necessary.
1232 They should not use virtual package names (except privately,
1233 amongst a cooperating group of packages) unless they have
1234 been agreed upon and appear in the list of virtual package
1236 </p>
1238 <p>
1239 The latest version of the authoritative list of virtual
1241 It is also available from the Debian web mirrors at
1244 </p>
1246 <p>
1247 The procedure for updating the list is described in the preface
1248 to the list.
1249 </p>
1251 </sect>
1253 <sect>
1256 <p>
1258 system that is installed before everything else
1259 on a new system. Only very few packages are allowed to form
1260 part of the base system, in order to keep the required disk
1261 usage very small.
1262 </p>
1264 <p>
1265 The base system consists of all those packages with priority
1268 </p>
1269 </sect>
1271 <sect>
1274 <p>
1275 Essential is defined as the minimal set of functionality that
1276 must be available and usable on the system at all times, even
1277 when packages are in the "Unpacked" state.
1282 </p>
1284 <p>
1285 Since these packages cannot be easily removed (one has to
1288 unless absolutely necessary. A shared library package
1290 prevent its premature removal, and we need to be able to
1291 remove it when it has been superseded.
1292 </p>
1294 <p>
1295 Since dpkg will not prevent upgrading of other packages
1298 their core functionality even when unconfigured. If the
1299 package cannot satisfy this requirement it must not be
1300 tagged as essential, and any packages depending on this
1301 package must instead have explicit dependency fields as
1302 appropriate.
1303 </p>
1305 <p>
1306 Maintainers should take great care in adding any programs,
1308 Packages may assume that functionality provided by
1310 declaring explicit dependencies, which means that removing
1311 functionality from the Essential set is very difficult and is
1312 almost never done. Any capability added to an
1314 support that capability as part of the Essential set in
1315 perpetuity.
1316 </p>
1318 <p>
1321 mailing list and a consensus about doing that has been
1322 reached.
1323 </p>
1324 </sect>
1329 <p>
1330 The package installation scripts should avoid producing
1331 output which is unnecessary for the user to see and
1333 the part of a user installing many packages. This means,
1336 </p>
1338 <p>
1339 Errors which occur during the execution of an installation
1340 script must be checked and the installation must not
1341 continue after an error.
1342 </p>
1344 <p>
1346 maintainer scripts, too.
1347 </p>
1349 <p>
1351 to another package without consulting the maintainer of that
1352 package first. When adding or removing diversions, package
1355 </p>
1357 <p>
1358 All packages which supply an instance of a common command
1359 name (or, in general, filename) should generally use
1362 is not used, then each package must use
1364 removed. (In this case, it may be appropriate to
1365 specify a conflict against earlier versions of something
1366 that previously did not use
1368 the usual rule that versioned conflicts should be
1369 avoided.)
1370 </p>
1374 <p>
1375 Package maintainer scripts may prompt the user if
1376 necessary. Prompting must be done by communicating
1378 conforms to the Debian Configuration Management
1379 Specification, version 2 or higher.
1380 </p>
1382 <p>
1383 Packages which are essential, or which are dependencies of
1384 essential packages, may fall back on another prompting method
1385 if no such interface is available when they are executed.
1386 </p>
1388 <p>
1389 The Debian Configuration Management Specification is included
1392 It is also available from the Debian web mirrors at
1395 </p>
1397 <p>
1398 Packages which use the Debian Configuration Management
1399 Specification may contain the additional control information
1402 additional maintainer script used for package configuration,
1406 unpacked or any of its dependencies or pre-dependencies are
1407 satisfied. Therefore it must work using only the tools
1410 implements the Debian Configuration Management
1411 Specification will also be installed, and any
1412 versioned dependencies on it will be satisfied
1413 before preconfiguration begins.
1414 </footnote>
1415 </p>
1417 <p>
1418 Packages which use the Debian Configuration Management
1419 Specification must allow for translation of their user-visible
1420 messages by using a gettext-based system such as the one
1422 </p>
1424 <p>
1425 Packages should try to minimize the amount of prompting
1426 they need to do, and they should ensure that the user
1427 will only ever be asked each question once. This means
1428 that packages should try to use appropriate shared
1432 prompting for their own list of required pieces of
1433 information.
1434 </p>
1436 <p>
1437 It also means that an upgrade should not ask the same
1438 questions again, unless the user has used
1440 The answers to configuration questions should be stored in an
1442 modify them, and how this has been done should be
1443 documented.
1444 </p>
1446 <p>
1447 If a package has a vitally important piece of
1448 information to pass to the user (such as "don't run me
1449 as I am, you must edit the following configuration files
1450 first or you risk your system emitting badly-formatted
1451 messages"), it should display this in the
1453 prompt the user to hit return to acknowledge the
1454 message. Copyright messages do not count as vitally
1455 important (they belong in
1457 neither do instructions on how to use a program (these
1458 should be in on-line documentation, where all the users
1459 can see them).
1460 </p>
1462 <p>
1463 Any necessary prompting should almost always be confined
1466 should be protected with a conditional so that
1467 unnecessary prompting doesn't happen if a package's
1471 </p>
1472 </sect1>
1474 </sect>
1476 </chapt>
1485 <p>
1486 Source packages should specify the most recent version number
1487 of this policy document with which your package complied
1488 when it was last updated.
1489 </p>
1491 <p>
1492 This information may be used to file bug reports
1493 automatically if your package becomes too much out of date.
1494 </p>
1496 <p>
1498 control field.
1501 </p>
1503 <p>
1504 You should regularly, and especially if your package has
1505 become out of date, check for the newest Policy Manual
1506 available and update your package, if necessary. When your
1507 package complies with the new standards you should update the
1509 release it.<footnote>
1511 information about policy which has changed between
1512 different versions of this document.
1513 </footnote>
1514 </p>
1516 </sect>
1521 <p>
1522 Source packages should specify which binary packages they
1523 require to be installed or not to be installed in order to
1524 build correctly. For example, if building a package
1525 requires a certain compiler, then the compiler should be
1526 specified as a build-time dependency.
1527 </p>
1529 <p>
1530 It is not necessary to explicitly specify build-time
1531 relationships on a minimal set of packages that are always
1532 needed to compile, link and put in a Debian package a
1533 standard "Hello World!" program written in C or C++. The
1535 an informational list can be found in
1538 package).<footnote>
1539 Rationale:
1541 <item>
1542 This allows maintaining the list separately
1543 from the policy documents (the list does not
1544 need the kind of control that the policy
1545 documents do).
1546 </item>
1547 <item>
1548 Having a separate package allows one to install
1549 the build-essential packages on a machine, as
1550 well as allowing other packages such as tasks to
1551 require installation of the build-essential
1552 packages using the depends relation.
1553 </item>
1554 <item>
1555 The separate package allows bug reports against
1556 the list to be categorized separately from
1557 the policy management process in the BTS.
1558 </item>
1559 </list>
1560 </footnote>
1561 </p>
1563 <p>
1564 When specifying the set of build-time dependencies, one
1565 should list only those packages explicitly required by the
1566 build. It is not necessary to list packages which are
1567 required merely because some other package in the list of
1568 build-time dependencies depends on them.<footnote>
1569 The reason for this is that dependencies change, and
1572 others need is their business. For example, if you
1578 will automatically ensure that all of its run-time
1579 dependencies are satisfied.
1580 </footnote>
1581 </p>
1583 <p>
1584 If build-time dependencies are specified, it must be
1585 possible to build the package and produce working binaries
1586 on a system with only essential and build-essential
1587 packages installed and also those required to satisfy the
1588 build-time relationships (including any implied
1589 relationships). In particular, this means that version
1590 clauses should be used rigorously in build-time
1591 relationships so that one cannot produce bad or
1592 inconsistently configured packages when the relationships
1593 are properly satisfied.
1594 </p>
1596 <p>
1598 </p>
1599 </sect>
1601 <sect>
1604 <p>
1605 If changes to the source code are made that are not
1606 specific to the needs of the Debian system, they should be
1607 sent to the upstream authors in whatever form they prefer
1608 so as to be included in the upstream version of the
1609 package.
1610 </p>
1612 <p>
1613 If you need to configure the package differently for
1614 Debian or for Linux, and the upstream source doesn't
1615 provide a way to do so, you should add such configuration
1618 authors, with the default set to the way they originally
1619 had it. You can then easily override the default in your
1621 </p>
1623 <p>
1625 detects the correct architecture specification string
1627 </p>
1628 <p>
1633 details how to achieve that). This ensures that these files can
1634 be updated distribution-wide at build time when introducing
1635 new architectures.
1636 </p>
1638 <p>
1643 reconfigure the package if necessary. You should
1646 else to later reconfigure the package without losing the
1647 changes you made.
1648 </p>
1650 </sect>
1655 <p>
1656 Changes in the Debian version of the package should be
1657 briefly explained in the Debian changelog file
1659 <p>
1660 Mistakes in changelogs are usually best rectified by
1661 making a new changelog entry rather than "rewriting
1662 history" by editing old changelog entries.
1663 </p>
1664 </footnote>
1665 This includes modifications
1666 made in the Debian package compared to the upstream one
1667 as well as other changes and updates to the package.
1668 <footnote>
1669 Although there is nothing stopping an author who is also
1670 the Debian maintainer from using this changelog for all
1671 their changes, it will have to be renamed if the Debian
1672 and upstream maintainers become different people. In such
1673 a case, however, it might be better to maintain the package
1674 as a non-native package.
1675 </footnote>
1676 </p>
1678 <p>
1680 package building tools to discover which version of the package
1681 is being built and find out other release-specific information.
1682 </p>
1684 <p>
1685 That format is a series of entries like this:
1689 <var>
1690 [optional blank line(s), stripped]
1691 </var>
1694 <var>
1695 [blank line(s), included in output of dpkg-parsechangelog]
1696 </var>
1698 <var>
1699 [optional blank line(s), stripped]
1700 </var>
1701 -- <var>maintainer name</var> <<var>email address</var>><var>[two spaces]</var> <var>date</var>
1702 </example>
1703 </p>
1705 <p>
1707 package name and version number.
1708 </p>
1710 <p>
1712 this version should be installed when it is uploaded - it
1715 </p>
1717 <p>
1721 an urgency containing commas; commas are used to separate
1726 </p>
1728 <p>
1729 The change details may in fact be any series of lines
1730 starting with at least two spaces, but conventionally each
1731 change starts with an asterisk and a separating space and
1732 continuation lines are indented so as to bring them in
1733 line with the start of the text above. Blank lines may be
1734 used here to separate groups of changes, if desired.
1735 </p>
1737 <p>
1738 If this upload resolves bugs recorded in the Bug Tracking
1739 System (BTS), they may be automatically closed on the
1740 inclusion of this package into the Debian archive by
1742 in the change details.<footnote>
1743 To be precise, the string should match the following
1744 Perl regular expression:
1745 <example>
1746 /closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i
1747 </example>
1748 Then all of the bug numbers listed will be closed by the
1751 </footnote>
1754 </p>
1756 <p>
1757 The maintainer name and email address used in the changelog
1758 should be the details of the person who prepared this release of
1760 uploader or usual package maintainer.<footnote>
1761 In the case of a sponsored upload, the uploader signs the
1762 files, but the changelog maintainer name and address are those
1763 of the person who prepared this release. If the preparer of
1764 the release is not one of the usual maintainers of the package
1765 (as listed in
1768 fields of the package), the first line of the changelog is
1769 conventionally used to explain why a non-maintainer is
1770 uploading the package. The Debian Developer's Reference
1772 used.</footnote>
1776 acknowledgement when the upload has been installed.
1777 </p>
1779 <p>
1781 This is the same as the format generated by <tt>date
1782 -R</tt>.
1783 </footnote> (compatible and with the same semantics of
1786 where:
1788 <item>
1789 day-of week is one of: Mon, Tue, Wed, Thu, Fri, Sat, Sun
1790 </item>
1791 <item>
1793 </item>
1794 <item>
1795 month is one of: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,
1796 Sep, Oct, Nov, Dec
1797 </item>
1802 <item>
1803 +zzzz or -zzzz is the time zone offset from Coordinated
1804 Universal Time (UTC). "+" indicates that the time is ahead
1805 of (i.e., east of) UTC and "-" indicates that the time is
1806 behind (i.e., west of) UTC. The first two digits indicate
1807 the hour difference from UTC and the last two digits
1808 indicate the number of additional minutes difference from
1810 </item>
1811 </list>
1812 </p>
1814 <p>
1815 The first "title" line with the package name must start
1816 at the left hand margin. The "trailer" line with the
1817 maintainer and date details must be preceded by exactly
1818 one space. The maintainer details and the date must be
1819 separated by exactly two spaces.
1820 </p>
1822 <p>
1823 The entire changelog must be encoded in UTF-8.
1824 </p>
1826 <p>
1827 For more information on placement of the changelog files
1829 </p>
1830 </sect>
1834 <p>
1835 Every package must be accompanied by a verbatim copy of its
1836 copyright information and distribution license in the file
1840 to copyrights for packages.
1841 </p>
1842 </sect>
1843 <sect>
1846 <p>
1848 (including your package's upstream makefiles and
1851 properties apply: if you include a miniature script as one
1852 of the commands in your makefile you'll find that if you
1853 don't do anything about it then errors are not detected
1855 problems.
1856 </p>
1858 <p>
1859 Every time you put more than one shell command (this
1860 includes using a loop) in a makefile command you
1861 must make sure that errors are trapped. For
1862 simple compound commands, such as changing directory and
1864 than semicolon as a command separator is sufficient. For
1865 more complex commands including most loops and
1867 command at the start of every makefile command that's
1868 actually one of these miniature shell scripts.
1869 </p>
1870 </sect>
1874 <p>
1875 Maintainers should preserve the modification times of the
1876 upstream source files in a package, as far as is reasonably
1877 possible.<footnote>
1878 The rationale is that there is some information conveyed
1879 by knowing the age of the file, for example, you could
1880 recognize that some documentation is very old by looking
1881 at the modification time, so it would be nice if the
1882 modification time of the upstream source would be
1883 preserved.
1884 </footnote>
1885 </p>
1886 </sect>
1891 <p>
1892 The source package may not contain any hard links<footnote>
1893 <p>
1894 This is not currently detected when building source
1895 packages, but only when extracting
1896 them.
1897 </p>
1898 <p>
1899 Hard links may be permitted at some point in the
1900 future, but would require a fair amount of
1901 work.
1902 </p>
1903 </footnote>, device special files, sockets or setuid or
1904 setgid files.<footnote>
1905 Setgid directories are allowed.
1906 </footnote>
1907 </p>
1908 </sect>
1913 <p>
1914 This file must be an executable makefile, and contains the
1915 package-specific recipes for compiling the package and
1916 building binary package(s) from the source.
1917 </p>
1919 <p>
1921 so that it can be invoked by saying its name rather than
1925 identical behavior.
1926 </p>
1928 <p>
1929 The following targets are required and must be implemented
1934 </p>
1936 <p>
1938 impossible to auto-compile that package and also makes it hard
1939 for other people to reproduce the same binary package, all
1940 required targets must be non-interactive. It also follows that
1941 any target that these targets depend on must also be
1942 non-interactive.
1943 </p>
1944 <p>
1945 For packages in the main archive, no required targets
1946 may attempt network access.
1947 </p>
1949 <p>
1950 The targets are as follows:
1951 <taglist>
1953 <item>
1954 <p>
1956 configuration and compilation of the package.
1957 If a package has an interactive pre-build
1958 configuration routine, the Debian source package
1959 must either be built after this has taken place (so
1960 that the binary package can be built without rerunning
1961 the configuration) or the configuration routine
1962 modified to become non-interactive. (The latter is
1963 preferable if there are architecture-specific features
1964 detected by the configuration routine.)
1965 </p>
1967 <p>
1968 For some packages, notably ones where the same
1969 source tree is compiled in different ways to produce
1971 does not make much sense. For these packages it is
1972 good enough to provide two (or more) targets
1974 for each of the ways of building the package, and a
1977 package in each of the possible ways and make the
1978 binary package out of each.
1979 </p>
1981 <p>
1983 that might require root privilege.
1984 </p>
1986 <p>
1989 </p>
1991 <p>
1992 When a package has a configuration and build routine
1993 which takes a long time, or when the makefiles are
1997 complete. This will ensure that if <tt>debian/rules
1998 build</tt> is run again it will not rebuild the whole
1999 program.<footnote>
2003 target to do the building and to <tt>touch
2004 build-stamp</tt> on completion. This is
2005 especially useful if the build routine creates a
2008 a phony target (i.e., as a dependency of the
2011 targets.
2012 </footnote>
2013 </p>
2014 </item>
2018 </tag>
2019 <item>
2020 <p>
2022 perform all the configuration and compilation required for
2023 producing all architecture-dependent binary packages
2024 (those packages for which the body of the
2027 target must perform all the configuration
2028 and compilation required for producing all
2029 architecture-independent binary packages (those packages
2033 should either depend on those targets or take the same
2034 actions as invoking those targets would perform.<footnote>
2035 This split allows binary-only builds to not install the
2037 target and skip any resource-intensive build tasks that
2038 are only required when building architecture-independent
2039 binary packages.
2040 </footnote>
2041 </p>
2043 <p>
2045 must not do anything that might require root privilege.
2046 </p>
2047 </item>
2051 </tag>
2052 <item>
2053 <p>
2055 necessary for the user to build the binary package(s)
2056 produced from this source package. It is
2058 the binary packages which are specific to a particular
2060 those which are not.
2061 </p>
2062 <p>
2064 no commands which simply depends on
2066 </p>
2067 <p>
2071 that the package is built if it has not been already. It
2072 should then create the relevant binary package(s),
2075 them in the parent of the top level directory.
2076 </p>
2078 <p>
2081 If one of them has nothing to do (which will always be
2082 the case if the source generates only a single binary
2083 package, whether architecture-dependent or not), it
2084 must still exist and must always succeed.
2085 </p>
2087 <p>
2089 root.<footnote>
2091 to build a package correctly even without being
2092 root.
2093 </footnote>
2094 </p>
2095 </item>
2098 <item>
2099 <p>
2102 that it should leave alone any output files created in
2104 target.
2105 </p>
2107 <p>
2110 should be removed as the first action that
2114 already done.
2115 </p>
2117 <p>
2123 example).
2124 </p>
2125 </item>
2128 <item>
2129 <p>
2130 This target fetches the most recent version of the
2131 original source package from a canonical archive site
2132 (via FTP or WWW, for example), does any necessary
2133 rearrangement to turn it into the original source
2134 tar file format described below, and leaves it in the
2135 current directory.
2136 </p>
2138 <p>
2139 This target may be invoked in any directory, and
2140 should take care to clean up any temporary files it
2141 may have left.
2142 </p>
2144 <p>
2145 This target is optional, but providing it if
2146 possible is a good idea.
2147 </p>
2148 </item>
2151 <item>
2152 <p>
2153 This target performs whatever additional actions are
2154 required to make the source ready for editing (unpacking
2155 additional upstream archives, applying patches, etc.).
2156 It is recommended to be implemented for any package where
2158 for additional modification. See
2160 </p>
2161 </item>
2162 </taglist>
2164 <p>
2167 directory being the package's top-level directory.
2168 </p>
2171 <p>
2173 either as published or undocumented interfaces or for the
2174 package's internal use.
2175 </p>
2177 <p>
2178 The architectures we build on and build for are determined
2181 You can determine the Debian architecture and the GNU style
2182 architecture specification string for the build architecture as
2183 well as for the host architecture. The build architecture is
2185 the package build is performed. The host architecture is the
2186 architecture on which the resulting package will be installed
2187 and run. These are normally the same, but may be different in
2188 the case of cross-compilation (building packages for one
2189 architecture on machines of a different architecture).
2190 </p>
2192 <p>
2195 <item>
2197 </item>
2198 <item>
2200 </item>
2201 <item>
2203 </item>
2204 <item>
2206 specification string)
2207 </item>
2208 <item>
2211 </item>
2212 <item>
2215 </list>
2218 host architecture.
2219 </p>
2221 <p>
2222 Backward compatibility can be provided in the rules file
2223 by setting the needed variables to suitable default
2224 values; please refer to the documentation of
2226 </p>
2228 <p>
2230 string only determines which Debian architecture we are
2231 building on or for. It should not be used to get the CPU
2234 GNU style variables should generally only be used with upstream
2235 build systems.
2236 </p>
2242 <p>
2243 Supporting the standardized environment variable
2245 contain several flags to change how a package is compiled and
2248 given, they must be separated by whitespace.<footnote>
2249 Some packages support any delimiter, but whitespace is the
2250 easiest to parse inside a makefile and avoids ambiguity with
2251 flag values that contain commas.
2252 </footnote>
2258 tag should not be given multiple times with conflicting
2259 values. Package maintainers may assume that
2261 </p>
2263 <p>
2264 The meaning of the following tags has been standardized:
2265 <taglist>
2267 <item>
2268 This tag says to not run any build-time test suite
2269 provided by the package.
2270 </item>
2272 <item>
2273 This tag says to skip any build steps that only generate
2274 package documentation. Files required by other sections
2275 of Debian Policy, such as copyright and changelog files,
2276 must still be generated and put in the package, but other
2277 generated documentation such as help2man-generated pages,
2278 Doxygen-generated API documentation, or info pages
2279 generated from Texinfo sources should be skipped if
2280 possible. This option does not change the set of binary
2281 packages generated by the source package, but
2282 documentation-only binary packages may be nearly empty
2283 when built with this option.
2284 </item>
2286 <item>
2287 The presence of this tag means that the package should
2288 be compiled with a minimum of optimization. For C
2291 Some programs might fail to build or run at this level
2292 of optimization; it may be necessary to use
2294 </item>
2296 <item>
2297 This tag means that the debugging symbols should not be
2298 stripped from the binary during installation, so that
2299 debugging information may be included in the package.
2300 </item>
2302 <item>
2303 This tag means that the package should be built using up
2305 system supports this.<footnote>
2309 </footnote>
2310 If the package build system does not support parallel
2311 builds, this string must be ignored. If the package
2312 build system only supports a lower level of concurrency
2314 many parallel processes as the package build system
2315 supports. It is up to the package maintainer to decide
2316 whether the package build times are long enough and the
2317 package build system is robust enough to make supporting
2318 parallel builds worthwhile.
2319 </item>
2320 </taglist>
2321 </p>
2323 <p>
2325 </p>
2327 <p>
2328 The following makefile snippet is an example of how one may
2329 implement the build options; you will probably have to
2330 massage this example in order to make it work for your
2331 package.
2333 CFLAGS = -Wall -g
2334 INSTALL = install
2335 INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
2336 INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
2337 INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755
2338 INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
2340 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
2341 CFLAGS += -O0
2342 else
2343 CFLAGS += -O2
2344 endif
2345 ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
2346 INSTALL_PROGRAM += -s
2347 endif
2348 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2349 NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2350 MAKEFLAGS += -j$(NUMJOBS)
2351 endif
2353 build:
2354 # ...
2355 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
2356 # Code to run the package test suite.
2357 endif
2358 </example>
2359 </p>
2360 </sect1>
2361 </sect>
2363 <!-- FIXME: section pkg-srcsubstvars is the same as substvars -->
2367 <p>
2371 substitutions on its output just before writing it. Variable
2374 variable substitutions to be used; variables can also be set
2376 option to the source packaging commands, and certain predefined
2377 variables are also available.
2378 </p>
2380 <p>
2384 </p>
2386 <p>
2388 details about source variable substitutions, including the
2390 </sect>
2395 <p>
2396 This is an optional, recommended configuration file for the
2398 ftp or http sites for newly available updates of the
2399 package. This is used Debian QA
2400 tools to help with quality control and maintenance of the
2401 distribution as a whole.
2402 </p>
2404 </sect>
2409 <p>
2410 This file is not a permanent part of the source tree; it
2411 is used while building packages to record which files are
2414 </p>
2416 <p>
2417 It should not exist in a shipped source package, and so it
2418 (and any backup files or temporary files such as
2424 to avoid leaving a corrupted copy if an error
2425 occurs.
2426 </footnote>) should be removed by the
2428 ensure a fresh start by emptying or removing it at the
2430 </p>
2432 <p>
2436 --build</tt> is run for that binary package. So for most
2437 packages all that needs to be done with this file is to
2439 </p>
2441 <p>
2442 If a package upload includes files besides the source
2443 package and any binary packages whose control files were
2445 placed in the parent of the package's top-level directory
2448 </sect>
2453 <p>
2454 Some software packages include in their distribution convenience
2455 copies of code from other software packages, generally so that
2456 users compiling from source don't have to download multiple
2457 packages. Debian packages should not make use of these
2458 convenience copies unless the included package is explicitly
2459 intended to be used in this way.<footnote>
2460 For example, parts of the GNU build system work like this.
2461 </footnote>
2462 If the included code is already in the Debian archive in the
2463 form of a library, the Debian packaging should ensure that
2464 binary packages reference the libraries already in Debian and
2465 the convenience copy is not used. If the included code is not
2466 already in Debian, it should be packaged separately as a
2467 prerequisite if possible.
2468 <footnote>
2469 Having multiple copies of the same code in Debian is
2470 inefficient, often creates either static linking or shared
2471 library conflicts, and, most importantly, increases the
2472 difficulty of handling security vulnerabilities in the
2473 duplicated code.
2474 </footnote>
2475 </p>
2476 </sect>
2479 <heading>Source package handling:
2482 <p>
2484 doesn't produce the source of the package, ready for editing,
2485 and allow one to make changes and run
2487 without taking any additional steps, creating a
2489 recommended. This file should explain how to do all of the
2490 following:
2491 <enumlist>
2492 <item>Generate the fully patched source, in a form ready for
2493 editing, that would be built to create Debian
2497 <item>Modify the source and save those modifications so that
2498 they will be applied when building the package.</item>
2499 <item>Remove source modifications that are currently being
2500 applied when building the package.</item>
2501 <item>Optionally, document what steps are necessary to
2502 upgrade the Debian source package to a new upstream version,
2503 if applicable.</item>
2504 </enumlist>
2505 This explanation should include specific commands and mention
2506 any additional required Debian packages. It should not assume
2507 familiarity with any specific Debian packaging system or patch
2508 management tools.
2509 </p>
2511 <p>
2512 This explanation may refer to a documentation file installed by
2513 one of the package's build dependencies provided that the
2514 referenced documentation clearly explains these tasks and is not
2515 a general reference manual.
2516 </p>
2518 <p>
2520 information that would be helpful to someone modifying the
2521 source package. Even if the package doesn't fit the above
2522 description, maintainers are encouraged to document in a
2524 particularly complex or unintuitive source layout or build
2525 system (for example, a package that builds the same source
2526 multiple times to generate different binary packages).
2527 </p>
2528 </sect>
2529 </chapt>
2535 <p>
2536 The package management system manipulates data represented in
2539 Control files are used for source packages, binary packages and
2541 of uploaded files<footnote>
2543 format.
2544 </footnote>.
2545 </p>
2550 <p>
2551 A control file consists of one or more paragraphs of
2552 fields<footnote>
2553 The paragraphs are also sometimes referred to as stanzas.
2554 </footnote>.
2555 The paragraphs are separated by empty lines. Parsers may accept
2556 lines consisting solely of spaces and tabs as paragraph
2557 separators, but control files should use empty lines. Some control
2558 files allow only one paragraph; others allow several, in
2559 which case each paragraph usually refers to a different
2560 package. (For example, in source packages, the first
2561 paragraph refers to the source package, and later paragraphs
2562 refer to binary packages generated from the source.) The
2563 ordering of the paragraphs in control files is significant.
2564 </p>
2566 <p>
2567 Each paragraph consists of a series of data fields. Each field
2568 consists of the field name followed by a colon and then the
2569 data/value associated with that field. The field name is
2570 composed of US-ASCII characters excluding control characters,
2571 space, and colon (i.e., characters in the ranges U+0021
2574 names must not begin with the comment character
2577 </p>
2579 <p>
2580 The field ends at the end of the line or at the end of the last
2581 continuation line (see below). Horizontal whitespace (spaces
2582 and tabs) may occur immediately before or after the value and is
2583 ignored there; it is conventional to put a single space after
2584 the colon. For example, a field might be:
2586 Package: libc6
2587 </example>
2590 </p>
2591 <p> Empty field values are only permitted in source package control files
2593 </p>
2594 <p>
2595 A paragraph must not contain more than one instance of a
2596 particular field name.
2597 </p>
2599 <p>
2600 There are three types of fields:
2601 <taglist>
2603 <item>
2604 The field, including its value, must be a single line. Folding
2605 of the field is not permitted. This is the default field type
2606 if the definition of the field does not specify a different
2607 type.
2608 </item>
2610 <item>
2611 The value of a folded field is a logical line that may span
2612 several lines. The lines after the first are called
2613 continuation lines and must start with a space or a tab.
2614 Whitespace, including any newlines, is not significant in the
2615 field values of folded fields.<footnote>
2616 This folding method is similar to RFC 5322, allowing control
2617 files that contain only one paragraph and no multiline fields
2618 to be read by parsers written for RFC 5322.
2619 </footnote>
2620 </item>
2622 <item>
2623 The value of a multiline field may comprise multiple continuation
2624 lines. The first line of the value, the part on the same line as
2625 the field name, often has special significance or may have to be
2626 empty. Other lines are added following the same syntax as the
2627 continuation lines of the folded fields. Whitespace, including newlines,
2628 is significant in the values of multiline fields.
2629 </item>
2630 </taglist>
2631 </p>
2633 <p>
2634 Whitespace must not appear
2635 inside names (of packages, architectures, files or anything
2636 else) or version numbers, or between the characters of
2637 multi-character version relationships.
2638 </p>
2640 <p>
2641 The presence and purpose of a field, and the syntax of its
2642 value may differ between types of control files.
2643 </p>
2645 <p>
2646 Field names are not case-sensitive, but it is usual to
2647 capitalize the field names using mixed case as shown below.
2648 Field values are case-sensitive unless the description of the
2649 field says otherwise.
2650 </p>
2652 <p>
2653 Paragraph separators (empty lines), and lines consisting only of
2655 or between fields. Empty lines in field values are usually
2656 escaped by representing them by a U+0020 SPACE followed by a
2658 </p>
2660 <p>
2662 whitespace, are comment lines that are only permitted in source
2664 comment lines are ignored, even between two continuation
2665 lines. They do not end logical lines.
2666 </p>
2668 <p>
2669 All control files must be encoded in UTF-8.
2670 </p>
2671 </sect>
2676 <p>
2678 (and version-independent) information about the source package
2679 and about the binary packages it creates.
2680 </p>
2682 <p>
2683 The first paragraph of the control file contains information
2684 about the source package in general. The subsequent paragraphs
2685 each describe a binary package that the source tree builds.
2686 Each binary package built from this source package has a
2687 corresponding paragraph, except for any automatically-generated
2688 debug packages that do not require one.
2689 </p>
2691 <p>
2692 The fields in the general paragraph (the first one, for the source
2693 package) are:
2705 </list>
2706 </p>
2708 <p>
2709 The fields in the binary package paragraphs are:
2722 </list>
2723 </p>
2725 <p>
2726 The syntax and semantics of the fields are described below.
2727 </p>
2729 <p>
2731 generate control files for binary packages (see below), by
2737 but not in any other control
2738 file. These tools are responsible for removing the line
2739 breaks from such fields when using fields from
2741 They are also responsible for discarding empty fields.
2742 </p>
2744 <p>
2745 The fields here may contain variable references - their
2748 when they generate output control files.
2750 </p>
2751 </sect>
2756 <p>
2758 (and version-dependent) information about a binary package. It
2759 consists of a single paragraph.
2760 </p>
2762 <p>
2763 The fields in this file are:
2779 </list>
2780 </p>
2781 </sect>
2786 <p>
2787 This file consists of a single paragraph, possibly surrounded by
2788 a PGP signature. The fields of that paragraph are listed below.
2808 </list>
2809 </p>
2811 <p>
2812 The Debian source control file is generated by
2814 archive, from other files in the source package,
2815 described above. When unpacking, it is checked against
2816 the files and directories in the other parts of the
2817 source package.
2818 </p>
2820 </sect>
2825 <p>
2827 maintenance software to process updates to packages. They
2828 consist of a single paragraph, possibly surrounded by a PGP
2829 signature. That paragraph contains information from the
2833 </p>
2835 <p>
2837 incremented whenever the documented fields or their meaning
2838 change. This document describes format &changesversion;.
2839 </p>
2841 <p>
2842 The fields in this file are:
2861 </list>
2862 </p>
2863 </sect>
2871 <p>
2872 This field identifies the source package name.
2873 </p>
2875 <p>
2877 this field must contain only the name of the source package.
2878 </p>
2880 <p>
2882 file, the source package name may be followed by a version
2883 number in parentheses<footnote>
2884 It is customary to leave a space after the package name
2885 if a version number is specified.
2886 </footnote>.
2887 This version number may be omitted (and is, by
2890 question. The field itself may be omitted from a binary
2891 package control file when the source package has the same
2892 name and version as the binary package.
2893 </p>
2895 <p>
2896 Package names (both source and binary,
2901 must start with an alphanumeric character.
2902 </p>
2903 </sect1>
2908 <p>
2909 The package maintainer's name and email address. The name
2910 must come first, then the email address inside angle
2912 </p>
2914 <p>
2915 If the maintainer's name contains a full stop then the
2916 whole field will not work directly as an email address due
2917 to a misfeature in the syntax specified in RFC822; a
2918 program using this field as an address must check for this
2919 and correct the problem if necessary (for example by
2920 putting the name in round brackets and moving it to the
2921 end, and bringing the email address forward).
2922 </p>
2924 <p>
2926 information about package maintainers.
2927 </p>
2928 </sect1>
2933 <p>
2934 List of the names and email addresses of co-maintainers of the
2935 package, if any. If the package has other maintainers besides
2937 field</qref>, their names and email addresses should be listed
2938 here. The format of each entry is the same as that of the
2939 Maintainer field, and multiple entries must be comma
2940 separated.
2941 </p>
2943 <p>
2944 This is normally an optional field, but if
2947 be present and must contain at least one human with their
2948 personal email address.
2949 </p>
2951 <p>
2953 </p>
2954 </sect1>
2959 <p>
2960 The name and email address of the person who prepared this
2961 version of the package, usually a maintainer. The syntax is
2963 field</qref>.
2964 </p>
2965 </sect1>
2970 <p>
2971 This field specifies an application area into which the package
2973 </p>
2975 <p>
2977 it gives the value for the subfield of the same name in
2979 It also gives the default for the same field in the binary
2980 packages.
2981 </p>
2982 </sect1>
2987 <p>
2988 This field represents how important it is that the user
2990 </p>
2992 <p>
2994 it gives the value for the subfield of the same name in
2996 It also gives the default for the same field in the binary
2997 packages.
2998 </p>
2999 </sect1>
3004 <p>
3005 The name of the binary package.
3006 </p>
3008 <p>
3009 Binary package names must follow the same syntax and
3011 for the details.
3012 </p>
3013 </sect1>
3018 <p>
3019 Depending on context and the control file used, the
3021 values:
3022 <list>
3023 <item>
3024 A unique single word identifying a Debian machine
3026 </item>
3027 <item>
3028 An architecture wildcard identifying a set of Debian
3031 and is the most frequently used.
3032 </item>
3033 <item>
3035 architecture-independent package.
3036 </item>
3037 <item>
3039 </item>
3040 </list>
3041 </p>
3043 <p>
3045 package, this field may contain the special
3050 contents of the field. Most packages will use
3052 </p>
3054 <p>
3055 Specifying a specific list of architectures indicates that the
3056 source will build an architecture-dependent package only on
3057 architectures included in the list. Specifying a list of
3058 architecture wildcards indicates that the source will build an
3059 architecture-dependent package on only those architectures
3060 that match any of the specified architecture wildcards.
3061 Specifying a list of architectures or architecture wildcards
3063 program is not portable or is not useful on some
3064 architectures. Where possible, the program should be made
3065 portable instead.
3066 </p>
3068 <p>
3070 field contains a list of architectures and architecture
3071 wildcards separated by spaces. When the list contains the
3074 </p>
3076 <p>
3077 The list may include (or consist solely of) the special
3080 occur in combination with specific architectures.
3085 </p>
3087 <p>
3089 isn't dependent on any particular architecture and should
3090 compile fine on any one. The produced binary package(s)
3091 will be specific to whatever the current build architecture is.
3092 </p>
3094 <p>
3096 will only build architecture-independent packages.
3097 </p>
3099 <p>
3101 isn't dependent on any particular architecture. The set of
3102 produced binary packages will include at least one
3103 architecture-dependent package and one architecture-independent
3104 package.
3105 </p>
3107 <p>
3108 Specifying a list of architectures or architecture wildcards
3109 indicates that the source will build an architecture-dependent
3110 package, and will only work correctly on the listed or
3111 matching architectures. If the source package also builds at
3113 also be included in the list.
3114 </p>
3116 <p>
3118 field lists the architecture(s) of the package(s) currently
3119 being uploaded. This will be a list; if the source for the
3120 package is also being uploaded, the special
3122 present if any architecture-independent packages are being
3126 </p>
3128 <p>
3130 the architecture for the build process.
3131 </p>
3132 </sect1>
3137 <p>
3138 This is a boolean field which may occur only in the
3139 control file of a binary package or in a per-package fields
3140 paragraph of a source package control file.
3141 </p>
3143 <p>
3145 will refuse to remove the package (upgrading and replacing
3147 which is the same as not having the field at all.
3148 </p>
3149 </sect1>
3151 <sect1>
3152 <heading>Package interrelationship fields:
3157 </heading>
3159 <p>
3160 These fields describe the package's relationships with
3161 other packages. Their syntax and semantics are described
3163 </sect1>
3168 <p>
3169 The most recent version of the standards (the policy
3170 manual and associated texts) with which the package
3171 complies.
3172 </p>
3174 <p>
3175 The version number has four components: major and minor
3176 version number and major and minor patch level. When the
3177 standards change in a way that requires every package to
3178 change the major number will be changed. Significant
3179 changes that will require work in many packages will be
3180 signaled by a change to the minor number. The major patch
3181 level will be changed for any change to the meaning of the
3182 standards, however small; the minor patch level will be
3183 changed when only cosmetic, typographical or other edits
3184 are made which neither change the meaning of the document
3185 nor affect the contents of packages.
3186 </p>
3188 <p>
3189 Thus only the first three components of the policy version
3191 field, and so either these three components or all four
3192 components may be specified.<footnote>
3193 In the past, people specified the full version number
3194 in the Standards-Version field, for example "2.3.0.0".
3195 Since minor patch-level changes don't introduce new
3196 policy, it was thought it would be better to relax
3197 policy and only require the first 3 components to be
3198 specified, in this example "2.3.0". All four
3199 components may still be used if someone wishes to do so.
3200 </footnote>
3201 </p>
3203 </sect1>
3208 <p>
3209 The version number of a package. The format is:
3211 </p>
3213 <p>
3214 The three components here are:
3215 <taglist>
3217 <item>
3218 <p>
3219 This is a single (generally small) unsigned integer. It
3220 may be omitted, in which case zero is assumed. If it is
3222 contain any colons.
3223 </p>
3225 <p>
3226 It is provided to allow mistakes in the version numbers
3227 of older versions of a package, and also a package's
3228 previous version numbering schemes, to be left behind.
3229 </p>
3230 </item>
3233 <item>
3234 <p>
3235 This is the main part of the version number. It is
3236 usually the version number of the original ("upstream")
3238 if this is applicable. Usually this will be in the same
3239 format as that specified by the upstream author(s);
3240 however, it may need to be reformatted to fit into the
3241 package management system's format and comparison
3242 scheme.
3243 </p>
3245 <p>
3246 The comparison behavior of the package management system
3249 portion of the version number is mandatory.
3250 </p>
3252 <p>
3254 alphanumerics<footnote>
3256 </footnote>
3259 tilde) and should start with a digit. If there is no
3261 </p>
3262 </item>
3265 <item>
3266 <p>
3267 This part of the version number specifies the version of
3268 the Debian package based on the upstream version. It
3269 may contain only alphanumerics and the characters
3271 tilde) and is compared in the same way as the
3273 </p>
3275 <p>
3276 It is optional; if it isn't present then the
3278 This format represents the case where a piece of
3279 software was written specifically to be a Debian
3280 package, where the Debian package source must always
3281 be identical to the pristine source and therefore no
3282 revision indication is required.
3283 </p>
3285 <p>
3286 It is conventional to restart the
3289 </p>
3291 <p>
3292 The package management system will break the version
3293 number apart at the last hyphen in the string (if there
3298 </p>
3299 </item>
3300 </taglist>
3301 </p>
3303 <p>
3310 parts are compared by the package management system using the
3311 following algorithm:
3312 </p>
3314 <p>
3315 The strings are compared from left to right.
3316 </p>
3318 <p>
3319 First the initial part of each string consisting entirely of
3320 non-digit characters is determined. These two parts (one of
3321 which may be empty) are compared lexically. If a difference
3322 is found it is returned. The lexical comparison is a
3323 comparison of ASCII values modified so that all the letters
3324 sort earlier than all the non-letters and so that a tilde
3325 sorts before anything, even the end of a part. For example,
3326 the following parts are in sorted order from earliest to
3332 </footnote>
3333 </p>
3335 <p>
3336 Then the initial part of the remainder of each string which
3337 consists entirely of digit characters is determined. The
3338 numerical values of these two parts are compared, and any
3339 difference found is returned as the result of the comparison.
3340 For these purposes an empty string (which can only occur at
3341 the end of one or both version strings being compared) counts
3342 as zero.
3343 </p>
3345 <p>
3346 These two steps (comparing and removing initial non-digit
3347 strings and initial digit strings) are repeated until a
3348 difference is found or both strings are exhausted.
3349 </p>
3351 <p>
3352 Note that the purpose of epochs is to allow us to leave behind
3353 mistakes in version numbering, and to cope with situations
3354 where the version numbering scheme changes. It is
3356 strings of letters which the package management system cannot
3358 silly orderings.<footnote>
3359 The author of this manual has heard of a package whose
3362 forth.
3363 </footnote>
3364 </p>
3365 </sect1>
3370 <p>
3372 field contains a description of the binary package, consisting
3373 of two parts, the synopsis or the short description, and the
3374 long description. It is a multiline field with the following
3375 format:
3376 </p>
3378 <p>
3379 <example>
3382 </example>
3383 </p>
3385 <p>
3386 The lines in the extended description can have these formats:
3387 </p>
3389 <p><list>
3391 <item>
3392 Those starting with a single space are part of a paragraph.
3393 Successive lines of this form will be word-wrapped when
3394 displayed. The leading space will usually be stripped off.
3395 The line must contain at least one non-whitespace character.
3396 </item>
3398 <item>
3399 Those starting with two or more spaces. These will be
3400 displayed verbatim. If the display cannot be panned
3401 horizontally, the displaying program will line wrap them "hard"
3402 (i.e., without taking account of word breaks). If it can they
3403 will be allowed to trail off to the right. None, one or two
3404 initial spaces may be deleted, but the number of spaces
3405 deleted from each line will be the same (so that you can have
3406 indenting work correctly, for example). The line must
3407 contain at least one non-whitespace character.
3408 </item>
3410 <item>
3411 Those containing a single space followed by a single full stop
3412 character. These are rendered as blank lines. This is the
3414 Completely empty lines will not be rendered as blank lines.
3415 Instead, they will cause the parser to think you're starting
3416 a whole new record in the control file, and will therefore
3417 likely abort with an error.
3418 </footnote>.
3419 </item>
3421 <item>
3422 Those containing a space, a full stop and some more characters.
3423 These are for future expansion. Do not use them.
3424 </item>
3426 </list></p>
3428 <p>
3429 Do not use tab characters. Their effect is not predictable.
3430 </p>
3432 <p>
3434 </p>
3436 <p>
3438 field contains a summary of the descriptions for the packages
3439 being uploaded. For this case, the first line of the field
3441 always empty. It is a multiline field, with one
3442 line per package. Each line is
3443 indented by one space and contains the name of a binary
3445 short description line from that package.
3446 </p>
3447 </sect1>
3452 <p>
3454 this contains the (space-separated) name(s) of the
3455 distribution(s) where this version of the package should
3456 be installed. Valid distributions are determined by the
3457 archive maintainers.<footnote>
3458 Example distribution names in the Debian archive used in
3462 <item>
3463 This distribution value refers to the
3465 tree. Most new packages, new upstream versions of
3467 directory tree.
3468 </item>
3471 <item>
3472 The packages with this distribution value are deemed
3473 by their maintainers to be high risk. Oftentimes they
3474 represent early beta or developmental packages from
3475 various sources that the maintainers want people to
3476 try, but are not ready to be a part of the other parts
3477 of the Debian distribution tree.
3478 </item>
3479 </taglist>
3481 <p>
3482 Others are used for updating stable releases or for
3483 security uploads. More information is available in the
3484 Debian Developer's Reference, section "The Debian
3485 archive".
3486 </p>
3487 </footnote>
3488 The Debian archive software only supports listing a single
3489 distribution. Migration of packages to other distributions is
3490 handled outside of the upload process.
3491 </p>
3492 </sect1>
3497 <p>
3498 This field includes the date the package was built or last
3501 </p>
3503 <p>
3504 The value of this field is usually extracted from the
3507 </p>
3508 </sect1>
3513 <p>
3515 files, this field declares the format version of that file.
3516 The syntax of the field value is the same as that of
3518 that no epoch or Debian revision is allowed. The format
3520 </p>
3522 <p>
3524 Debian source control</qref> files, this field declares the
3525 format of the source package. The field value is used by
3526 programs acting on a source package to interpret the list of
3527 files in the source package and determine how to unpack it.
3528 The syntax of the field value is a numeric major revision, a
3529 period, a numeric minor revision, and then an optional subtype
3530 after whitespace, which if specified is an alphanumeric word
3531 in parentheses. The subtype is optional in the syntax but may
3532 be mandatory for particular source format revisions.
3533 <footnote>
3534 The source formats currently supported by the Debian archive
3537 </footnote>
3538 </p>
3539 </sect1>
3544 <p>
3545 This is a description of how important it is to upgrade to
3546 this version from previous ones. It consists of a single
3550 Other urgency values are supported with configuration
3551 changes in the archive software but are not used in Debian.
3552 The urgency affects how quickly a package will be considered
3554 gives an indication of the importance of any fixes included
3556 treated as synonymous.
3557 </footnote> (not case-sensitive) followed by an optional
3558 commentary (separated by a space) which is usually in
3559 parentheses. For example:
3561 <example>
3562 Urgency: low (HIGH for users of diversions)
3563 </example>
3565 </p>
3567 <p>
3568 The value of this field is usually extracted from the
3571 </p>
3572 </sect1>
3577 <p>
3578 This multiline field contains the human-readable changes data, describing
3579 the differences between the last version and the current one.
3580 </p>
3582 <p>
3583 The first line of the field value (the part on the same line
3585 field is expressed as continuation lines, with each line
3586 indented by at least one space. Blank lines must be
3587 represented by a line consisting only of a space and a full
3589 </p>
3591 <p>
3592 The value of this field is usually extracted from the
3595 </p>
3597 <p>
3598 Each version's change information should be preceded by a
3599 "title" line giving at least the version, distribution(s)
3600 and urgency, in a human-readable way.
3601 </p>
3603 <p>
3604 If data from several versions is being returned the entry
3605 for the most recent version should be returned first, and
3606 entries should be separated by the representation of a
3607 blank line (the "title" line may also be followed by the
3608 representation of a blank line).
3609 </p>
3610 </sect1>
3615 <p>
3616 This folded field is a list of binary packages. Its syntax and
3617 meaning varies depending on the control file in which it
3618 appears.
3619 </p>
3621 <p>
3623 packages which a source package can produce, separated by
3624 commas<footnote>
3625 A space after each comma is conventional.
3626 </footnote>. The source package
3627 does not necessarily produce all of these binary packages for
3628 every architecture. The source control file doesn't contain
3629 details of which architectures are appropriate for which of
3630 the binary packages.
3631 </p>
3633 <p>
3635 names of the binary packages being uploaded, separated by
3636 whitespace (not commas).
3637 </p>
3638 </sect1>
3643 <p>
3644 This field appears in the control files of binary packages,
3646 of the total amount of disk space required to install the
3647 named package. Actual installed size may vary based on block
3648 size, file system properties, or actions taken by package
3649 maintainer scripts.
3650 </p>
3652 <p>
3653 The disk space is given as the integer value of the estimated
3654 installed size in bytes, divided by 1024 and rounded up.
3655 </p>
3656 </sect1>
3661 <p>
3662 This field contains a list of files with information about
3663 each one. The exact information and syntax varies with
3664 the context.
3665 </p>
3667 <p>
3668 In all cases, Files is a multiline field. The first line of
3670 is always empty. The content of the field is expressed as
3671 continuation lines, one line per file. Each line must be
3672 indented by one space and contain a number of sub-fields,
3673 separated by spaces, as described below.
3674 </p>
3676 <p>
3678 checksum, size and filename of the tar file and (if
3679 applicable) diff file which make up the remainder of the
3680 source package<footnote>
3682 </footnote>. For example:
3683 <example>
3684 Files:
3685 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
3687 </example>
3688 The exact forms of the filenames are described
3690 </p>
3692 <p>
3694 file being uploaded. Each line contains the MD5 checksum,
3695 size, section and priority and the filename. For example:
3696 <example>
3697 Files:
3699 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
3702 </example>
3705 the corresponding fields in the main source control file. If
3707 used, though section and priority values must be specified for
3708 new packages to be installed properly.
3709 </p>
3711 <p>
3714 is not an ordinary package file and must be installed by
3715 hand by the distribution maintainers. If the section is
3717 </p>
3719 <p>
3720 If a new Debian revision of a package is being shipped and
3721 no new original source archive is being distributed the
3723 entry for the original source archive
3726 this case the original source archive on the distribution
3727 site must match exactly, byte-for-byte, the original
3728 source archive which was used to generate the
3730 </sect1>
3735 <p>
3736 A space-separated list of bug report numbers that the upload
3737 governed by the .changes file closes.
3738 </p>
3739 </sect1>
3744 <p>
3745 The URL of the web site for this package, preferably (when
3746 applicable) the site from which the original source can be
3747 obtained and any additional upstream documentation or
3748 information may be found. The content of this field is a
3749 simple URL without any surrounding characters such as
3751 </p>
3752 </sect1>
3758 <p>
3759 These multiline fields contain a list of files with a checksum and size
3762 only in the checksum algorithm used: SHA-1
3765 </p>
3767 <p>
3769 multiline fields. The first line of the field value (the part
3772 of the field is expressed as continuation lines, one line per
3773 file. Each line consists of the checksum, a space, the file
3774 size, a space, and the file name. For example (from
3776 <example>
3777 Checksums-Sha1:
3779 a0ed1456fad61116f868b1855530dbe948e20f06 171602 example_1.0.orig.tar.gz
3782 Checksums-Sha256:
3784 0d123be7f51e61c4bf15e5c492b484054be7e90f3081608a5517007bfb1fd128 171602 example_1.0.orig.tar.gz
3785 f54ae966a5f580571ae7d9ef5e1df0bd42d63e27cb505b27957351a495bc6288 6137 example_1.0-1.debian.tar.gz
3787 </example>
3788 </p>
3790 <p>
3792 files that make up the source package. In
3794 files being uploaded. The list of files in these fields
3796 </p>
3797 </sect1>
3799 <sect1>
3802 <p>
3804 </p>
3805 </sect1>
3810 <p>
3811 Debian source packages are increasingly developed using VCSs. The
3812 purpose of the following fields is to indicate a publicly accessible
3813 repository where the Debian source package is developed.
3815 <taglist>
3817 <item>
3818 <p>
3819 URL of a web interface for browsing the repository.
3820 </p>
3821 </item>
3823 <tag>
3827 (Subversion)
3828 </tag>
3829 <item>
3830 <p>
3831 The field name identifies the VCS. The field's value uses the
3832 version control system's conventional syntax for describing
3833 repository locations and should be sufficient to locate the
3834 repository used for packaging. Ideally, it also locates the
3835 branch used for development of new versions of the Debian
3836 package.
3837 </p>
3838 <p>
3839 In the case of Git, the value consists of a URL, optionally
3841 the indicated repository, following the syntax of the
3843 packaging should be on the default branch.
3844 </p>
3845 <p>
3846 More than one different VCS may be specified for the same
3847 package.
3848 </p>
3849 </item>
3850 </taglist>
3851 </p>
3852 </sect1>
3857 <p>
3858 Multiline field listing all the packages that can be built from
3859 the source package, considering every architecture. The first line
3860 of the field value is empty. Each one of the next lines describes
3861 one binary package, by listing its name, type, section and priority
3862 separated by spaces. Fifth and subsequent space-separated items
3863 may be present and parsers must allow them. See the
3865 package types.
3866 </p>
3867 </sect1>
3872 <p>
3873 Simple field containing a word indicating the type of package:
3875 packages. Other types not defined here may be indicated. In
3878 this value is assumed for paragraphs lacking this field.
3879 </p>
3880 </sect1>
3885 <p>
3886 Folded field containing a single git commit hash, presented in
3887 full, followed optionally by whitespace and other data to be
3888 defined in future extensions.
3889 </p>
3891 <p>
3892 Declares that the source package corresponds exactly to a
3893 referenced commit in a Git repository available at the canonical
3895 bidirectional gateway between the Debian archive and Git. The
3896 commit is reachable from at least one reference whose name matches
3898 further details.
3899 </p>
3900 </sect1>
3901 </sect>
3903 <sect>
3906 <p>
3907 Additional user-defined fields may be added to the
3908 source package control file. Such fields will be
3909 ignored, and not copied to (for example) binary or
3910 Debian source control files or upload control files.
3911 </p>
3913 <p>
3914 If you wish to add additional unsupported fields to
3915 these output files you should use the mechanism
3916 described here.
3917 </p>
3919 <p>
3920 Fields in the main source control information file with
3923 be copied to the output files. Only the part of the
3924 field name after the hyphen will be used in the output
3926 will appear in binary package control files, where the
3930 </p>
3932 <p>
3933 For example, if the main source information control file
3934 contains the field
3935 <example>
3936 XBS-Comment: I stand between the candle and the star.
3937 </example>
3938 then the binary and Debian source control files will contain the
3939 field
3940 <example>
3941 Comment: I stand between the candle and the star.
3942 </example>
3943 </p>
3945 </sect>
3950 <p>
3951 The following fields have been obsoleted and may be found in packages
3952 conforming with previous versions of the Policy.
3953 </p>
3958 <p>
3959 Indicates that Debian Maintainers may upload this package to
3961 field was used to regulate uploads by Debian Maintainers, See the
3964 </p>
3965 </sect1>
3967 </sect>
3969 </chapt>
3975 <sect>
3978 <p>
3979 It is possible to supply scripts as part of a package which
3980 the package management system will run for you when your
3981 package is installed, upgraded or removed.
3982 </p>
3984 <p>
3985 These scripts are the control information
3988 if they are scripts (which is recommended), they must start with
3990 executable by anyone, and must not be world-writable.
3991 </p>
3993 <p>
3994 The package management system looks at the exit status from
3995 these scripts. It is important that they exit with a
3996 non-zero status if there is an error, so that the package
3997 management system can stop its processing. For shell
4000 scripts, in fact). It is also important, of course, that
4001 they exit with a zero status if everything went well.
4002 </p>
4004 <p>
4005 Additionally, packages interacting with users
4009 </p>
4011 <p>
4012 When a package is upgraded a combination of the scripts from
4013 the old and new packages is called during the upgrade
4014 procedure. If your scripts are going to be at all
4015 complicated you need to be aware of this, and may need to
4016 check the arguments to your scripts.
4017 </p>
4019 <p>
4021 (a particular version of) a package is unpacked, and the
4023 before (a version of) a package is removed and the
4025 </p>
4027 <p>
4028 Programs called from maintainer scripts should not normally
4029 have a path prepended to them. Before installation is
4030 started, the package management system checks to see if the
4034 other program that one would expect to be in the
4036 pathname. Maintainer scripts should also not reset the
4038 prepending or appending package-specific directories. These
4039 considerations really apply to all shell scripts.</p>
4040 </sect>
4045 <p>
4046 It is necessary for the error recovery procedures that the
4047 scripts be idempotent. This means that if it is run
4048 successfully, and then it is called again, it doesn't bomb
4049 out or cause any harm, but just ensures that everything is
4050 the way it ought to be. If the first call failed, or
4051 aborted half way through for some reason, the second call
4052 should merely do the things that were left undone the first
4053 time, if any, and exit with a success status if everything
4054 is OK.<footnote>
4055 This is so that if an error occurs, the user interrupts
4057 happens you don't leave the user with a badly-broken
4059 action.
4060 </footnote>
4061 </p>
4062 </sect>
4067 <p>
4068 Maintainer scripts are not guaranteed to run with a controlling
4069 terminal and may not be able to interact with the user. They
4070 must be able to fall back to noninteractive behavior if no
4071 controlling terminal is available. Maintainer scripts that
4072 prompt via a program conforming to the Debian Configuration
4074 assume that program will handle falling back to noninteractive
4075 behavior.
4076 </p>
4078 <p>
4079 For high-priority prompts without a reasonable default answer,
4080 maintainer scripts may abort if there is no controlling
4081 terminal. However, this situation should be avoided if at all
4082 possible, since it prevents automated or unattended installs.
4083 In most cases, users will consider this to be a bug in the
4084 package.
4085 </p>
4086 </sect>
4091 <p>
4092 Each script must return a zero exit status for
4093 success, or a nonzero one for failure, since the package
4094 management system looks for the exit status of these scripts
4095 and determines what action to take next based on that datum.
4096 </p>
4097 </sect>
4100 scripts are called
4101 </heading>
4103 <p>
4104 What follows is a summary of all the ways in which maintainer
4105 scripts may be called along with what facilities those scripts
4106 may rely on being available at that time. Script names preceded
4108 package being installed, upgraded to, or downgraded to. Script
4110 version of a package that is being upgraded from or downgraded
4111 from.
4112 </p>
4114 <p>
4116 ways:
4117 <taglist>
4123 <item>
4124 The package will not yet be unpacked, so
4126 included in its package. Only essential packages and
4128 available. Pre-dependencies will have been configured at
4131 state if a previous version of the pre-dependency was
4132 completely configured and has not been removed since then.
4133 </item>
4137 <item>
4138 Called during error handling of an upgrade that failed after
4139 unpacking the new package because the <tt>postrm
4140 upgrade</tt> action failed. The unpacked files may be
4141 partly from the new version or partly missing, so the script
4142 cannot rely on files included in the package. Package
4143 dependencies may not be available. Pre-dependencies will be
4144 at least "Unpacked" following the same rules as above, except
4145 they may be only "Half-Installed" if an upgrade of the
4146 pre-dependency failed.<footnote>
4147 This can happen if the new version of the package no
4148 longer pre-depends on a package that had been partially
4149 upgraded.
4150 </footnote>
4151 </item>
4152 </taglist>
4153 </p>
4155 <p>
4157 ways:
4158 <taglist>
4161 <item>
4162 The files contained in the package will be unpacked. All
4163 package dependencies will at least be "Unpacked". If there
4164 are no circular dependencies involved, all package
4165 dependencies will be configured. For behavior in the case
4166 of circular dependencies, see the discussion
4168 </item>
4181 <item>
4182 The files contained in the package will be unpacked. All
4183 package dependencies will at least be "Half-Installed" and
4184 will have previously been configured and not removed.
4185 However, dependencies may not be configured or even fully
4186 unpacked in some error situations.<footnote>
4187 For example, suppose packages foo and bar are "Installed"
4188 with foo depending on bar. If an upgrade of bar were
4189 started and then aborted, and then an attempt to remove
4192 bar only "Half-Installed".
4193 </footnote>
4195 for which its dependencies are required, since they will
4196 normally be available, but consider the correct error
4197 handling approach if those actions fail. Aborting
4199 from the package dependencies are not available is often the
4200 best approach.
4201 </item>
4202 </taglist>
4203 </p>
4205 <p>
4207 ways:
4208 <taglist>
4219 <item>
4221 at least "Half-Installed". All package dependencies will at
4222 least be "Half-Installed" and will have previously been
4223 configured and not removed. If there was no error, all
4224 dependencies will at least be "Unpacked", but these actions
4225 may be called in various error states where dependencies are
4226 only "Half-Installed" due to a partial upgrade.
4227 </item>
4231 <item>
4233 fails. The new package will not yet be unpacked, and all
4235 </item>
4236 </taglist>
4237 </p>
4239 <p>
4241 ways:
4242 <taglist>
4249 <item>
4251 files have been removed or replaced. The package
4253 previously been deconfigured and only be "Unpacked", at which
4254 point subsequent package changes do not consider its
4256 may only rely on essential packages and must gracefully skip
4257 any actions that require the package's dependencies if those
4258 dependencies are unavailable.<footnote>
4259 This is often done by checking whether the command or
4261 available before calling it. For example:
4262 <example>
4263 if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
4264 . /usr/share/debconf/confmodule
4265 db_purge
4266 fi
4267 </example>
4269 configuration for the package
4271 </footnote>
4272 </item>
4276 <item>
4278 The new package will be unpacked, but only essential
4279 packages and pre-dependencies can be relied on.
4280 Pre-dependencies will either be configured or will be
4282 configured and was never removed.
4283 </item>
4290 <item>
4291 Called before unpacking the new package as part of the
4294 </item>
4295 </taglist>
4296 </p>
4297 </sect>
4302 <p>
4303 The procedure on installation/upgrade/overwrite/disappear
4306 case, if a major error occurs (unless listed below) the
4307 actions are, in general, run backwards - this means that the
4308 maintainer scripts are run with different arguments in
4309 reverse order. These are the "error unwind" calls listed
4310 below.
4312 <enumlist>
4313 <item>
4314 <enumlist>
4315 <item>
4316 If a version of the package is already "Installed", call
4319 </example>
4320 </item>
4321 <item>
4322 If the script runs but exits with a non-zero
4326 </example>
4327 If this works, the upgrade continues. If this
4328 does not work, the error unwind:
4331 </example>
4332 If this works, then the old-version is
4333 "Installed", if not, the old version is in a
4334 "Half-Configured" state.
4335 </item>
4336 </enumlist>
4337 </item>
4339 <item>
4340 If a "conflicting" package is being removed at the same time,
4342 <enumlist>
4343 <item>
4345 specified, call, for each package to be deconfigured
4350 </example>
4351 Error unwind:
4355 </example>
4356 The deconfigured packages are marked as
4357 requiring configuration, so that if
4359 configured again if possible.
4360 </item>
4361 <item>
4362 If any packages depended on a conflicting
4364 specified, call, for each such package:
4369 </example>
4370 Error unwind:
4375 </example>
4376 The deconfigured packages are marked as
4377 requiring configuration, so that if
4379 configured again if possible.
4380 </item>
4381 <item>
4382 To prepare for removal of each conflicting package, call:
4386 </example>
4387 Error unwind:
4391 </example>
4392 </item>
4393 </enumlist>
4394 </item>
4396 <item>
4397 <enumlist>
4398 <item>
4399 If the package is being upgraded, call:
4402 </example>
4403 If this fails, we call:
4404 <example>
4406 </example>
4407 <enumlist>
4408 <item>
4409 <p>
4410 If that works, then
4411 <example>
4413 </example>
4414 is called. If this works, then the old version
4415 is in an "Installed" state, or else it is left
4416 in an "Unpacked" state.
4417 </p>
4418 </item>
4419 <item>
4420 <p>
4421 If it fails, then the old version is left
4422 in an "Half-Installed" state.
4423 </p>
4424 </item>
4425 </enumlist>
4427 </item>
4428 <item>
4429 Otherwise, if the package had some configuration
4430 files from a previous version installed (i.e., it
4431 is in the "Config-Files" state):
4434 </example>
4435 Error unwind:
4436 <example>
4438 </example>
4439 If this fails, the package is left in a
4440 "Half-Installed" state, which requires a
4441 reinstall. If it works, the packages is left in
4442 a "Config-Files" state.
4443 </item>
4444 <item>
4445 Otherwise (i.e., the package was completely purged):
4448 </example>
4449 Error unwind:
4452 </example>
4453 If the error-unwind fails, the package is in a
4454 "Half-Installed" phase, and requires a
4455 reinstall. If the error unwind works, the
4456 package is in the "Not-Installed" state.
4457 </item>
4458 </enumlist>
4459 </item>
4461 <item>
4462 <p>
4463 The new package's files are unpacked, overwriting any
4464 that may be on the system already, for example any
4465 from the old version of the same package or from
4466 another package. Backups of the old files are kept
4467 temporarily, and if anything goes wrong the package
4468 management system will attempt to put them back as
4469 part of the error unwind.
4470 </p>
4472 <p>
4473 It is an error for a package to contain files which
4474 are on the system in another package, unless
4476 <!--
4477 The following paragraph is not currently the case:
4478 Currently the <tt>- - force-overwrite</tt> flag is
4479 enabled, downgrading it to a warning, but this may not
4480 always be the case.
4481 -->
4482 </p>
4484 <p>
4485 It is a more serious error for a package to contain a
4486 plain file or other kind of non-directory where another
4487 package has a directory (again, unless
4489 overridden if desired using
4491 advisable.
4492 </p>
4494 <p>
4495 Packages which overwrite each other's files produce
4496 behavior which, though deterministic, is hard for the
4497 system administrator to understand. It can easily
4498 lead to "missing" programs if, for example, a package
4499 is unpacked which overwrites a file from another
4500 package, and is then removed again.<footnote>
4501 Part of the problem is due to what is arguably a
4503 </footnote>
4504 </p>
4506 <p>
4507 A directory will never be replaced by a symbolic link
4508 to a directory or vice versa; instead, the existing
4509 state (symlink or not) will be left alone and
4511 one.
4512 </p>
4513 </item>
4515 <item>
4516 <p>
4517 <enumlist>
4518 <item>
4519 If the package is being upgraded, call
4522 </example>
4523 </item>
4524 <item>
4528 </example>
4529 If this works, installation continues. If not,
4530 Error unwind:
4533 </example>
4534 If this fails, the old version is left in a
4535 "Half-Installed" state. If it works, dpkg now
4536 calls:
4539 </example>
4540 If this fails, the old version is left in a
4541 "Half-Installed" state. If it works, dpkg now
4542 calls:
4545 </example>
4546 If this fails, the old version is in an
4547 "Unpacked" state.
4548 </item>
4549 </enumlist>
4550 </p>
4552 <p>
4553 This is the point of no return - if
4555 past this point if an error occurs. This will
4556 leave the package in a fairly bad state, which
4557 will require a successful re-installation to clear
4559 things that are irreversible.
4560 </p>
4561 </item>
4563 <item>
4564 Any files which were in the old version of the package
4565 but not in the new are removed.
4566 </item>
4568 <item>
4569 The new file list replaces the old.
4570 </item>
4572 <item>
4573 The new maintainer scripts replace the old.
4574 </item>
4576 <item>
4577 Any packages all of whose files have been overwritten
4578 during the installation, and which aren't required for
4579 dependencies, are considered to have been removed.
4580 For each such package
4581 <enumlist>
4582 <item>
4587 </example>
4588 </item>
4589 <item>
4590 The package's maintainer scripts are removed.
4591 </item>
4592 <item>
4593 It is noted in the status database as being in a
4594 sane state, namely "Not-Installed" (any conffiles
4595 it may have are ignored, rather than being
4597 disappearing packages do not have their prerm
4599 in advance that the package is going to
4600 vanish.
4601 </item>
4602 </enumlist>
4603 </item>
4605 <item>
4606 Any files in the package we're unpacking that are also
4607 listed in the file lists of other packages are removed
4608 from those lists. (This will lobotomize the file list
4609 of the "conflicting" package if there is one.)
4610 </item>
4612 <item>
4613 The backup files made during installation, above, are
4614 deleted.
4615 </item>
4617 <item>
4618 <p>
4619 The new package's status is now sane, and recorded as
4620 "Unpacked".
4621 </p>
4623 <p>
4624 Here is another point of no return - if the
4625 conflicting package's removal fails we do not unwind
4626 the rest of the installation; the conflicting package
4627 is left in a half-removed limbo.
4628 </p>
4629 </item>
4631 <item>
4632 If there was a conflicting package we go and do the
4633 removal actions (described below), starting with the
4634 removal of the conflicting package's files (any that
4635 are also in the package being unpacked have already
4636 been removed from the conflicting package's file list,
4637 and so do not get removed now).
4638 </item>
4639 </enumlist>
4640 </p>
4641 </sect>
4645 <p>
4646 When we configure a package (this happens with <tt>dpkg
4651 </example>
4652 </p>
4654 <p>
4655 No attempt is made to unwind after errors during
4656 configuration. If the configuration fails, the package is in
4657 a "Half-Configured" state, and an error message is generated.
4658 </p>
4660 <p>
4661 If there is no most recently configured version
4663 <footnote>
4664 <p>
4665 Historical note: Truly ancient (pre-1997) versions of
4667 (including the angle brackets) in this case. Even older
4668 ones did not pass a second argument at all, under any
4669 circumstance. Note that upgrades using such an old dpkg
4670 version are unlikely to work for other reasons, even if
4671 this old argument behavior is handled by your postinst script.
4672 </p>
4673 </footnote>
4674 </p>
4675 </sect>
4678 configuration purging</heading>
4680 <p>
4681 <enumlist>
4682 <item>
4683 <p>
4686 </example>
4687 </p>
4688 <p>
4689 If prerm fails during replacement due to conflict
4690 <example>
4693 </example>
4694 Or else we call:
4695 <example>
4697 </example>
4698 </p>
4699 <p>
4700 If this fails, the package is in a "Half-Configured"
4701 state, or else it remains "Installed".
4702 </p>
4703 </item>
4704 <item>
4706 </item>
4707 <item>
4710 </example>
4712 <p>
4713 If it fails, there's no error unwind, and the package is in
4714 an "Half-Installed" state.
4715 </p>
4716 </item>
4717 <item>
4718 <p>
4720 are removed.
4721 </p>
4723 <p>
4724 If we aren't purging the package we stop here. Note
4727 removed, as there is no difference except for the
4729 </p>
4730 </item>
4731 <item>
4735 are removed.
4736 </item>
4737 <item>
4738 <p>
4741 </example>
4742 </p>
4743 <p>
4744 If this fails, the package remains in a "Config-Files"
4745 state.
4746 </p>
4747 </item>
4748 <item>
4749 The package's file list is removed.
4750 </item>
4751 </enumlist>
4753 </p>
4754 </sect>
4755 </chapt>
4764 <p>
4765 These fields all have a uniform syntax. They are a list of
4766 package names separated by commas.
4767 </p>
4769 <p>
4774 control fields of the package, which declare
4775 dependencies on other packages, the package names listed may
4776 also include lists of alternative package names, separated
4778 that part of the dependency can be satisfied by any one of
4779 the alternative packages.
4780 </p>
4782 <p>
4784 their applicability to particular versions of each named
4785 package. This is done in parentheses after each individual
4786 package name; the parentheses should contain a relation from
4787 the list below followed by a version number, in the format
4789 </p>
4791 <p>
4794 earlier, earlier or equal, exactly equal, later or equal and
4795 strictly later, respectively.<footnote>
4797 allowed, but they were confusingly defined to mean
4798 earlier/later or equal rather than strictly
4800 warning, but they are no longer allowed by Debian Policy.
4801 </footnote>
4802 </p>
4804 <p>
4805 Whitespace may appear at any point in the version
4806 specification subject to the rules in <ref
4808 disambiguate; it is not otherwise significant. All of the
4809 relationship fields can only be folded in source package control files. For
4810 consistency and in case of future changes to
4812 used after a version relationship and before a version
4813 number; it is also conventional to put a single space after
4814 each comma, on either side of each vertical bar, and before
4815 each open parenthesis. When opening a continuation line in a relationship field, it
4816 is conventional to do so after a comma and before the space
4817 following that comma.
4818 </p>
4820 <p>
4821 For example, a list of dependencies might appear as:
4823 Package: mutt
4826 </example>
4827 </p>
4829 <p>
4830 Relationships may be restricted to a certain set of
4831 architectures. This is indicated in brackets after each
4832 individual package name and the optional version specification.
4833 The brackets enclose a non-empty list of Debian architecture names
4835 separated by whitespace. Exclamation marks may be prepended to
4836 each of the names. (It is not permitted for some names to be
4837 prepended with exclamation marks while others aren't.)
4838 </p>
4840 <p>
4841 For build relationship fields
4845 the current Debian host architecture is not in this list and
4846 there are no exclamation marks in the list, or it is in the list
4847 with a prepended exclamation mark, the package name and the
4848 associated version specification are ignored completely for the
4849 purposes of defining the relationships.
4850 </p>
4852 <p>
4853 For example:
4855 Source: glibc
4856 Build-Depends-Indep: texinfo
4857 Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
4858 hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
4859 </example>
4863 showing multiple architectures separated by spaces:
4865 Build-Depends:
4866 libluajit5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc mips],
4867 liblua5.1-dev [hurd-i386 ia64 kfreebsd-amd64 s390x sparc],
4868 </example>
4869 </p>
4871 <p>
4873 field, the architecture restriction
4874 syntax is only supported in the source package control
4876 package control file is generated, the relationship will either
4877 be omitted or included without the architecture restriction
4878 based on the architecture of the binary package. This means
4879 that architecture restrictions must not be used in binary
4880 relationship fields for architecture-independent packages
4882 </p>
4884 <p>
4885 For example:
4887 Depends: foo [i386], bar [amd64]
4888 </example>
4892 entirely in binary packages built on all other architectures.
4893 </p>
4895 <p>
4896 If the architecture-restricted dependency is part of a set of
4898 completely on architectures that do not match the restriction.
4899 For example:
4901 Build-Depends: foo [!i386] | bar [!amd64]
4902 </example>
4905 bar</tt> on all other architectures.
4906 </p>
4908 <p>
4909 Relationships may also be restricted to a certain set of
4910 architectures using architecture wildcards in the format
4912 declaring such restrictions is the same as declaring
4913 restrictions using a certain set of architectures without
4914 architecture wildcards. For example:
4916 Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
4917 </example>
4921 using a kernel other than Linux.
4922 </p>
4924 <p>
4925 Note that the binary package relationship fields such as
4927 sections of the control file, whereas the build-time
4929 source package section of the control file (which is the
4930 first section).
4931 </p>
4932 </sect>
4938 </heading>
4940 <p>
4941 Packages can declare in their control file that they have
4942 certain relationships to other packages - for example, that
4943 they may not be installed at the same time as certain other
4944 packages, and/or that they depend on the presence of others.
4945 </p>
4947 <p>
4953 rest are described below.
4954 </p>
4956 <p>
4957 These seven fields are used to declare a dependency
4958 relationship by one package on another. Except for
4960 depending (binary) package's control file.
4963 depended-on package which causes the named package to
4964 break).
4965 </p>
4967 <p>
4969 package is to be configured. It does not prevent a package
4970 being on the system in an unconfigured state while its
4971 dependencies are unsatisfied, and it is possible to replace
4972 a package whose dependencies are satisfied and which is
4973 properly installed with a different version whose
4974 dependencies are not and cannot be satisfied; when this is
4975 done the depending package will be left unconfigured (since
4976 attempts to configure it will give errors) and will not
4977 function properly. If it is necessary, a
4979 effect even when a package is being unpacked, as explained
4980 in detail below. (The other three dependency fields,
4985 </p>
4987 <p>
4989 which packages are configured, packages in an installation run
4990 are usually all unpacked first and all configured later.
4991 <footnote>
4992 This approach makes dependency resolution easier. If two
4993 packages A and B are being upgraded, the installed package A
4994 depends on exactly the installed package B, and the new
4995 package A depends on exactly the new package B (a common
4996 situation when upgrading shared libraries and their
4997 corresponding development packages), satisfying the
4998 dependencies at every stage of the upgrade would be
4999 impossible. This relaxed restriction means that both new
5000 packages can be unpacked together and then configured in their
5001 dependency order.
5002 </footnote>
5003 </p>
5005 <p>
5006 If there is a circular dependency among packages being installed
5007 or removed, installation or removal order honoring the
5008 dependency order is impossible, requiring the dependency loop be
5009 broken at some point and the dependency requirements violated
5010 for at least one package. Packages involved in circular
5011 dependencies may not be able to rely on their dependencies being
5012 configured before they themselves are configured, depending on
5013 which side of the break of the circular dependency loop they
5014 happen to be on. If one of the packages in the loop has
5017 scripts are run with their dependencies properly configured if
5018 this is possible. Otherwise the breaking point is arbitrary.
5019 Packages should therefore avoid circular dependencies where
5021 scripts.
5022 </p>
5024 <p>
5025 The meaning of the five dependency fields is as follows:
5026 <taglist>
5028 <item>
5029 <p>
5030 This declares an absolute dependency. A package will
5031 not be configured unless all of the packages listed in
5033 configured (unless there is a circular dependency as
5034 described above).
5035 </p>
5037 <p>
5039 depended-on package is required for the depending
5040 package to provide a significant amount of
5041 functionality.
5042 </p>
5044 <p>
5047 require the depended-on package to be unpacked or
5048 configured in order to run. In the case of <tt>postinst
5049 configure</tt>, the depended-on packages will be unpacked
5050 and configured first. (If both packages are involved in a
5051 dependency loop, this might not work as expected; see the
5052 explanation a few paragraphs back.) In the case
5054 actions, the package dependencies will normally be at
5055 least unpacked, but they may be only "Half-Installed" if a
5056 previous upgrade of the dependency failed.
5057 </p>
5059 <p>
5062 script to fully clean up after the package removal. There
5063 is no guarantee that package dependencies will be
5065 depended-on package is more likely to be available if the
5066 package declares a dependency (particularly in the case
5068 script must gracefully skip actions that require a
5069 dependency if that dependency isn't available.
5070 </p>
5071 </item>
5074 <item>
5075 <p>
5076 This declares a strong, but not absolute, dependency.
5077 </p>
5079 <p>
5081 that would be found together with this one in all but
5082 unusual installations.
5083 </p>
5084 </item>
5087 <item>
5088 This is used to declare that one package may be more
5089 useful with one or more others. Using this field
5090 tells the packaging system and the user that the
5091 listed packages are related to this one and can
5092 perhaps enhance its usefulness, but that installing
5093 this one without them is perfectly reasonable.
5094 </item>
5097 <item>
5098 This field is similar to Suggests but works in the
5099 opposite direction. It is used to declare that a
5100 package can enhance the functionality of another
5101 package.
5102 </item>
5105 <item>
5106 <p>
5109 of the packages named before even starting the
5110 installation of the package which declares the
5111 pre-dependency, as follows:
5112 </p>
5114 <p>
5115 When a package declaring a pre-dependency is about to
5117 satisfied if the depended-on package is either fully
5120 state, provided that they have been configured
5121 correctly at some point in the past (and not removed
5122 or partially removed since). In this case, both the
5123 previously-configured and currently "Unpacked" or
5124 "Half-Configured" versions must satisfy any version
5126 </p>
5128 <p>
5129 When the package declaring a pre-dependency is about to
5132 satisfied only if the depended-on package has been
5133 correctly configured. However, unlike
5135 permit circular dependencies to be broken. If a circular
5136 dependency is encountered while attempting to honor
5138 </p>
5140 <p>
5143 It is best to avoid this situation if possible.
5144 </p>
5146 <p>
5148 preferably only by packages whose premature upgrade or
5149 installation would hamper the ability of the system to
5150 continue with any upgrade that might be in progress.
5151 </p>
5153 <p>
5155 package before this has been discussed on the
5158 </p>
5159 </item>
5160 </taglist>
5161 </p>
5163 <p>
5164 When selecting which level of dependency to use you should
5165 consider how important the depended-on package is to the
5166 functionality of the one declaring the dependency. Some
5167 packages are composed of components of varying degrees of
5168 importance. Such a package should list using
5170 more important components. The other components'
5171 requirements may be mentioned as Suggestions or
5172 Recommendations, as appropriate to the components' relative
5173 importance.
5174 </p>
5175 </sect>
5180 <p>
5181 When one binary package declares that it breaks another,
5184 package is deconfigured first, and it will refuse to
5185 allow the broken package to be reconfigured.
5186 </p>
5188 <p>
5189 A package will not be regarded as causing breakage merely
5190 because its configuration files are still installed; it must
5191 be at least "Half-Installed".
5192 </p>
5194 <p>
5195 A special exception is made for packages which declare that
5196 they break their own package name or a virtual package which
5197 they provide (see below): this does not count as a real
5198 breakage.
5199 </p>
5201 <p>
5204 version of an (implicit or explicit) dependency which violates
5205 an assumption or reveals a bug in earlier versions of the broken
5206 package, or which takes over a file from earlier versions of the
5208 will inform higher-level package management tools that the
5209 broken package must be upgraded before the new one.
5210 </p>
5212 <p>
5213 If the breaking package also overwrites some files from the
5216 of taking over files from other packages, including how to
5218 </p>
5220 <p>
5226 differences.
5227 </p>
5228 </sect>
5233 <p>
5234 When one binary package declares a conflict with another using
5236 allow them to be unpacked on the system at the same time. This
5238 the broken package from being configured while the breaking
5239 package is in the "Unpacked" state but allows both packages to
5240 be unpacked at the same time.
5241 </p>
5243 <p>
5244 If one package is to be unpacked, the other must be removed
5245 first. If the package being unpacked is marked as replacing
5247 normally be used in this case) the one on the system, or the one
5248 on the system is marked as deselected, or both packages are
5250 automatically remove the package which is causing the conflict.
5251 Otherwise, it will halt the installation of the new package with
5252 an error. This mechanism is specifically designed to produce an
5254 new package is not.
5255 </p>
5257 <p>
5258 A package will not cause a conflict merely because its
5259 configuration files are still installed; it must be at least
5260 "Half-Installed".
5261 </p>
5263 <p>
5264 A special exception is made for packages which declare a
5265 conflict with their own package name, or with a virtual
5266 package which they provide (see below): this does not
5267 prevent their installation, and allows a package to conflict
5268 with others providing a replacement for it. You use this
5269 feature when you want the package in question to be the only
5270 package providing some feature.
5271 </p>
5273 <p>
5276 stronger restriction on the ordering of package installation or
5277 upgrade and can make it more difficult for the package manager
5278 to find a correct solution to an upgrade or installation
5280 <list>
5281 <item>when moving a file from one package to another (see
5283 <item>when splitting a package (a special case of the previous
5284 one), or</item>
5285 <item>when the breaking package exposes a bug in or interacts
5286 badly with particular versions of the broken
5287 package.</item>
5288 </list>
5290 <list>
5291 <item>when two packages provide the same file and will
5292 continue to do so,</item>
5294 package providing a given virtual facility may be unpacked
5296 <item>in other cases where one must prevent simultaneous
5297 installation of two packages for reasons that are ongoing
5298 (not fixed in a later version of one of the packages) or
5299 that must prevent both packages from being unpacked at the
5300 same time, not just configured.</item>
5301 </list>
5303 solution when two packages provide the same files. Depending on
5304 the reason for that conflict, using alternatives or renaming the
5305 files is often a better approach. See, for
5307 </p>
5309 <p>
5311 unless two packages cannot be installed at the same time or
5312 installing them both causes one of them to be broken or
5313 unusable. Having similar functionality or performing the same
5314 tasks as another package is not sufficient reason to
5316 </p>
5318 <p>
5320 clause if the reason for the conflict is corrected in a later
5321 version of one of the packages. However, normally the presence
5322 of an "earlier than" version clause is a sign
5326 package which declares such a conflict until the upgrade or
5327 removal of the conflicted-with package has been completed, which
5328 is a strong restriction.
5329 </p>
5330 </sect>
5333 </heading>
5335 <p>
5336 As well as the names of actual ("concrete") packages, the
5343 may mention "virtual packages".
5344 </p>
5346 <p>
5349 is as if the package(s) which provide a particular virtual
5350 package name had been listed by name everywhere the virtual
5352 </p>
5354 <p>
5355 If there are both concrete and virtual packages of the same
5356 name, then the dependency may be satisfied (or the conflict
5357 caused) by either the concrete package with the name in
5358 question or any other concrete package which provides the
5359 virtual package with the name in question. This is so that,
5360 for example, supposing we have
5362 Package: foo
5363 Depends: bar
5364 </example> and someone else releases an enhanced version of
5367 Package: bar-plus
5368 Provides: bar
5369 </example>
5372 </p>
5374 <p>
5375 If a relationship field has a version number attached, only real
5376 packages will be considered to see whether the relationship is
5377 satisfied (or the prohibition violated, for a conflict or
5378 breakage). In other words, if a version number is specified,
5380 package name and consider only real packages. The package
5381 manager will assume that a package providing that virtual
5383 field may not contain version numbers, and the version number of
5384 the concrete package which provides a particular virtual package
5385 will not be considered when considering a dependency on or
5386 conflict with the virtual package name.<footnote>
5388 add the ability to specify a version number for each virtual
5389 package it provides. This feature is not yet present,
5390 however, and is expected to be used only infrequently.
5391 </footnote>
5392 </p>
5394 <p>
5395 To specify which of a set of real packages should be the default
5396 to satisfy a particular dependency on a virtual package, list
5397 the real package as an alternative before the virtual one.
5398 </p>
5400 <p>
5401 If the virtual package represents a facility that can only be
5402 provided by one real package at a time, such as
5404 requires installation of a binary that would conflict with all
5405 other providers of that virtual package (see
5407 virtual package should also declare a conflict with it
5409 provider of that virtual package is unpacked or installed at a
5410 time.
5411 </p>
5412 </sect>
5417 <p>
5418 Packages can declare in their control file that they should
5419 overwrite files in certain other packages, or completely replace
5421 two distinct purposes.
5422 </p>
5426 <p>
5427 It is usually an error for a package to contain files which
5428 are on the system in another package. However, if the
5431 will replace the file from the old package with that from the
5432 new. The file will no longer be listed as "owned" by the old
5433 package and will be taken over by the new package.
5441 be installed and take over that file. However,
5444 version that knows it does not include that file and instead
5447 being installed and then removed, removing the file that it
5449 operation, the package manager would think the system was in
5451 would be missing one of its files.
5452 </footnote>
5453 </p>
5455 <p>
5459 have the fields
5463 </example>
5464 in its control file. The new version of the
5468 </example>
5471 required for normal operation).
5472 </p>
5474 <p>
5475 If a package is completely replaced in this way, so that
5477 contains, it is considered to have "disappeared". It will
5478 be marked as not wanted on the system (selected for
5480 details noted for the package will be ignored, as they
5481 will have been taken over by the overwriting package. The
5483 special argument to allow the package to do any final
5485 <footnote>
5486 Replaces is a one way relationship. You have to install
5487 the replacing package after the replaced package.
5488 </footnote>
5489 </p>
5491 <p>
5495 replaced must be mentioned by their real names.
5496 </p>
5498 <p>
5500 packages are at least partially on the system at once. It is
5501 not relevant if the packages conflict unless the conflict has
5502 been overridden.
5503 </p>
5504 </sect1>
5506 <sect1><heading>Replacing whole packages, forcing their
5507 removal</heading>
5509 <p>
5511 resolve which package should be removed when there is a
5514 two usages of this field do not interfere with each other.
5515 </p>
5517 <p>
5518 In this situation, the package declared as being replaced
5519 can be a virtual package, so for example, all mail
5520 transport agents (MTAs) would have the following fields in
5521 their control files:
5523 Provides: mail-transport-agent
5524 Conflicts: mail-transport-agent
5525 Replaces: mail-transport-agent
5526 </example>
5527 ensuring that only one MTA can be unpacked at any one
5529 example.
5530 </sect1>
5531 </sect>
5534 <heading>Relationships between source and binary packages -
5538 </heading>
5540 <p>
5541 Source packages that require certain binary packages to be
5542 installed or absent at the time of building the package
5543 can declare relationships to those binary packages.
5544 </p>
5546 <p>
5551 </p>
5553 <p>
5554 Build-dependencies on "build-essential" binary packages can be
5556 </p>
5558 <p>
5559 The dependencies and conflicts they define must be satisfied
5560 (as defined earlier for binary packages) in order to invoke
5562 <taglist>
5564 <item>
5566 fields must be satisfied when this target is invoked.
5567 </item>
5569 <item>
5572 fields must be satisfied when these targets are invoked.
5573 </item>
5575 <item>
5578 fields must be satisfied when these targets are invoked.
5579 </item>
5581 <item>
5585 fields must be satisfied when these targets are invoked.
5586 </item>
5587 </taglist>
5588 </p>
5589 </sect>
5592 <heading>Additional source packages used to build the binary
5594 </heading>
5596 <p>
5597 Some binary packages incorporate parts of other packages when built
5598 but do not have to depend on those packages. Examples include
5599 linking with static libraries or incorporating source code from
5600 another package during the build. In this case, the source packages
5601 of those other packages are a required part of the complete source
5602 (the binary package is not reproducible without them).
5603 </p>
5605 <p>
5607 package for any such binary package incorporated during the build
5608 <footnote>
5610 it (rightfully) does not document the exact version used in the
5611 build.
5612 </footnote>,
5614 that was used to build that binary package<footnote>
5615 The archive software might reject packages that refer to
5616 non-existent sources.
5617 </footnote>.
5618 </p>
5620 <p>
5621 A package using the source code from the gcc-4.6-source
5622 binary package built from the gcc-4.6 source package would
5623 have this field in its control file:
5626 </example>
5627 </p>
5629 <p>
5630 A package including binaries from grub2 and loadlin would
5631 have this field in its control file:
5634 </example>
5635 </p>
5636 </sect>
5637 </chapt>
5642 <p>
5643 Packages containing shared libraries must be constructed with
5644 a little care to make sure that the shared library is always
5645 available. This is especially important for packages whose
5646 shared libraries are vitally important, such as the C library
5648 </p>
5650 <p>
5651 This section deals only with public shared libraries: shared
5652 libraries that are placed in directories searched by the dynamic
5653 linker by default or which are intended to be linked against
5654 normally and possibly used by other, independent packages. Shared
5655 libraries that are internal to a particular package or that are
5656 only loaded as dynamic modules are not covered by this section and
5657 are not subject to its requirements.
5658 </p>
5660 <p>
5662 stored in its dynamic section. When a binary is linked against a
5665 dynamic linker knows that library must be loaded at runtime. The
5666 shared library file's full name (which usually contains additional
5668 therefore normally not referenced directly. Instead, the shared
5670 system as a symlink pointing to the full name of the shared
5671 library. This symlink must be provided by the
5673 <footnote>
5674 This is a convention of shared library versioning, but not a
5676 library file name instead and therefore do not need a symlink.
5677 Most, however, encode additional information about
5678 backwards-compatible revisions as a minor version number in the
5680 binaries linked with the earlier version of the shared library
5681 may no longer work, but the filename may change with each
5683 more information.
5684 </footnote>
5685 </p>
5687 <p>
5688 When linking a binary or another shared library against a shared
5690 known. Instead, the shared library is found by looking for a file
5692 exists on the file system as a symlink pointing to the shared
5693 library.
5694 </p>
5696 <p>
5697 Shared libraries are normally split into several binary packages.
5700 the development package since it's only used when linking binaries
5701 or shared libraries. However, there are some exceptions for
5702 unusual shared libraries or for shared libraries that are also
5703 loaded as dynamic modules by other programs.
5704 </p>
5706 <p>
5707 This section is primarily concerned with how the separation of
5708 shared libraries into multiple packages should be done and how
5709 dependencies on and between shared library binary packages are
5711 conjunction with this section and contains additional rules for
5712 the files contained in the shared library packages.
5713 </p>
5718 <p>
5719 The run-time shared library must be placed in a package
5721 library changes. This allows several versions of the shared
5722 library to be installed at the same time, allowing installation
5723 of the new version of the shared library without immediately
5724 breaking binaries that depend on the old version. Normally, the
5726 be placed in a package named
5733 should use
5735 instead.
5736 </p>
5738 <p>
5749 </p>
5751 <p>
5752 If you have several shared libraries built from the same source
5753 tree, you may lump them all together into a single shared
5755 always change together. Be aware that this is not normally the
5757 upgrading such a merged shared library package will be
5758 unnecessarily difficult because of file conflicts with the old
5759 version of the package. When in doubt, always split shared
5760 library packages so that each binary package installs a single
5761 shared library.
5762 </p>
5764 <p>
5765 Every time the shared library ABI changes in a way that may
5766 break binaries linked against older versions of the shared
5768 corresponding name for the binary package containing the runtime
5769 shared library should change. Normally, this means
5771 removed from the shared library or the signature of an interface
5772 (the number of parameters or the types of parameters that it
5773 takes, for example) is changed. This practice is vital to
5774 allowing clean upgrades from older versions of the package and
5775 clean transitions between the old ABI and new ABI without having
5776 to upgrade every affected package simultaneously.
5777 </p>
5779 <p>
5781 normally should not, change if new interfaces are added but none
5782 are removed or changed, since this will not break binaries
5783 linked against the old shared library. Correct versioning of
5784 dependencies on the newer shared library by binaries that use
5785 the new interfaces is handled via
5788 </p>
5790 <p>
5791 The package should install the shared libraries under
5797 of renaming things safely without affecting running programs,
5798 and attempts to interfere with this are likely to lead to
5799 problems.
5800 </p>
5802 <p>
5803 Shared libraries should not be installed executable, since
5804 the dynamic linker does not require this and trying to
5805 execute a shared library usually results in a core dump.
5806 </p>
5808 <p>
5809 The run-time library package should include the symbolic link for
5811 the shared libraries. For example,
5819 script.<footnote>
5820 The package management system requires the library to be
5821 placed before the symbolic link pointing to it in the
5824 (overwriting the previous symlink pointing at an older
5825 version of the library), the new shared library is already
5826 in place. In the past, this was achieved by creating the
5827 library in the temporary packaging directory before
5828 creating the symlink. Unfortunately, this was not always
5829 effective, since the building of the tar file in the
5831 file system. Some file systems (such as reiserfs) reorder
5832 the files so that the order of creation is forgotten.
5834 reorders the files itself as necessary when building a
5835 package. Thus it is no longer important to concern
5836 oneself with the order of file creation.
5837 </footnote>
5838 </p>
5843 <p>
5844 Any package installing shared libraries in one of the default
5845 library directories of the dynamic linker (which are currently
5850 matching the multiarch triplet for the system architecture.
5851 </footnote>
5853 system.
5854 </p>
5856 <p>
5857 The package maintainer scripts must only call
5864 </item>
5868 </item>
5869 </list>
5870 <footnote>
5871 <p>
5872 During install or upgrade, the preinst is called before
5873 the new files are unpacked, so calling "ldconfig" is
5874 pointless. The preinst of an existing package can also be
5875 called if an upgrade fails. However, this happens during
5876 the critical time when a shared libs may exist on-disk
5877 under a temporary name. Thus, it is dangerous and
5878 forbidden by current policy to call "ldconfig" at this
5879 time.
5880 </p>
5882 <p>
5883 When a package is installed or upgraded, "postinst
5884 configure" runs after the new files are safely on-disk.
5885 Since it is perfectly safe to invoke ldconfig
5886 unconditionally in a postinst, it is OK for a package to
5887 simply put ldconfig in its postinst without checking the
5888 argument. The postinst can also be called to recover from
5889 a failed upgrade. This happens before any new files are
5890 unpacked, so there is no reason to call "ldconfig" at this
5891 point.
5892 </p>
5894 <p>
5895 For a package that is being removed, prerm is
5896 called with all the files intact, so calling ldconfig is
5897 useless. The other calls to "prerm" happen in the case of
5898 upgrade at a time when all the files of the old package
5899 are on-disk, so again calling "ldconfig" is pointless.
5900 </p>
5902 <p>
5903 postrm, on the other hand, is called with the "remove"
5904 argument just after the files are removed, so this is
5905 the proper time to call "ldconfig" to notify the system
5906 of the fact that the shared libraries from the package
5907 are removed. The postrm can be called at several other
5910 "ldconfig" is useless because the shared lib files are
5911 not on-disk. However, when "postrm" is invoked with
5913 shared lib may exist on-disk under a temporary filename.
5914 </p>
5915 </footnote>
5916 </p>
5917 </sect1>
5919 </sect>
5924 <p>
5925 If your package contains files whose names do not change with
5926 each change in the library shared object version, you must not
5927 put them in the shared library package. Otherwise, several
5928 versions of the shared library cannot be installed at the same
5929 time without filename clashes, making upgrades and transitions
5930 unnecessarily difficult.
5931 </p>
5933 <p>
5934 It is recommended that supporting files and run-time support
5935 programs that do not need to be invoked manually by users, but
5936 are nevertheless required for the package to function, be placed
5939 If the program or file is architecture independent, the
5940 recommendation is for it to be placed in a subdirectory of
5944 names change when the shared object version changes.
5945 </p>
5947 <p>
5948 Run-time support programs that use the shared library but are
5949 not required for the library to function or files used by the
5950 shared library that can be used by any version of the shared
5951 library package should instead be put in a separate package.
5952 This package might typically be named
5955 </p>
5957 <p>
5958 Files and support programs only useful when compiling software
5959 against the library should be included in the development
5960 package for the library.<footnote>
5963 </footnote>
5964 </p>
5965 </sect>
5970 <p>
5972 is usually provided in addition to the shared version.
5973 It is placed into the development package (see below).
5974 </p>
5976 <p>
5977 In some cases, it is acceptable for a library to be
5978 available in static form only; these cases include:
5979 <list>
5980 <item>libraries for languages whose shared library support
5981 is immature or unstable</item>
5982 <item>libraries whose interfaces are in flux or under
5983 development (commonly the case when the library's
5984 major version number is zero, or where the ABI breaks
5985 across patchlevels)</item>
5986 <item>libraries which are explicitly intended to be
5987 available only in static form by their upstream
5988 author(s)</item>
5989 </list>
5990 </p>
5995 <p>
5996 If there are development files associated with a shared library,
5997 the source package needs to generate a binary development package
5999 or if you prefer only to support one development version at a
6001 the development package must result in installation of all the
6002 development files necessary for compiling programs against that
6003 shared library.<footnote>
6004 This wording allows the development files to be split into
6005 several packages, such as a separate architecture-independent
6007 the development package depends on all the required additional
6008 packages.
6009 </footnote>
6010 </p>
6012 <p>
6013 In case several development versions of a library exist, you may
6016 development version at a time (as different development versions are
6017 likely to have the same header files in them, which would cause a
6018 filename clash if both were unpacked).
6019 </p>
6021 <p>
6022 The development package should contain a symlink for the associated
6023 shared library without a version number. For example, the
6029 </p>
6031 <p>
6032 If the package provides Ada Library Information
6034 installed read-only (mode 0444) so that GNAT will not attempt to
6035 recompile them. This overrides the normal file mode requirements
6037 </p>
6038 </sect>
6043 <p>
6044 Typically the development version should have an exact
6045 version dependency on the runtime library, to make sure that
6046 compilation and linking happens correctly. The
6048 useful for this purpose.
6049 <footnote>
6051 was confusing and it has been deprecated since dpkg 1.13.19.
6052 </footnote>
6053 </p>
6054 </sect>
6057 <heading>Dependencies between the library and other
6058 packages</heading>
6060 <p>
6061 If a package contains a binary or library which links to a
6062 shared library, we must ensure that, when the package is
6063 installed on the system, all of the libraries needed are also
6064 installed. These dependencies must be added to the binary
6065 package when it is built, since they may change based on which
6066 version of a shared library the binary or library was linked
6067 with even if there are no changes to the source of the binary
6068 (for example, symbol versions change, macros become functions or
6069 vice versa, or the binary package may determine at compile-time
6070 whether new library interfaces are available and can be called).
6071 To allow these dependencies to be constructed, shared libraries
6074 package dependencies required to ensure the presence of
6075 interfaces provided by this library. Any package with binaries
6076 or libraries linking to a shared library must use these files to
6077 determine the required dependencies when it is built. Other
6078 packages which use a shared library (for example using
6080 using these files at build time as well.
6081 </p>
6083 <p>
6084 The two mechanisms differ in the degree of detail that they
6086 exported by a library, the minimal version of the package any
6087 binary using this symbol will need. This is typically the
6088 version of the package in which the symbol was introduced. This
6089 information permits detailed analysis of the symbols used by a
6090 particular package and construction of an accurate dependency,
6091 but it requires the package maintainer to track more information
6092 about the shared library.
6093 </p>
6095 <p>
6097 time the library ABI changed in any way. It only provides
6098 information about the library as a whole, not individual
6099 symbols. When a package is built using a shared library with
6101 require a version of the shared library equal to or newer than
6102 the version of the last ABI change. This generates
6103 unnecessarily restrictive dependencies compared
6105 package have changed. This, in turn, may make upgrades
6106 needlessly complex and unnecessarily restrict use of the package
6107 on systems with older versions of the shared libraries.
6108 </p>
6110 <p>
6113 files in some unusual corner cases.<footnote>
6116 instead of recording the actual SONAME. If the SONAME doesn't
6117 match one of the two expected formats
6119 cannot be represented.
6120 </footnote>
6121 </p>
6123 <p>
6125 shared library packages since they provide more accurate
6126 dependencies. For most C libraries, the additional detail
6128 maintain. However, maintaining exhaustive symbols information
6130 files may be more appropriate for most C++ libraries. Libraries
6131 with a corresponding udeb must also provide
6134 </p>
6139 <p>
6140 When a package that contains any shared libraries or compiled
6142 each shared library and compiled binary to determine the
6143 libraries used and hence the dependencies needed by the
6144 package.<footnote>
6147 the libraries and the symbols in those libraries directly
6148 needed by the binaries or shared libraries in the package.
6149 </footnote>
6152 List all of the compiled binaries, libraries, or loadable
6153 modules in your package.<footnote>
6155 correctly is to use a package helper framework such
6159 you. It will also correctly handle multi-binary packages.
6160 </footnote>
6163 to generate dependency information. The package must then
6164 provide a substitution variable into which the discovered
6165 dependency information can be placed.
6166 </p>
6168 <p>
6169 If you are creating a udeb for use in the Debian Installer,
6174 will automatically add this option if it knows it is
6175 processing a udeb.
6176 </footnote>. If there is no dependency line of
6179 regular dependency line.
6180 </p>
6182 <p>
6188 package built by this source package that contains compiled
6189 binaries, libraries, or loadable modules. If you have
6190 multiple binary packages, you will need to
6192 compiled libraries or binaries. For example, you could use
6195 binary package.<footnote>
6198 the addition of the variable to the control file for you if
6202 the appropriate flags.
6203 </footnote>
6204 </p>
6206 <p>
6209 </p>
6211 <p>
6214 library (that is, the library is listed in the
6216 to the link line when the binary is created). Other libraries
6219 linker will load them automatically when it
6221 libraries it directly uses, but not the libraries it only uses
6222 indirectly. The dependencies for the libraries used
6223 directly will automatically pull in the indirectly-used
6225 automatically, but package maintainers need to be aware of
6226 this distinction between directly and indirectly using a
6227 library if they have to override its results for some reason.
6228 <footnote>
6229 A good example of where this helps is the following. We
6231 supports a new revision of a graphics format called dgf (but
6232 retaining the same major version number) and depends on a
6236 directly or indirectly linked with a binary, every package
6240 Since dependencies are only added based on
6243 having the dependency on an appropriate version
6245 </footnote>
6246 </p>
6247 </sect1>
6252 <p>
6253 Maintaining a shared library package using
6255 requires being aware of the exposed ABI of the shared library
6260 the last change for the entire library.
6261 </p>
6263 <p>
6264 There are two types of ABI changes: ones that are
6265 backward-compatible and ones that are not. An ABI change is
6266 backward-compatible if any reasonable program or library that
6267 was linked with the previous version of the shared library
6268 will still work correctly with the new version of the shared
6269 library.<footnote>
6270 An example of an "unreasonable" program is one that uses
6271 library interfaces that are documented as internal and
6272 unsupported. If the only programs or libraries affected by
6273 a change are "unreasonable" ones, other techniques, such as
6275 packages or treating their usage of the library as bugs in
6276 those packages, may be appropriate instead of changing the
6277 SONAME. However, the default approach is to change the
6278 SONAME for any change to the ABI that could break a program.
6279 </footnote>
6280 Adding new symbols to the shared library is a
6281 backward-compatible change. Removing symbols from the shared
6282 library is not. Changing the behavior of a symbol may or may
6283 not be backward-compatible depending on the change; for
6284 example, changing a function to accept a new enum constant not
6285 previously used by the library is generally
6286 backward-compatible, but changing the members of a struct that
6287 is passed into library functions is generally not unless the
6288 library takes special precautions to accept old versions of
6289 the data structure.
6290 </p>
6292 <p>
6293 ABI changes that are not backward-compatible normally require
6295 shared library package name, which forces rebuilding all
6296 packages using that shared library to update their
6297 dependencies and allow them to use the new version of the
6298 shared library. For more information,
6300 section will deal with backward-compatible changes.
6301 </p>
6303 <p>
6304 Backward-compatible changes require either updating or
6308 more information on how to do this in the two formats, see
6310 rules that apply to both files.
6311 </p>
6313 <p>
6314 The easy case is when a public symbol is added. Simply add
6315 the version at which the symbol was introduced
6318 should be taken to update dependency versions when the
6319 behavior of a public symbol changes. This is easy to neglect,
6320 since there is no automated method of determining such
6321 changes, but failing to update versions in this case may
6322 result in binary packages with too-weak dependencies that will
6323 fail at runtime, possibly in ways that can cause security
6324 vulnerabilities. If the package maintainer believes that a
6325 symbol behavior change may have occurred but isn't sure, it's
6326 safer to update the version rather than leave it unmodified.
6327 This may result in unnecessarily strict dependencies, but it
6328 ensures that packages whose dependencies are satisfied will
6329 work properly.
6330 </p>
6332 <p>
6333 A common example of when a change to the dependency version
6334 is required is a function that takes an enum or struct
6335 argument that controls what the function does. For example:
6336 <example>
6337 enum library_op { OP_FOO, OP_BAR };
6338 int library_do_operation(enum library_op);
6339 </example>
6343 files) or the version in the dependency for the shared library
6346 binary built against the new version of the library (having
6347 detected at compile-time that the library
6351 function.
6352 </p>
6354 <p>
6357 Debian revision of the package, since the library behavior is
6358 normally fixed for a particular upstream version and any
6359 Debian packaging of that upstream version will have the same
6360 behavior. In the rare case that the library behavior was
6362 to the end of the version that includes the Debian revision is
6363 recommended, since this allows backports of the shared library
6364 package using the normal backport versioning convention to
6365 satisfy the dependency.
6366 </p>
6367 </sect1>
6372 <p>
6373 In the following sections, we will first describe where the
6377 shared library.
6378 </p>
6382 system</heading>
6384 <p>
6386 provided by the shared library package as a control file,
6387 but there are several override paths that are checked first
6388 in case that information is wrong or missing. The following
6389 list gives them in the order in which they are read
6391 the required information is used.
6392 <list>
6393 <item>
6396 <p>
6397 During the package build, if the package itself
6399 files, they will be generated in these staging
6402 files found in the build tree take precedence
6404 packages.
6405 </p>
6407 <p>
6408 These files must exist
6410 dependencies of binaries and libraries from a source
6411 package on other libraries from that same source
6412 package will not be correct. In practice, this means
6415 build.<footnote>
6416 An example may clarify. Suppose the source
6419 When building the binary packages, the contents of
6420 the packages are staged in the
6428 eventually to be included as a control file in that
6430 the
6432 it will examine
6435 dependencies are satisfied by any of the libraries
6437 were linked against the just-built shared library as
6442 the system.
6443 </footnote>
6444 </p>
6445 </item>
6447 <item>
6448 <p>
6451 </p>
6453 <p>
6454 Per-system overrides of shared library dependencies.
6455 These files normally do not exist. They are
6456 maintained by the local system administrator and must
6457 not be created by any Debian package.
6458 </p>
6459 </item>
6461 <item>
6463 installed on the system</p>
6465 <p>
6467 packages currently installed on the system are
6468 searched last. This will be the most common source of
6469 shared library dependency information. These files
6470 can be read with <tt>dpkg-query
6472 </p>
6473 </item>
6474 </list>
6475 </p>
6477 <p>
6479 in the source package, it will override
6484 </p>
6485 </sect2>
6490 <p>
6491 The following documents the format of
6493 packages. These files are built from
6497 do some of the tedious work involved in
6499 symbols or optional symbols that may not exist on particular
6501 a shared library package, refer
6503 richer syntax.
6504 </p>
6506 <p>
6508 for each shared library contained in the package
6510 the following format:
6511 </p>
6513 <p>
6514 <example>
6517 [...]
6519 [...]
6521 </example>
6522 </p>
6524 <p>
6526 package as an example, which (at the time of writing)
6527 installs the shared
6529 lines will be described first, followed by optional lines.
6530 </p>
6532 <p>
6536 This can be determined by using the command
6538 readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME
6539 </example>
6540 </footnote>
6541 </p>
6543 <p>
6545 dependency field in a binary package control file, except
6548 nothing if an unversioned dependency is deemed sufficient.
6549 The version restriction will be based on which symbols from
6550 the shared library are referenced and the version at which
6551 they were introduced (see below). In nearly all
6555 containing the shared library. This adds a simple,
6556 possibly-versioned dependency on the shared library package.
6557 In some rare cases, such as when multiple packages provide
6558 the same shared library ABI, the dependency template may
6559 need to be more complex.
6560 </p>
6562 <p>
6563 In our example, the first line of
6566 libz.so.1 zlib1g #MINVER#
6567 </example>
6568 </p>
6570 <p>
6571 Each public symbol exported by the shared library must have
6572 a corresponding symbol line, indented by one
6577 recent version of the shared library that changed the
6578 behavior of that symbol, whether by adding it, changing its
6579 function signature (the parameters, their types, or the
6580 return type), or changing its behavior in a way that is
6581 visible to a caller.
6583 field that references
6585 a full description.
6586 </p>
6588 <p>
6592 version and last changed its behavior in upstream
6597 the lines:
6601 </example>
6606 </p>
6608 <p>
6610 may be provided. These are used in cases where some symbols
6611 in the shared library should use one dependency template
6612 while others should use a different template. The
6613 alternative dependency templates are used only if a symbol
6615 field. The first alternative dependency template is
6617 An example of where this may be needed is with a library
6618 that implements the libGL interface. All GL
6619 implementations provide the same set of base interfaces,
6620 and then may provide some additional interfaces only used
6621 by programs that require that specific GL implementation.
6622 So, for example, libgl1-mesa-glx may use the
6624 <example>
6625 libGL.so.1 libgl1
6626 | libgl1-mesa-glx #MINVER#
6628 [...]
6630 [...]
6631 </example>
6632 Binaries or shared libraries using
6635 packages), but ones
6638 </footnote>
6639 </p>
6641 <p>
6642 Finally, the entry for the library may contain one or more
6643 metadata fields. Currently, the only
6647 package</qref> on which packages using this shared library
6648 declare a build dependency. If this field is
6650 the resulting binary package dependency on the shared
6651 library is at least as strict as the source package
6652 dependency on the shared library development
6653 package.<footnote>
6654 This field should normally not be necessary, since if the
6655 behavior of any symbol has changed, the corresponding
6658 system more robust by tightening the dependency in cases
6659 where the package using the shared library specifically
6660 requires at least a particular version of the shared
6661 library development package for some reason.
6662 </footnote>
6664 file would contain:
6666 * Build-Depends-Package: zlib1g-dev
6667 </example>
6668 </p>
6670 <p>
6672 </p>
6673 </sect2>
6678 <p>
6679 If your package provides a shared library, you should
6681 following the format described above in that package. You
6684 </p>
6686 <p>
6688 the source package
6692 information varies by architecture. This file may use the
6695 part of the package build process. It will
6697 area based on the binaries and libraries in the package
6699 source package.<footnote>
6700 If you are
6704 </footnote>
6705 </p>
6707 <p>
6709 them up-to-date to ensure correct dependencies in packages
6710 that use the shared libraries. This means updating
6713 whenever a symbol changes behavior or signature in a
6720 provided by the library normally requires changing
6724 </p>
6725 </sect2>
6726 </sect1>
6731 <p>
6734 shared libraries. It may be more appropriate for C++
6735 libraries and other cases where tracking individual symbols is
6737 therefore frequently seen in older packages. It is also
6739 </p>
6741 <p>
6742 In the following sections, we will first describe where the
6746 </p>
6750 system</heading>
6752 <p>
6754 found. The following list gives them in the order in which
6756 one which gives the required information is used.)
6757 <list>
6758 <item>
6761 <p>
6762 This lists overrides for this package. This file
6763 should normally not be used, but may be needed
6764 temporarily in unusual situations to work around bugs
6765 in other packages, or in unusual cases where the
6766 normally declared dependency information in the
6768 cannot be used. This file overrides information
6769 obtained from any other source.
6770 </p>
6771 </item>
6773 <item>
6776 <p>
6777 This lists global overrides. This list is normally
6778 empty. It is maintained by the local system
6779 administrator.
6780 </p>
6781 </item>
6783 <item>
6787 <p>
6788 These files are generated as part of the package build
6789 process and staged for inclusion as control files in
6790 the binary packages being built. They provide details
6791 of any shared libraries included in the same package.
6792 </p>
6793 </item>
6795 <item>
6797 installed on the system</p>
6799 <p>
6801 packages currently installed on the system. These
6802 files can be read using <tt>dpkg-query
6804 </p>
6805 </item>
6807 <item>
6810 <p>
6811 This file lists any shared libraries whose packages
6814 was first introduced, but it is now normally empty.
6816 </p>
6817 </item>
6818 </list>
6819 </p>
6821 <p>
6827 </p>
6828 </sect2>
6833 <p>
6836 are ignored. Each line is of the form:
6838 [<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
6839 </example>
6840 </p>
6842 <p>
6843 We will explain this by reference to the example of the
6845 installs the shared
6847 </p>
6849 <p>
6851 type of package for which the line is valid. The only type
6853 after the type are required.
6854 </p>
6856 <p>
6859 of the soname, see below.)
6860 </p>
6862 <p>
6866 recommended shared library package name is determined.
6868 </p>
6870 <p>
6872 field in a binary package control file. It should give
6873 details of which packages are required to satisfy a binary
6874 built against the version of the library contained in the
6877 to maintain the dependency version constraint.
6878 </p>
6880 <p>
6882 package that could change behavior for a client of that
6887 </example>
6888 This version restriction must be new enough that any binary
6889 built against the current version of the library will work
6890 with any version of the shared library that satisfies that
6891 dependency.
6892 </p>
6894 <p>
6895 As zlib1g also provides a udeb containing the shared
6896 library, there would also be a second line:
6899 </example>
6900 </p>
6901 </sect2>
6903 <sect2>
6906 <p>
6909 the format described above and place it in
6911 the build. It will then be included as a control file for
6912 that package<footnote>
6915 package also has a udeb that provides a shared
6919 </footnote>.
6920 </p>
6922 <p>
6925 packages being built from this source package, all of
6928 binary packages.
6929 </p>
6930 </sect2>
6931 </sect1>
6932 </sect>
6933 </chapt>
6938 <sect>
6945 <p>
6946 The location of all files and directories must comply with the
6947 Filesystem Hierarchy Standard (FHS), version 2.3, with the
6948 exceptions noted below, and except where doing so would
6949 violate other terms of Debian Policy. The following
6950 exceptions to the FHS apply:
6952 <enumlist>
6953 <item>
6954 <p>
6955 The FHS requirement that architecture-independent
6956 application-specific static files be located in
6960 be used by a package (or a collection of packages) to hold a
6961 mixture of architecture-independent and
6962 architecture-dependent files. However, when a directory is
6963 entirely composed of architecture-independent files, it
6965 </p>
6966 </item>
6967 <item>
6968 <p>
6969 The optional rules related to user specific
6970 configuration files for applications are stored in
6971 the user's home directory are relaxed. It is
6972 recommended that such files start with the
6974 application needs to create more than one dot file
6975 then the preferred placement is in a subdirectory
6976 with a name starting with a '.' character, (a "dot
6977 directory"). In this case it is recommended the
6978 configuration files not start with the '.'
6979 character.
6980 </p>
6981 </item>
6982 <item>
6983 <p>
6985 for 64 bit binaries is removed.
6986 </p>
6987 </item>
6988 <item>
6989 <p>
6990 The requirement for object files, internal binaries, and
6994 to instead be installed to
7001 than the one matching the architecture of that package;
7003 containing 32-bit x86 libraries may not install these
7005 <footnote>
7006 This is necessary in order to reserve the directories for
7007 use in cross-installation of library packages from other
7009 </footnote>
7010 </p>
7011 <p>
7012 The requirement for C and C++ headers files to be
7013 accessible through the search path
7015 be accessible through the search path
7018 This is necessary for architecture-dependent headers
7020 </footnote>
7021 </p>
7022 <p>
7023 Applications may also use a single subdirectory under
7025 </p>
7026 <p>
7027 The execution time linker/loader, ld*, must still be made
7028 available in the existing location under /lib or /lib64
7029 since this is part of the ELF ABI for the architecture.
7030 </p>
7031 </item>
7032 <item>
7033 <p>
7034 The requirement that
7037 recommendation</p>
7038 </item>
7039 <item>
7040 <p>
7041 The requirement that windowmanagers with a single
7043 is removed, as is the restriction that the window
7044 manager subdirectory be named identically to the
7045 window manager name itself.
7046 </p>
7047 </item>
7048 <item>
7049 <p>
7050 The requirement that boot manager configuration
7052 symlinked there, is relaxed to a recommendation.
7053 </p>
7054 </item>
7055 <item>
7056 <p>
7067 naming conventions, file format requirements, or the
7068 requirement that files be cleared during the boot
7069 process. Files and directories residing
7071 file system.
7072 </p>
7073 <p>
7075 directory exists or is usable without a dependency
7078 </p>
7079 </item>
7080 <item>
7081 <p>
7083 additionally allowed. <footnote>This directory is used as
7084 mount point to mount virtual filesystems to get access to
7085 kernel information.</footnote>
7086 </p>
7087 </item>
7088 <item>
7089 <p>
7091 </p>
7092 </item>
7093 <item>
7094 <p>
7101 </p>
7102 </item>
7103 <item>
7104 <p>
7105 On GNU/Hurd systems, the following additional
7106 directories are allowed in the root
7109 These directories are used to store translators and as
7110 a set of standard names for mount points,
7111 respectively.
7112 </footnote>
7113 </p>
7114 </item>
7115 </enumlist>
7116 </p>
7118 <p>
7119 The version of this document referred here can be
7124 you can try <url
7127 latest version, which may be a more recent version, may
7128 be found on
7130 Specific questions about following the standard may be
7132 referred to the FHS mailing list (see the
7134 more information).
7135 </p>
7136 </sect1>
7138 <sect1>
7141 <p>
7142 As mandated by the FHS, packages must not place any
7145 or by manipulating them in their maintainer scripts.
7146 </p>
7148 <p>
7149 However, the package may create empty directories below
7151 where to place site-specific files. These are not
7155 should be removed on package removal if they are
7156 empty.
7157 </p>
7159 <p>
7160 Note that this applies only to
7163 not create sub-directories in the
7165 listed in FHS, section 4.5. However, you may create
7166 directories below them as you wish. You must not remove
7167 any of the directories listed in 4.5, even if you created
7168 them.
7169 </p>
7171 <p>
7173 remote server, these directories must be created and
7175 maintainer scripts and not be included in the
7177 either of these operations fail.
7178 </p>
7180 <p>
7182 contain something like
7184 if [ ! -e /usr/local/share/emacs ]; then
7186 if chown root:staff /usr/local/share/emacs; then
7187 chmod 2775 /usr/local/share/emacs || true
7188 fi
7189 fi
7190 fi
7191 </example>
7196 </example>
7198 used to ensure that if the script is interrupted, the
7200 removed.)
7201 </p>
7203 <p>
7205 local additions to a package, you should ensure that
7208 </p>
7210 <p>
7212 for exclusive use of the local administrator, a package
7213 must not rely on the presence or absence of files or
7215 </p>
7217 <p>
7219 subdirectories created by the package should (by default) have
7220 permissions 2775 (group-writable and set-group-id) and be
7222 </p>
7223 </sect1>
7225 <sect1>
7227 <p>
7228 The system-wide mail directory
7230 base system and should not be owned by any particular mail
7231 agents. The use of the old
7233 though the spool may still be physically located there.
7234 </p>
7235 </sect1>
7240 <p>
7242 by being a mount point for a temporary file system. Packages
7243 therefore must not assume that any files or directories
7245 exist unless the package has arranged to create those files or
7246 directories since the last reboot. Normally, this is done by
7248 for more information.
7249 </p>
7251 <p>
7252 Packages must not include files or directories
7255 The latter paths will normally be symlinks or other
7257 </p>
7258 </sect1>
7259 </sect>
7261 <sect>
7264 <sect1>
7266 <p>
7267 The Debian system can be configured to use either plain or
7268 shadow passwords.
7269 </p>
7271 <p>
7272 Some user ids (UIDs) and group ids (GIDs) are reserved
7273 globally for use by certain packages. Because some
7274 packages need to include files which are owned by these
7275 users or groups, or need the ids compiled into binaries,
7276 these ids must be used on any Debian system only for the
7277 purpose for which they are allocated. This is a serious
7278 restriction, and we should avoid getting in the way of
7279 local administration policies. In particular, many sites
7280 allocate users and/or local system groups starting at 100.
7281 </p>
7283 <p>
7284 Apart from this we should have dynamically allocated ids,
7285 which should by default be arranged in some sensible
7286 order, but the behavior should be configurable.
7287 </p>
7289 <p>
7293 </p>
7294 </sect1>
7296 <sect1>
7298 <p>
7299 The UID and GID numbers are divided into classes as
7300 follows:
7301 <taglist>
7303 <item>
7304 <p>
7305 Globally allocated by the Debian project, the same
7306 on every Debian system. These ids will appear in
7308 Debian systems, new ids in this range being added
7310 updated.
7311 </p>
7313 <p>
7314 Packages which need a single statically allocated
7315 uid or gid should use one of these; their
7317 maintainer for ids.
7318 </p>
7319 </item>
7322 <item>
7323 <p>
7324 Dynamically allocated system users and groups.
7325 Packages which need a user or group, but can have
7326 this user or group allocated dynamically and
7327 differently on each system, should use <tt>adduser
7328 --system</tt> to create the group and/or user.
7330 the user or group, and if necessary choose an unused
7331 id based on the ranges specified in
7333 </p>
7334 </item>
7337 <item>
7338 <p>
7339 Dynamically allocated user accounts. By default
7341 user accounts in this range, though
7343 behavior.
7344 </p>
7345 </item>
7348 <item>
7349 <p>
7350 Globally allocated by the Debian project, but only
7351 created on demand. The ids are allocated centrally
7352 and statically, but the actual accounts are only
7353 created on users' systems on demand.
7354 </p>
7356 <p>
7357 These ids are for packages which are obscure or
7358 which require many statically-allocated ids. These
7359 packages should check for and create the accounts in
7362 necessary. Packages which are likely to require
7363 further allocations should have a "hole" left after
7364 them in the allocation, to give them room to
7365 grow.
7366 </p>
7367 </item>
7370 <item>
7372 </item>
7375 <item>
7376 <p>
7379 </p>
7380 </item>
7383 <item>
7384 <p>
7387 was 16 bits.
7388 </p>
7389 </item>
7392 <item>
7393 <p>
7394 Dynamically allocated user accounts. By
7396 and GIDs in this range, to ease compatibility with
7398 bits.
7399 </p>
7400 </item>
7403 <item>
7404 <p>
7406 used, because it is used as the anonymous, unauthenticated
7407 user by some NFS implementations.
7408 </p>
7409 </item>
7412 <item>
7413 <p>
7415 not</em> be used, because it is the error return
7416 sentinel value.
7417 </p>
7418 </item>
7419 </taglist>
7420 </p>
7421 </sect1>
7422 </sect>
7430 <p>
7435 </p>
7437 <p>
7438 There are at least two different, yet functionally
7439 equivalent, ways of handling these scripts. For the sake
7440 of simplicity, this document describes only the symbolic
7441 link method. However, it must not be assumed by maintainer
7442 scripts that this method is being used, and any automated
7443 manipulation of the various runlevel behaviors by
7444 maintainer scripts must be performed using
7446 manually installing or removing symlinks. For information
7447 on the implementation details of the other method,
7449 to the documentation of that package.
7450 </p>
7452 <p>
7453 These scripts are referenced by symbolic links in the
7459 scripts.
7460 </p>
7462 <p>
7463 The names of the links all have the form
7467 is the name of the script (this should be the same as the
7469 </p>
7471 <p>
7480 link for starting services upon entering the runlevel.
7481 </p>
7483 <p>
7484 For example, if we are changing from runlevel 2 to
7489 referred-to file to be executed with an argument of
7492 </p>
7494 <p>
7496 the order in which to run the scripts: low-numbered links
7497 have their scripts run first. For example, the
7500 must be started before another. For example, the name
7503 can set up its access lists. In this case, the script
7506 runs first:
7508 /etc/rc2.d/S17bind
7509 /etc/rc2.d/S70inn
7510 </example>
7511 </p>
7513 <p>
7515 different. In these runlevels, the links with an
7519 </p>
7520 </sect1>
7525 <p>
7526 Packages that include daemons for system services should
7528 services at boot time or during a change of runlevel.
7529 These scripts should be named
7531 accept one argument, saying what to do:
7533 <taglist>
7541 <item>stop and restart the service if it's already running,
7542 otherwise start the service</item>
7545 <item><p>cause the configuration of the service to be
7546 reloaded without actually stopping and restarting
7547 the service,</item>
7550 <item>cause the configuration to be reloaded if the
7551 service supports this, otherwise restart the
7552 service.</item>
7553 </taglist>
7558 option is optional.
7559 </p>
7561 <p>
7563 behave sensibly (i.e., returning success and not starting
7566 when it isn't, and that they don't kill unfortunately-named
7567 user processes. The best way to achieve this is usually to
7569 option.
7570 </p>
7572 <p>
7575 accepting various error exit statuses when daemons are already
7576 running or already stopped without aborting
7579 in effect<footnote>
7582 in effect and echoing status messages to the console fails,
7583 for example.
7586 each command separately.
7587 </p>
7589 <p>
7590 If a service reloads its configuration automatically (as
7593 should behave as if the configuration has been reloaded
7594 successfully.
7595 </p>
7597 <p>
7599 configuration files, either (if they are present in the
7600 package, that is, in the .deb file) by marking them as
7602 by managing them correctly in the maintainer scripts (see
7604 to give the local system administrator the chance to adapt
7605 the scripts to the local system, e.g., to disable a
7606 service without de-installing the package, or to specify
7607 some special command line options when starting a service,
7608 while making sure their changes aren't lost during the next
7609 package upgrade.
7610 </p>
7612 <p>
7613 These scripts should not fail obscurely when the
7614 configuration files remain but the package has been
7615 removed, as configuration files remain on the system after
7618 configuration files be removed. In particular, as the
7621 if the package is removed but not purged. Therefore, you
7623 script, like this:
7626 </example>
7627 </p>
7629 <p>
7631 scripts whose values control the behavior of the scripts,
7632 and which a system administrator is likely to want to
7633 change. As the scripts themselves are frequently
7635 administrator merge in their changes each time the package
7637 the burden on the system administrator, such configurable
7638 values should not be placed directly in the script.
7639 Instead, they should be placed in a file in
7642 should be sourced by the script when the script runs. It
7643 must contain only variable settings and comments in SUSv3
7647 for more details.
7648 </p>
7650 <p>
7651 To ensure that vital configurable values are always
7653 values for each of the shell variables it uses, either
7655 afterwards using something like the <tt>:
7657 script must behave sensibly and not fail if the
7659 </p>
7661 <p>
7665 filesystem and are normally not persistent across a reboot.
7667 This will typically mean creating any required subdirectories
7670 </p>
7671 </sect1>
7673 <sect1>
7676 <p>
7677 Maintainers should use the abstraction layer provided by
7679 programs to deal with initscripts in their packages'
7682 </p>
7684 <p>
7685 Directly managing the /etc/rc?.d links and directly
7687 be done only by packages providing the initscript
7690 </p>
7692 <sect2>
7695 <p>
7697 package maintainers to arrange for the proper creation and
7699 or their functional equivalent if another method is being
7700 used. This may be used by maintainers in their packages'
7702 </p>
7704 <p>
7706 symbolic links in the actual archive or manually create or
7707 remove the symbolic links in maintainer scripts; you must
7709 former will fail if an alternative method of maintaining
7710 runlevel information is being used.) You must not include
7713 package may do so.)
7714 </p>
7716 <p>
7719 and stop them in the halt runlevel (0), the single-user
7721 administrator will have the opportunity to customize
7722 runlevels by simply adding, moving, or removing the
7724 symbolic links are being used, or by modifying
7726 is being used.
7727 </p>
7729 <p>
7730 To get the default behavior for your package, put in your
7734 </example>
7737 if [ "$1" = purge ]; then
7739 fi
7740 </example>. Note that if your package changes runlevels
7741 or priority, you may have to remove and recreate the links,
7742 since otherwise the old links may persist. Refer to the
7744 </p>
7746 <p>
7747 This will use a default sequence number of 20. If it does
7749 script is run, use this default. If it does, then you
7752 help you choose a number.
7753 </p>
7755 <p>
7759 </p>
7760 </sect2>
7762 <sect2>
7764 <p>
7766 it easier for package maintainers to properly invoke an
7767 initscript, obeying runlevel and other locally-defined
7768 constraints that might limit a package's right to start,
7769 stop and otherwise manage services. This program may be
7770 used by maintainers in their packages' scripts.
7771 </p>
7773 <p>
7774 The package maintainer scripts must use
7777 calling them directly.
7778 </p>
7780 <p>
7782 action requests (start, stop, reload, restart...) to the
7784 to start or restart a service out of its intended
7785 runlevels.
7786 </p>
7788 <p>
7789 Most packages will simply need to change:
7796 else
7798 fi
7799 </example>
7800 </p>
7802 <p>
7803 A package should register its initscript services using
7806 unregistered services may fail.
7807 </p>
7809 <p>
7810 For more information about using
7813 </p>
7814 </sect2>
7815 </sect1>
7817 <sect1>
7820 <p>
7822 which contained scripts which were run once per machine
7823 boot. This has been deprecated in favour of links from
7827 </p>
7828 </sect1>
7830 <sect1>
7833 <p>
7834 An example on which you can base your
7837 </p>
7839 </sect1>
7840 </sect>
7842 <sect>
7845 <p>
7846 This section describes the formats to be used for messages
7848 scripts. The intent is to improve the consistency of
7849 Debian's startup and shutdown look and feel. For this
7850 reason, please look very carefully at the details. We want
7851 the messages to have the same format in terms of wording,
7852 spaces, punctuation and case of letters.
7853 </p>
7855 <p>
7856 Here is a list of overall rules that should be used for
7858 </p>
7860 <p>
7861 <list>
7862 <item>
7863 The message should fit in one line (fewer than 80
7864 characters), start with a capital letter and end with
7866 </item>
7868 <item>
7869 If the script is performing some time consuming task in
7870 the background (not merely starting or stopping a
7871 program, for instance), an ellipsis (three dots:
7873 leading or tailing whitespace or line feeds.
7874 </item>
7876 <item>
7877 The messages should appear as if the computer is telling
7878 the user what it is doing (politely :-), but should not
7879 mention "it" directly. For example, instead of:
7881 I'm starting network daemons: nfsd mountd.
7882 </example>
7883 the message should say
7885 Starting network daemons: nfsd mountd.
7886 </example>
7887 </item>
7888 </list>
7889 </p>
7891 <p>
7893 message formats for the situations enumerated below.
7894 </p>
7896 <p>
7897 <list>
7898 <item>
7901 <p>
7902 If the script starts one or more daemons, the output
7903 should look like this (a single line, no leading
7904 spaces):
7907 </example>
7909 subsystem the daemon or set of daemons are part of,
7911 denote each daemon's name (typically the file name of
7912 the program).
7913 </p>
7915 <p>
7917 would look like:
7919 Starting printer spooler: lpd.
7920 </example>
7921 </p>
7923 <p>
7924 This can be achieved by saying
7926 echo -n "Starting printer spooler: lpd"
7927 start-stop-daemon --start --quiet --exec /usr/sbin/lpd
7928 echo "."
7929 </example>
7930 in the script. If there are more than one daemon to
7931 start, the output should look like this:
7933 echo -n "Starting remote file system services:"
7934 echo -n " nfsd"; start-stop-daemon --start --quiet nfsd
7935 echo -n " mountd"; start-stop-daemon --start --quiet mountd
7936 echo -n " ugidd"; start-stop-daemon --start --quiet ugidd
7937 echo "."
7938 </example>
7939 This makes it possible for the user to see what is
7940 happening and when the final daemon has been started.
7941 Care should be taken in the placement of white spaces:
7942 in the example above the system administrators can
7943 easily comment out a line if they don't want to start
7944 a specific daemon, while the displayed message still
7945 looks good.
7946 </p>
7947 </item>
7949 <item>
7952 <p>
7953 If you have to set up different system parameters
7954 during the system boot, you should use this format:
7957 </example>
7958 </p>
7960 <p>
7961 You can use a statement such as the following to get
7962 the quotes right:
7965 </example>
7966 </p>
7968 <p>
7970 for the left and right quotation marks. A grave accent
7973 </p>
7974 </item>
7976 <item>
7979 <p>
7980 When you stop or restart a daemon, you should issue a
7981 message identical to the startup message, except that
7984 </p>
7986 <p>
7987 For example, stopping the printer daemon will look like
7988 this:
7990 Stopping printer spooler: lpd.
7991 </example>
7992 </p>
7993 </item>
7995 <item>
7998 <p>
7999 There are several examples where you have to run a
8000 program at system startup or shutdown to perform a
8001 specific task, for example, setting the system's clock
8003 when the system shuts down. Your message should look
8004 like this:
8006 Doing something very useful...done.
8007 </example>
8009 the job has been completed, so that the user is
8010 informed why they have to wait. You can get this
8011 behavior by saying
8013 echo -n "Doing something very useful..."
8014 do_something
8015 echo "done."
8016 </example>
8017 in your script.
8018 </p>
8019 </item>
8021 <item>
8024 <p>
8025 When a daemon is forced to reload its configuration
8026 files you should use the following format:
8029 </example>
8031 daemon starting message.
8032 </p>
8033 </item>
8034 </list>
8035 </p>
8036 </sect>
8041 <p>
8042 Packages must not modify the configuration file
8045 </p>
8047 <p>
8048 If a package wants to install a job that has to be executed via
8049 cron, it should place a file named as specified
8051 directories:
8053 /etc/cron.hourly
8054 /etc/cron.daily
8055 /etc/cron.weekly
8056 /etc/cron.monthly
8057 </example>
8058 As these directory names imply, the files within them are
8059 executed on an hourly, daily, weekly, or monthly basis,
8060 respectively. The exact times are listed in
8062 </p>
8064 <p>
8065 All files installed in any of these directories must be
8066 scripts (e.g., shell scripts or Perl scripts) so that they
8067 can easily be modified by the local system administrator.
8068 In addition, they must be treated as configuration files.
8069 </p>
8071 <p>
8072 If a certain job has to be executed at some other frequency or
8073 at a specific time, the package should install a file in
8078 treated as a configuration file. (Note that entries in the
8081 directory for jobs which may be skipped if the system is not
8082 running.)
8083 </p>
8085 <p>
8092 <enumlist>
8100 </enumlist>
8101 Ranges of numbers are allowed. Ranges are two numbers
8102 separated with a hyphen. The specified range is inclusive.
8103 Lists are allowed. A list is a set of numbers (or ranges)
8104 separated by commas. Step values can be used in conjunction
8105 with ranges.
8106 </p>
8108 <p>
8110 check if all necessary programs are installed before they
8111 try to execute them. Otherwise, problems will arise when a
8112 package was removed but not purged since configuration files
8113 are kept on the system in this situation.
8114 </p>
8116 <p>
8120 must also support names for days and months, ranges, and
8122 and correctly execute the scripts in
8124 execute scripts in
8126 </p>
8131 <p>
8132 The file name of a cron job file should normally match the
8133 name of the package from which it comes.
8134 </p>
8136 <p>
8137 If a package supplies multiple cron job files files in the
8138 same directory, the file names should all start with the name
8139 of the package (possibly modified as described below) followed
8141 </p>
8143 <p>
8144 A cron job file name must not include any period or plus
8148 characters.
8149 </p>
8150 </sect1>
8151 </sect>
8156 <p>
8157 Packages shipping applications that comply with minimal requirements
8158 described below for integration with desktop environments should
8159 register these applications in the desktop menu, following the
8164 and complementary information can be found in the
8167 </p>
8169 <p>
8170 The desktop entry files are installed by the packages in the
8173 not necessary to depend on packages providing FreeDesktop menu
8174 systems.
8175 </p>
8177 <p>
8178 Entries displayed in the FreeDesktop menu should conform to the
8179 following minima for relevance and visual integration.
8181 <list>
8182 <item>
8183 Unless hidden by default, the desktop entry must point to a PNG
8184 or SVG icon with a transparent background, providing at least
8186 should be neutral enough to integrate well with the default icon
8187 themes. It is encouraged to ship the icon in the default
8190 </item>
8192 <item>
8193 If the menu entry is not useful in the general case as a
8194 standalone application, the desktop entry should set the
8196 configured to be displayed only by those who need it.
8197 </item>
8199 <item>
8200 In doubt, the package maintainer should coordinate with the
8201 maintainers of menu implementations through the
8203 with categories or bad interactions with other icons. Especially
8204 for packages which are part of installation tasks, the contents
8206 validated by the maintainers of the relevant environments.
8207 </item>
8208 </list>
8209 </p>
8211 <p>
8212 Since the FreeDesktop menu is a cross-distribution standard, the
8213 desktop entries written for Debian should be forwarded upstream,
8214 where they will benefit to other users and are more likely to
8215 receive extra contributions such as translations.
8216 </p>
8218 <p>
8219 Packages can, to be compatible with Debian additions to some window
8220 managers that do not support the FreeDesktop standard, also provide a
8226 </p>
8227 </sect>
8232 <p>
8233 Media types (formerly known as MIME types, Multipurpose Internet Mail
8235 data streams and providing meta-information about them, in particular
8238 </p>
8240 <p>
8241 Registration of media type handlers allows programs like mail
8242 user agents and web browsers to invoke these handlers to
8243 view, edit or display media types they don't support directly.
8244 </p>
8246 <p>
8247 There are two overlapping systems to associate media types to programs
8250 aimed at Desktop environments. In Debian, FreeDesktop entries are
8251 automatically translated in mailcap entries, therefore packages
8252 already using desktop entries should not use the mailcap system
8253 directly.
8254 </p>
8259 <p>
8260 Packages shipping an application able to view, edit or point to
8261 files of a given media type, or open links with a given URI scheme,
8266 </p>
8267 </sect1>
8272 <p>
8273 Packages that are not using desktop entries for registration should
8276 file name should be the binary package's name.
8277 </p>
8279 <p>
8283 triggers<footnote>
8284 Creating, modifying or removing a file in
8286 not activate the trigger. In that case, it can be done by calling
8288 the maintainer script after creating, modifying, or removing
8289 the file.
8290 </footnote>.
8292 <p>
8293 Packages installing desktop entries should not install mailcap
8294 entries for the same program, because the
8296 entries.
8297 </p>
8299 <p>
8302 </p>
8303 </sect1>
8308 <p>
8309 The media type of a file is discovered by inspecting the file's
8311 interrogating a database associating them with media types.
8312 </p>
8314 <p>
8315 To support new associations between media types and files, their
8316 characteristic file extensions and magic patterns should be
8317 registered to the IANA (Internet Assigned Numbers Authority). See
8319 for details. This information will then propagate to the systems
8320 discovering file media types in Debian, provided by the
8323 packages. If registration and propagation can not be waited for,
8324 support can be asked to the maintainers of the packages mentioned
8325 above.
8326 </p>
8328 <p>
8329 For files that are produced and read by a single application, it
8330 is also possible to declare this association to the
8334 </p>
8335 </sect1>
8336 </sect>
8338 <sect>
8341 <p>
8342 To achieve a consistent keyboard configuration so that all
8343 applications interpret a keyboard event the same way, all
8344 programs in the Debian distribution must be configured to
8345 comply with the following guidelines.
8346 </p>
8348 <p>
8349 The following keys must have the specified interpretations:
8351 <taglist>
8360 </taglist>
8362 The interpretation of any keyboard events should be
8363 independent of the terminal that is used, be it a virtual
8364 console, an X terminal emulator, an rlogin/telnet session,
8365 etc.
8366 </p>
8368 <p>
8369 The following list explains how the different programs
8370 should be set up to achieve this:
8371 </p>
8373 <p>
8374 <list>
8375 <item>
8377 </item>
8379 <item>
8381 </item>
8383 <item>
8384 X translations are set up to make
8387 is the vt220 escape code for the "delete character"
8388 key). This must be done by loading the X resources
8390 using the application defaults, so that the
8391 translation resources used correspond to the
8393 </item>
8395 <item>
8396 The Linux console is configured to make
8399 </item>
8401 <item>
8404 applications already work like this.
8405 </item>
8407 <item>
8409 </item>
8411 <item>
8415 </item>
8417 <item>
8423 </item>
8425 <item>
8428 with ASCII DEL being "delete previous character" and
8430 cursor".
8431 </item>
8433 </list>
8434 </p>
8436 <p>
8437 This will solve the problem except for the following
8438 cases:
8439 </p>
8441 <p>
8442 <list>
8443 <item>
8446 these terminals Emacs help will be unavailable on
8448 character takes precedence in Emacs, and has been set
8450 available) can be used instead.
8451 </item>
8453 <item>
8455 erase</tt>. However, modern telnet versions and all
8459 correctly, things can be made to work by using
8461 </item>
8463 <item>
8464 Some systems (including previous Debian versions) use
8468 their X clients using the same X resources that we use
8469 to do it for our own clients, or configure our clients
8470 using their resources when things are the other way
8471 around. On displays configured like this
8473 will.
8474 </item>
8476 <item>
8481 log in from a system conforming to our policy, but
8483 </item>
8484 </list>
8485 </p>
8486 </sect>
8488 <sect>
8491 <p>
8492 A program must not depend on environment variables to get
8493 reasonable defaults. (That's because these environment
8494 variables would have to be set in a system-wide
8496 supported by all shells.)
8497 </p>
8499 <p>
8500 If a program usually depends on environment variables for its
8501 configuration, the program should be changed to fall back to
8502 a reasonable default configuration if these environment
8503 variables are not present. If this cannot be done easily
8504 (e.g., if the source code of a non-free program is not
8505 available), the program must be replaced by a small
8506 "wrapper" shell script which sets the environment variables
8507 if they are not already defined, and calls the original program.
8508 </p>
8510 <p>
8511 Here is an example of a wrapper script for this purpose:
8514 #!/bin/sh
8515 BAR=${BAR:-/var/lib/fubar}
8516 export BAR
8517 exec /usr/lib/foo/foo "$@"
8518 </example>
8519 </p>
8521 <p>
8524 not put any environment variables or other commands into that
8525 file.
8526 </p>
8527 </sect>
8532 <p>
8534 flexible mechanism for handling and presenting
8535 documentation. The recommended practice is for every Debian
8536 package that provides online documentation (other than just
8537 manual pages) to register these documents with
8541 </p>
8542 <p>
8543 Please refer to the documentation that comes with the
8545 details.
8546 </p>
8547 </sect>
8551 <p>
8552 A number of other init systems are available now in Debian that
8554 init implementations must support running SysV init scripts as
8556 </p>
8557 <p>
8558 Packages may integrate with these replacement init systems by
8559 providing implementation-specific configuration information about
8560 how and when to start a service or in what order to run certain
8561 tasks at boot time. However, any package integrating with other
8562 init systems must also be backwards-compatible with
8564 with the same name as and equivalent functionality to any
8565 init-specific job, as this is the only start-up configuration
8566 method guaranteed to be supported by all init implementations. An
8567 exception to this rule is scripts or jobs provided by the init
8568 implementation itself; such jobs may be required for an
8570 scripts and may not have a one-to-one correspondence with the init
8571 scripts.
8572 </p>
8576 <p>
8578 boot system by installing job files in the
8580 an equivalent upstart job is available must query the output of
8583 upstart job, using a test such as this:
8586 then
8587 exit 1
8588 fi
8589 </example>
8590 </p>
8591 <p>
8592 Because packages shipping upstart jobs may be installed on
8593 systems that are not using upstart, maintainer scripts must
8596 and for starting and stopping services. These maintainer
8599 interfaces directly. Instead, implementations of
8601 when an upstart job with the same name as an init script is
8602 present, and perform the requested action using the upstart job
8603 instead of the init script.
8604 </p>
8605 <p>
8606 Dependency-based boot managers for SysV init scripts, such as
8608 entirely when an equivalent upstart job is present, to avoid
8609 unnecessary forking of no-op init scripts. In this case, the
8610 boot manager should integrate with upstart to detect when the
8611 upstart job in question is started or stopped to know when the
8612 dependency has been satisfied.
8613 </p>
8614 </sect1>
8615 </sect>
8617 </chapt>
8626 <p>
8627 Two different packages must not install programs with
8628 different functionality but with the same filenames. (The
8629 case of two programs having the same functionality but
8630 different implementations is handled via "alternatives" or
8633 one of the programs must be renamed. The maintainers should
8635 try to find a consensus about which program will have to be
8637 programs must be renamed.
8638 </p>
8639 <p>
8645 </p>
8646 <p>
8649 package, and a compatibility symlink at the old path is needed,
8650 the symlink must be managed in a way that will not break
8653 directory due to symlinks or other mechanisms.
8654 </p>
8655 <p>
8656 Binary executables must not be statically linked with the GNU C
8657 library, since this prevents the binary from benefiting from
8658 fixes and improvements to the C library without being rebuilt
8659 and complicates security updates. This requirement may be
8660 relaxed for binary executables whose intended purpose is to
8661 diagnose and fix the system in situations where the GNU C
8662 library may not be usable (such as system recovery shells or
8663 utilities like ldconfig) or for binary executables where the
8664 security benefits of static linking outweigh the drawbacks.
8665 </p>
8666 <p>
8667 By default, when a package is being built, any binaries
8668 created should include debugging information, as well as
8669 being compiled with optimization. You should also turn on
8670 as many reasonable compilation warnings as possible; this
8671 makes life easier for porters, who can then look at build
8672 logs for possible problems. For the C programming language,
8673 this means the following compilation parameters should be
8674 used:
8676 CC = gcc
8677 CFLAGS = -O2 -g -Wall # sane warning options vary between programs
8678 LDFLAGS = # none
8679 INSTALL = install -s # (or use strip on the files in debian/tmp)
8680 </example>
8681 </p>
8683 <p>
8684 Note that by default all installed binaries should be stripped,
8687 the binaries after they have been copied into
8689 package.
8690 </p>
8692 <p>
8693 Although binaries in the build tree should be compiled with
8694 debugging information by default, it can often be difficult to
8695 debug programs if they are also subjected to compiler
8696 optimization. For this reason, it is recommended to support the
8699 several flags to change how a package is compiled and built.
8700 </p>
8702 <p>
8703 It is up to the package maintainer to decide what
8704 compilation options are best for the package. Certain
8705 binaries (such as computationally-intensive programs) will
8707 example); feel free to use them. Please use good judgment
8708 here. Don't use flags for the sake of it; only use them
8709 if there is good reason to do so. Feel free to override
8710 the upstream author's ideas about which compilation
8711 options are best: they are often inappropriate for our
8712 environment.
8713 </p>
8714 </sect>
8720 <p>
8722 the shared library compilation and linking flags must have
8724 the supported architectures<footnote>
8725 <p>
8727 relocatable position independent code, which is required for
8728 most architectures to create a shared library, with i386 and
8729 perhaps some others where non position independent code is
8730 permitted in a shared library.
8731 </p>
8732 <p>
8733 Position independent code may have a performance penalty,
8735 speed penalty must be measured against the memory wasted on
8736 the few architectures where non position independent code is
8737 even possible.
8738 </p>
8739 </footnote>. Any exception to this rule must be discussed on
8741 a rough consensus obtained. The reasons for not compiling
8745 be used on architectures where it is required.<footnote>
8746 <p>
8747 Some of the reasons why this might be required is if the
8748 library contains hand crafted assembly code that is not
8749 relocatable, the speed penalty is excessive for compute
8750 intensive libs, and similar reasons.
8751 </p>
8752 </footnote>
8753 </p>
8754 <p>
8755 As to the static libraries, the common case is not to have
8756 relocatable code, since there is no benefit, unless in specific
8757 cases; therefore the static version must not be compiled
8759 should be discussed on the mailing list
8763 <p>
8764 Some of the reasons for linking static libraries with
8766 Perl API for a library that is under rapid development,
8767 and has an unstable API, so shared libraries are
8768 pointless at this phase of the library's development. In
8769 that case, since Perl needs a library with relocatable
8770 code, it may make sense to create a static library with
8771 relocatable code. Another reason cited is if you are
8772 distilling various libraries into a common shared
8774 installer project.
8775 </p>
8776 </footnote>
8777 </p>
8778 <p>
8779 In other words, if both a shared and a static library is
8781 for C files) will need to be compiled twice, for the normal
8782 case.
8783 </p>
8785 <p>
8786 Libraries should be built with threading support and to be
8787 thread-safe if the library supports this.
8788 </p>
8790 <p>
8791 Although not enforced by the build tools, shared libraries
8792 must be linked against all libraries that they use symbols from
8793 in the same way that binaries are. This ensures the correct
8796 systems and guarantees that all libraries can be safely opened
8799 Since this option enforces symbol resolution at build time,
8800 a missing library reference will be caught early as a fatal
8801 build error.
8802 </p>
8804 <p>
8805 All installed shared libraries should be stripped with
8808 </example>
8811 needed for relocation processing.) Shared libraries can
8812 function perfectly well when stripped, since the symbols for
8813 dynamic linking are in a separate part of the ELF object
8814 file.<footnote>
8815 You might also want to use the options
8819 libraries.
8820 </footnote>
8821 </p>
8823 <p>
8824 Note that under some circumstances it may be useful to
8825 install a shared library unstripped, for example when
8826 building a separate package to support debugging.
8827 </p>
8829 <p>
8831 public libraries, that is, they are not meant to be linked
8832 to by third party executables (binaries of other packages),
8833 should be installed in subdirectories of the
8835 rules that govern ordinary shared libraries, except that
8836 they must not be installed executable and should be
8837 stripped.<footnote>
8838 A common example are the so-called "plug-ins",
8839 internal shared objects that are dynamically loaded by
8841 </footnote>
8842 </p>
8844 <p>
8846 their shared libraries install a file containing additional
8848 For public libraries intended for use by other packages, these
8849 files normally should not be included in the Debian package,
8850 since the information they include is not necessary to link with
8851 the shared library on Debian and can add unnecessary additional
8852 dependencies to other programs or libraries.<footnote>
8853 These files store, among other things, all libraries on which
8854 that shared library depends. Unfortunately, if
8857 linking against that library will cause the resulting program
8858 or library to be linked against those dependencies as well,
8859 even if this is unnecessary. This can create unneeded
8860 dependencies on shared library packages that would otherwise
8861 be hidden behind the library ABI, and can make library
8862 transitions to new SONAMEs unnecessarily complicated and
8863 difficult to manage.
8864 </footnote>
8869 the empty string. If the shared library development package has
8872 emptied) until all libraries that depend on it have removed or
8874 files to prevent linking with those other libraries
8876 </p>
8878 <p>
8884 package.
8885 </p>
8887 <p>
8889 apply to loadable modules or libraries not installed in
8890 directories searched by default by the dynamic linker. Packages
8891 installing loadable modules will frequently need to install
8894 does not need to be modified for libraries or modules that are
8895 not installed in directories searched by the dynamic linker by
8896 default and not intended for use by other packages.
8897 </p>
8899 <p>
8900 You must make sure that you use only released versions of
8901 shared libraries to build your packages; otherwise other
8902 users will not be able to run your binaries
8903 properly. Producing source packages that depend on
8904 unreleased compilers is also usually a bad
8905 idea.
8906 </p>
8907 </sect>
8910 <sect>
8912 <p>
8914 </p>
8915 </sect>
8921 <p>
8922 All command scripts, including the package maintainer
8925 to interpret them.
8926 </p>
8928 <p>
8929 In the case of Perl scripts this should be
8931 </p>
8933 <p>
8934 When scripts are installed into a directory in the system
8935 PATH, the script name should not include an extension such
8937 language currently used to implement it.
8938 </p>
8939 <p>
8944 to how frequently they need to call commands that are allowed to
8945 fail, and it may instead be easier to check the exit status of
8948 </p>
8949 <p>
8952 </p>
8953 <p>
8955 SUSv3 Shell Command Language<footnote>
8956 Single UNIX Specification, version 3, which is also IEEE
8960 registration.</footnote>
8961 plus the following additional features not mandated by
8962 SUSv3:<footnote>
8963 These features are in widespread use in the Linux community
8964 and are implemented in all of bash, dash, and ksh, the most
8966 </footnote>
8967 <list>
8969 must not generate a newline.</item>
8972 operators.</item>
8974 supported, including listing multiple variables in a single
8975 local command and assigning a value to a variable at the
8977 may not preserve the variable value from an outer scope if
8978 no assignment is present. Uses such as:
8980 fname () {
8981 local a b c=delta d
8982 # ... use a, b, c, d ...
8983 }
8984 </example>
8987 </item>
8990 the name of a signal or one of the numeric signals listed in
8993 built-in.
8994 </item>
8996 signals must be supported. In addition to the signal
8997 numbers listed in the extension, which are the same as for
8999 </item>
9000 </list>
9001 If a shell script requires non-SUSv3 features from the shell
9002 interpreter other than those listed above, the appropriate shell
9003 must be specified in the first line of the script (e.g.,
9005 providing the shell (unless the shell package is marked
9007 </p>
9009 <p>
9010 You may wish to restrict your script to SUSv3 features plus the
9012 as its interpreter. Checking your script
9016 uncover violations of the above requirements. If in doubt
9017 whether a script complies with these requirements,
9019 </p>
9021 <p>
9022 Perl scripts should check for errors when making any
9025 </p>
9027 <p>
9029 scripting languages. See <em>Csh Programming Considered
9033 then you must make sure that they start with
9036 </p>
9038 <p>
9039 Any scripts which create files in world-writeable
9041 mechanism which will fail atomically if a file with the same
9042 name already exists.
9043 </p>
9045 <p>
9048 this purpose.
9049 </p>
9050 </sect>
9053 <sect>
9056 <p>
9057 In general, symbolic links within a top-level directory should
9058 be relative, and symbolic links pointing from one top-level
9059 directory to or into another should be absolute. (A top-level
9060 directory is a sub-directory of the root
9065 absolute.<footnote>
9066 This is necessary to allow top-level directories to be
9072 target.
9073 </footnote>
9074 Symbolic links must not traverse above the root directory.
9075 </p>
9077 <p>
9078 In addition, symbolic links should be specified as short as
9080 deprecated.
9081 </p>
9083 <p>
9084 Note that when creating a relative link using
9086 link to exist relative to the working directory you're
9088 directory to the directory where the link is to be made.
9089 Simply include the string that should appear as the target
9090 of the link (this will be a pathname relative to the
9091 directory in which the link resides) as the first argument
9093 </p>
9095 <p>
9099 ln -fs gcc $(prefix)/bin/cc
9100 ln -fs gcc debian/tmp/usr/bin/cc
9101 ln -fs ../sbin/sendmail $(prefix)/bin/runq
9102 ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
9103 </example>
9104 </p>
9106 <p>
9107 A symbolic link pointing to a compressed file (in the sense
9110 have the same file extension as the referenced file. (For
9112 symbolic link, the filename of the link has to end with
9114 </p>
9115 </sect>
9117 <sect>
9120 <p>
9121 Packages must not include device files or named pipes in the
9122 package file tree.
9123 </p>
9125 <p>
9126 If a package needs any special device files that are not
9127 included in the base system, it must call
9129 after notifying the user<footnote>
9130 This notification could be done via a (low-priority)
9131 debconf message, or an echo (printf) statement.
9132 </footnote>.
9133 </p>
9135 <p>
9136 Packages must not remove any device files in the
9138 system administrator.
9139 </p>
9141 <p>
9142 Debian uses the serial devices
9146 </p>
9148 <p>
9149 Named pipes needed by the package must be created in
9153 automated checks for packages incorrectly creating device
9155 </footnote> and removed in
9157 appropriate.
9158 </p>
9159 </sect>
9164 <sect1>
9167 <p>
9168 <taglist>
9170 <item>
9171 A file that affects the operation of a program, or
9172 provides site- or host-specific information, or
9173 otherwise customizes the behavior of a program.
9174 Typically, configuration files are intended to be
9175 modified by the system administrator (if needed or
9176 desired) to conform to local policy or to provide
9177 more useful site-specific behavior.
9178 </item>
9181 <item>
9185 </item>
9186 </taglist>
9187 </p>
9189 <p>
9190 The distinction between these two is important; they are
9191 not interchangeable concepts. Almost all
9194 </p>
9196 <p>
9201 treated as configuration files. In general, any script that
9202 embeds configuration information is de-facto a configuration
9203 file and should be treated as such.
9204 </p>
9205 </sect1>
9207 <sect1>
9210 <p>
9211 Any configuration files created or used by your package
9214 named after your package.
9215 </p>
9217 <p>
9218 If your package creates or uses configuration files
9222 from the location that the package requires.
9223 </p>
9224 </sect1>
9226 <sect1>
9229 <p>
9230 Configuration file handling must conform to the following
9231 behavior:
9233 <item>
9234 local changes must be preserved during a package
9235 upgrade, and
9236 </item>
9237 <item>
9238 configuration files must be preserved when the
9239 package is removed, and only deleted when the
9240 package is purged.
9241 </item>
9242 </list>
9243 Obsolete configuration files without local changes should be
9244 removed by the package during upgrade.<footnote>
9247 </p>
9249 <p>
9250 The easy way to achieve this behavior is to make the
9252 appropriate only if it is possible to distribute a default
9253 version that will work for most installations, although
9254 some system administrators may choose to modify it. This
9255 implies that the default version will be part of the
9256 package distribution, and must not be modified by the
9257 maintainer scripts during installation (or at any other
9258 time).
9259 </p>
9261 <p>
9262 In order to ensure that local changes are preserved
9263 correctly, no package may contain or make hard links to
9264 conffiles.<footnote>
9265 Rationale: There are two problems with hard links.
9266 The first is that some editors break the link while
9267 editing one of the files, so that the two files may
9268 unwittingly become unlinked and different. The second
9271 </footnote>
9272 </p>
9274 <p>
9275 The other way to do it is via the maintainer scripts. In
9276 this case, the configuration file must not be listed as a
9278 distribution. If the existence of a file is required for
9279 the package to be sensibly configured it is the
9280 responsibility of the package maintainer to provide
9281 maintainer scripts which correctly create, update and
9282 maintain the file and remove it on purge. (See <ref
9284 scripts must be idempotent (i.e., must work correctly if
9286 during installation or removal), must cope with all the
9288 scripts, must not overwrite or otherwise mangle the user's
9289 configuration without asking, must not ask unnecessary
9290 questions (particularly during upgrades), and must
9291 otherwise be good citizens.
9292 </p>
9294 <p>
9295 The scripts are not required to configure every possible
9296 option for the package, but only those necessary to get
9297 the package running on a given system. Ideally the
9298 sysadmin should not have to do any configuration other
9299 than that done (semi-)automatically by the
9301 </p>
9303 <p>
9304 A common practice is to create a script called
9307 configuration file does not already exist. In certain
9308 cases it is useful for there to be an example or template
9309 file which the maintainer scripts use. Such files should
9312 they are architecture-independent or not). There should
9313 be symbolic links to them from
9315 they are examples, and should be perfectly ordinary
9317 configuration files).
9318 </p>
9320 <p>
9321 These two styles of configuration file handling must
9322 not be mixed, for that way lies madness:
9324 every time the package is upgraded.
9325 </p>
9326 </sect1>
9328 <sect1>
9331 <p>
9332 If two or more packages use the same configuration file
9333 and it is reasonable for both to be installed at the same
9334 time, one of these packages must be defined as
9336 the package which handles that file as a configuration
9337 file. Other packages that use the configuration file must
9338 depend on the owning package if they require the
9339 configuration file to operate. If the other package will
9340 use the configuration file if present, but is capable of
9341 operating without it, no dependency need be declared.
9342 </p>
9344 <p>
9345 If it is desirable for two or more related packages to
9347 related packages to be able to modify that configuration
9348 file, then the following should be done:
9350 <item>
9351 One of the related packages (the "owning" package)
9352 will manage the configuration file with maintainer
9353 scripts as described in the previous section.
9354 </item>
9355 <item>
9356 The owning package should also provide a program
9357 that the other packages may use to modify the
9358 configuration file.
9359 </item>
9360 <item>
9361 The related packages must use the provided program
9362 to make any desired modifications to the
9363 configuration file. They should either depend on
9364 the core package to guarantee that the configuration
9365 modifier program is available or accept gracefully
9366 that they cannot modify the configuration file if it
9367 is not. (This is in addition to the fact that the
9368 configuration file may not even be present in the
9369 latter scenario.)
9370 </item>
9371 </enumlist>
9372 </p>
9374 <p>
9375 Sometimes it's appropriate to create a new package which
9376 provides the basic infrastructure for the other packages
9377 and which manages the shared configuration files. (The
9379 </p>
9381 <p>
9382 If the configuration file cannot be shared as described above,
9383 the packages must be marked as conflicting with each other.
9384 Two packages that specify the same file as
9386 general rule about not sharing files. Neither alternatives
9387 nor diversions are likely to be appropriate in this case; in
9390 </p>
9392 <p>
9394 may see left-over configuration files from each other even
9395 though they conflict with each other. If a user removes
9396 (without purging) one of the packages and installs the other,
9398 old package. If the file was modified by the user, it will be
9399 treated the same as any other locally
9401 </p>
9403 <p>
9406 belong to.
9407 </p>
9408 </sect1>
9410 <sect1>
9413 <p>
9416 No other program should reference the files in
9418 </p>
9420 <p>
9421 Therefore, if a program needs a dotfile to exist in
9424 configuration file.
9425 </p>
9427 <p>
9428 However, programs that require dotfiles in order to
9429 operate sensibly are a bad thing, unless they do create
9430 the dotfiles themselves automatically.
9431 </p>
9433 <p>
9434 Furthermore, programs should be configured by the Debian
9435 default installation to behave as closely to the upstream
9436 default behavior as possible.
9437 </p>
9439 <p>
9440 Therefore, if a program in a Debian package needs to be
9441 configured in some way in order to operate sensibly, that
9442 should be done using a site-wide configuration file placed
9444 site-wide default configuration and the package maintainer
9445 doesn't have time to add it may a default per-user file be
9447 </p>
9449 <p>
9451 This is particularly true because there is no easy (or
9452 necessarily desirable) mechanism for ensuring that the
9453 appropriate dotfiles are copied into the accounts of
9454 existing users when a package is installed.
9455 </p>
9456 </sect1>
9457 </sect>
9459 <sect>
9461 <p>
9462 Log files should usually be named
9464 log files, or need a separate directory for permission
9468 files there.
9469 </p>
9471 <p>
9472 Log files must be rotated occasionally so that they don't grow
9473 indefinitely. The best way to do this is to install a log
9474 rotation configuration file in the
9478 <footnote>
9479 <p>
9480 The traditional approach to log files has been to set up
9482 scripts and cron. While this approach is highly
9483 customizable, it requires quite a lot of sysadmin work.
9484 Even though the original Debian system helped a little
9485 by automatically installing a system which can be used
9486 as a template, this was deemed not enough.
9487 </p>
9489 <p>
9491 by Red Hat, is better, as it centralizes log management.
9492 It has both a configuration file
9494 packages can drop their individual log rotation
9496 </p>
9497 </footnote>
9498 Here is a good example for a logrotate config
9502 /var/log/foo/*.log {
9503 rotate 12
9504 weekly
9505 compress
9506 missingok
9507 postrotate
9508 start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
9509 endscript
9510 }
9511 </example>
9513 compressed generations, and tells the daemon to reopen its log
9514 files after the log rotation. It skips this log rotation
9516 avoids errors if the package is removed but not purged.
9517 </p>
9519 <p>
9520 Log files should be removed when the package is
9521 purged (but not when it is only removed). This should be
9525 </p>
9526 </sect>
9531 <p>
9532 The rules in this section are guidelines for general use.
9533 If necessary you may deviate from the details below.
9534 However, if you do so you must make sure that what is done
9535 is secure and you should try to be as consistent as possible
9536 with the rest of the system. You should probably also
9538 </p>
9540 <p>
9542 writable only by the owner and universally readable (and
9544 </p>
9546 <p>
9547 Directories should be mode 755 or (for group-writability)
9548 mode 2775. The ownership of the directory should be
9549 consistent with its mode: if a directory is mode 2775, it
9550 should be owned by the group that needs write access to
9551 it.<footnote>
9552 <p>
9553 When a package is upgraded, and the owner or permissions
9554 of a file included in the package has changed, dpkg
9555 arranges for the ownership and permissions to be
9556 correctly set upon installation. However, this does not
9557 extend to directories; the permissions and ownership of
9558 directories already on the system does not change on
9559 install or upgrade of packages. This makes sense, since
9561 always be in flux. To correctly change permissions of a
9562 directory the package owns, explicit action is required,
9564 taken to handle downgrades as well, in that case.
9565 </p>
9566 </footnote>
9567 </p>
9569 <p>
9573 scripts</qref>).
9574 </p>
9576 <p>
9578 respectively, and owned by the appropriate user or group.
9579 They should not be made unreadable (modes like 4711 or
9581 because anyone can find the binary in the freely available
9582 Debian package; it is merely inconvenient. For the same
9583 reason you should not restrict read or execute permissions
9584 on non-set-id executables.
9585 </p>
9587 <p>
9588 Some setuid programs need to be restricted to particular
9589 sets of users, using file permissions. In this case they
9590 should be owned by the uid to which they are set-id, and by
9591 the group which should be allowed to execute them. They
9592 should have mode 4754; again there is no point in making
9593 them unreadable to those users who must not be allowed to
9594 execute them.
9595 </p>
9597 <p>
9598 It is possible to arrange that the system administrator can
9599 reconfigure the package to correspond to their local
9600 security policy by changing the permissions on a binary:
9602 described below.<footnote>
9605 normally have their permissions reset to the distributed
9606 permissions when the package is reinstalled. However,
9608 default behavior.
9609 </footnote>
9610 Another method you should consider is to create a group for
9611 people allowed to use the program(s) and make any setuid
9612 executables executable only by that group.
9613 </p>
9615 <p>
9616 If you need to create a new user or group for your package
9617 there are two possibilities. Firstly, you may need to
9618 make some files in the binary package be owned by this
9619 user or group, or you may need to compile the user or
9620 group id (rather than just the name) into the binary
9621 (though this latter should be avoided if possible, as in
9622 this case you need a statically allocated id).</p>
9624 <p>
9625 If you need a statically allocated id, you must ask for a
9627 and must not release the package until you have been
9628 allocated one. Once you have been allocated one you must
9629 either make the package depend on a version of the
9632 your package to create the user or group itself with the
9636 possible, otherwise a pre-dependency will be needed on the
9638 </p>
9640 <p>
9641 On the other hand, the program might be able to determine the
9642 uid or gid from the user or group name at runtime, so that a
9643 dynamically allocated id can be used. In this case you should
9644 choose an appropriate user or group name, discussing this
9646 When this has been checked you must arrange for your package to
9647 create the user or group if necessary using
9650 preferred if it is possible).
9651 </p>
9653 <p>
9654 Note that changing the numeric value of an id associated
9655 with a name is very difficult, and involves searching the
9656 file system for all appropriate files. You need to think
9657 carefully whether a static or dynamic id is required, since
9658 changing your mind later will cause problems.
9659 </p>
9662 <p>
9663 This section is not intended as policy, but as a
9665 </p>
9667 <p>
9668 If a system administrator wishes to have a file (or
9669 directory or other such thing) installed with owner and
9670 permissions different from those in the distributed Debian
9673 settings every time the file is installed. Thus the
9674 package maintainer should distribute the files with their
9675 normal permissions, and leave it for the system
9676 administrator to make any desired changes. For example, a
9677 daemon which is normally required to be setuid root, but
9678 in certain situations could be used without being setuid,
9680 local system administrator can change this if they wish.
9681 If there are two standard ways of doing it, the package
9684 maintainer script if necessary to accommodate the system
9685 administrator's choice. Care must be taken during
9686 upgrades to not override an existing setting.
9687 </p>
9689 <p>
9691 essentially a tool for system administrators and would not
9692 normally be needed in the maintainer scripts. There is
9693 one type of situation, though, where calls to
9695 maintainer scripts, and that involves packages which use
9696 dynamically allocated user or group ids. In such a
9697 situation, something like the following idiom can be very
9700 <example>
9701 for i in /usr/bin/foo /usr/sbin/bar
9702 do
9703 # only do something when no setting exists
9705 then
9706 #include: debconf processing, question about foo and bar
9708 dpkg-statoverride --update --add sysuser root 4755 $i
9709 fi
9710 fi
9711 done
9712 </example>
9713 The corresponding code to remove the override when the package
9714 is purged would be:
9715 <example>
9716 for i in /usr/bin/foo /usr/sbin/bar
9717 do
9719 then
9720 dpkg-statoverride --remove $i
9721 fi
9722 done
9723 </example>
9724 </p>
9725 </sect1>
9726 </sect>
9731 <p>
9732 The name of the files installed by binary packages in the system PATH
9735 ASCII.
9736 </p>
9738 <p>
9739 The name of the files and directories installed by binary packages
9740 outside the system PATH must be encoded in UTF-8 and should be
9741 restricted to ASCII when it is possible to do so.
9742 </p>
9743 </sect>
9744 </chapt>
9753 <p>
9754 If a program needs to specify an <em>architecture specification
9755 string</em> in some place, it should select one of the strings
9758 part is sometimes elided, as when the OS is Linux.
9759 </p>
9761 <p>
9762 Note that we don't want to use
9765 since this would make our programs incompatible with other
9766 Linux distributions. We also don't use something like
9769 </p>
9774 <p>
9775 A package may specify an architecture wildcard. Architecture
9779 Internally, the package system normalizes the GNU triplets
9780 and the Debian arches into Debian arch triplets (which are
9781 kind of inverted GNU triplets), with the first component of
9782 the triplet representing the libc and ABI in use, and then
9783 does matching against those triplets. However, such
9784 triplets are an internal implementation detail that should
9785 not be used by packages directly. The libc and ABI portion
9786 is handled internally by the package system based on
9788 </footnote>
9789 </p>
9790 </sect1>
9791 </sect>
9793 <sect>
9796 <p>
9800 by other packages.
9801 </p>
9803 <p>
9804 If a package requires a new entry in one of these files, the
9805 maintainer should get in contact with the
9808 package.
9809 </p>
9811 <p>
9813 modified by the package's scripts except via the
9816 for details on how to add entries.
9817 </p>
9819 <p>
9820 If a package wants to install an example entry into
9823 treated as "commented out by user" by the
9825 activated during package updates.
9826 </p>
9827 </sect>
9829 <sect>
9830 <heading>Using pseudo-ttys and modifying wtmp, utmp and
9831 lastlog</heading>
9833 <p>
9834 Some programs need to create pseudo-ttys. This should be done
9835 using Unix98 ptys if the C library supports it. The resulting
9836 program must not be installed setuid root, unless that
9837 is required for other functionality.
9838 </p>
9840 <p>
9845 </p>
9846 </sect>
9848 <sect>
9851 <p>
9852 Some programs have the ability to launch an editor or pager
9853 program to edit or display a text document. Since there are
9854 lots of different editors and pagers available in the Debian
9855 distribution, the system administrator and each user should
9856 have the possibility to choose their preferred editor and
9857 pager.
9858 </p>
9860 <p>
9861 In addition, every program should choose a good default
9862 editor/pager if none is selected by the user or system
9863 administrator.
9864 </p>
9866 <p>
9867 Thus, every program that launches an editor or pager must
9868 use the EDITOR or PAGER environment variable to determine
9869 the editor or pager the user wishes to use. If these
9872 </p>
9874 <p>
9876 "alternatives" mechanism. Every package providing an editor or
9880 should have a slave alternative
9883 corresponding manual page.
9884 </p>
9886 <p>
9887 If it is very hard to adapt a program to make use of the
9888 EDITOR or PAGER variables, that program may be configured to
9891 program respectively. These are two scripts provided in the
9893 and PAGER variables and launch the appropriate program, and fall
9896 </p>
9898 <p>
9899 A program may also use the VISUAL environment variable to
9900 determine the user's choice of editor. If it exists, it
9901 should take precedence over EDITOR. This is in fact what
9903 </p>
9905 <p>
9906 It is not required for a package to depend on
9908 package to provide such virtual packages.<footnote>
9909 The Debian base system already provides an editor and a
9910 pager program.
9911 </footnote>
9912 </p>
9913 </sect>
9918 <p>
9919 This section describes the locations and URLs that should
9920 be used by all web servers and web applications in the
9921 Debian system.
9922 </p>
9924 <p>
9925 <enumlist>
9926 <item>
9927 Cgi-bin executable files are installed in the
9928 directory
9930 /usr/lib/cgi-bin
9931 </example>
9932 or a subdirectory of that directory, and the script
9935 </example>
9936 should be referred to as
9939 </example>
9940 </item>
9942 <item>
9944 </item>
9946 <item>
9948 <p>
9949 It is recommended that images for a package be stored
9952 as
9953 <example>
9955 </example>
9957 </p>
9958 </item>
9960 <item>
9963 <p>
9964 Web Applications should try to avoid storing files in
9965 the Web Document Root. Instead they should use the
9967 documents and register the Web Application via the
9969 web document root is unavoidable then use
9971 /var/www/html
9972 </example>
9973 as the Document Root. This might be just a symbolic
9974 link to the location where the system administrator
9975 has put the real document root.
9976 </p>
9977 </item>
9979 <p>
9980 All web servers should provide the virtual package
9983 </p>
9984 <p>
9985 All web applications which do not contain CGI scripts should
9989 </p>
9990 </item>
9991 </enumlist>
9992 </p>
9993 </sect>
9998 <p>
9999 Debian packages which process electronic mail, whether mail
10000 user agents (MUAs) or mail transport agents (MTAs), must
10001 ensure that they are compatible with the configuration
10002 decisions below. Failure to do this may result in lost
10004 damage!
10005 </p>
10007 <p>
10010 the FHS). On older systems, the mail spool may be
10012 access to the mail spool should be via the
10014 base system and not part of the MTA package.
10015 </p>
10017 <p>
10018 All Debian MUAs, MTAs, MDAs and other mailbox accessing
10019 programs (such as IMAP daemons) must lock the mailbox in an
10021 be combined with dot locking. To avoid deadlocks, a program
10023 this, or alternatively implement the two locking methods in
10024 a non blocking way<footnote>
10025 If it is not possible to establish both locks, the
10026 system shouldn't wait for the second lock to be
10027 established, but remove the first lock, wait a (random)
10028 time, and start over locking again.
10032 accomplish this.
10033 </p>
10035 <p>
10036 Mailboxes are generally either mode 600 and owned by
10039 There are two traditional permission schemes for mail spools:
10040 mode 600 with all mail delivery done by processes running as
10041 the destination user, or mode 660 and owned by group mail with
10042 mail delivery done by a process running as a system user in
10043 group mail. Historically, Debian required mode 660 mail
10044 spools to enable the latter model, but that model has become
10045 increasingly uncommon and the principle of least privilege
10046 indicates that mail systems that use the first model should
10047 use permissions of 600. If delivery to programs is permitted,
10048 it's easier to keep the mail system secure if the delivery
10049 agent runs as the destination user. Debian Policy therefore
10050 permits either scheme.
10051 </footnote>. The local system administrator may choose a
10052 different permission scheme; packages should not make
10053 assumptions about the permission and ownership of mailboxes
10054 unless required (such as when creating a new mailbox). A MUA
10055 may remove a mailbox (unless it has nonstandard permissions) in
10056 which case the MTA or another MUA must recreate it if needed.
10057 </p>
10059 <p>
10061 be setgid mail to do the locking mentioned above (and
10062 must obviously avoid accessing other users' mailboxes
10063 using this privilege).</p>
10065 <p>
10067 aliases (e.g., postmaster, usenet, etc.), it is the one
10072 even if it does nothing, but older MTA packages did not do
10074 cannot be found. Note that because of this, all MTA
10077 </p>
10079 <p>
10080 The convention of writing <tt>forward to
10084 <p>
10089 is supported.</p>
10091 <p>
10092 If your package needs to know what hostname to use on (for
10093 example) outgoing news and mail messages which are generated
10096 (at) sign for email addresses of users on the machine
10097 (followed by a newline).
10098 </p>
10100 <p>
10101 Such a package should check for the existence of this file
10102 when it is being configured. If it exists, it should be
10103 used without comment, although an MTA's configuration script
10104 may wish to prompt the user even if it finds that this file
10105 exists. If the file does not exist, the package should
10106 prompt the user for the value (preferably using
10108 as well as using it in the package's configuration. The
10109 prompt should make it clear that the name will not just be
10110 used by that package. For example, in this situation the
10113 Please enter the "mail name" of your system. This is the
10114 hostname portion of the address to be shown on outgoing
10115 news and mail messages. The default is
10117 name ["<var>syshostname</var>"]:
10118 </example>
10120 --fqdn</tt>.
10121 </p>
10122 </sect>
10124 <sect>
10127 <p>
10128 All the configuration files related to the NNTP (news)
10129 servers and clients should be located under
10132 <p>
10133 There are some configuration issues that apply to a number
10134 of news clients and server packages on the machine. These
10135 are:
10137 <taglist>
10139 <item>
10140 A string which should appear as the
10141 organization header for all messages posted
10142 by NNTP clients on the machine
10143 </item>
10146 <item>
10147 Contains the FQDN of the upstream NNTP
10148 server, or localhost if the local machine is
10149 an NNTP server.
10150 </item>
10151 </taglist>
10153 Other global files may be added as required for cross-package news
10154 configuration.
10155 </p>
10156 </sect>
10159 <sect>
10162 <sect1>
10165 <p>
10166 Programs that can be configured with support for the X
10167 Window System must be configured to do so and must declare
10168 any package dependencies necessary to satisfy their
10169 runtime requirements when using the X Window System. If
10170 such a package is of higher priority than the X packages
10171 on which it depends, it is required that either the
10172 X-specific components be split into a separate package, or
10173 that an alternative version of the package, which includes
10174 X support, be provided, or that the package's priority be
10175 lowered.
10176 </p>
10177 </sect1>
10179 <sect1>
10182 <p>
10183 Packages that provide an X server that, directly or
10184 indirectly, communicates with real input and display
10186 field that they provide the virtual
10188 This implements current practice, and provides an
10190 virtual package which appears in the virtual packages
10191 list. In a nutshell, X servers that interface
10192 directly with the display and input hardware or via
10193 another subsystem (e.g., GGI) should provide
10196 </footnote>
10197 </p>
10198 </sect1>
10200 <sect1>
10203 <p>
10204 Packages that provide a terminal emulator for the X Window
10205 System which meet the criteria listed below should declare in
10208 also register themselves as an alternative for
10210 20. That alternative should have a slave alternative
10212 pointing to the corresponding manual page.
10213 </p>
10215 <p>
10218 <item>
10219 Be able to emulate a DEC VT100 terminal, or a
10220 compatible terminal.
10221 </item>
10223 <item>
10224 Support the command-line option <tt>-e
10226 terminal window<footnote>
10227 "New terminal window" does not necessarily mean
10228 a new top-level X window directly parented by
10229 the window manager; it could, if the terminal
10230 emulator application were so coded, be a new
10231 "view" in a multiple-document interface (MDI).
10232 </footnote>
10234 interpreting the entirety of the rest of the command
10235 line as a command to pass straight to exec, in the
10237 </item>
10239 <item>
10240 Support the command-line option <tt>-T
10243 </item>
10244 </list>
10245 </p>
10246 </sect1>
10248 <sect1>
10251 <p>
10252 Packages that provide a window manager should declare in
10255 register themselves as an alternative for
10257 calculated as follows:
10259 <item>
10260 Start with a priority of 20.
10261 </item>
10263 <item>
10264 If the window manager supports the Debian menu
10265 system, add 20 points if this support is available
10266 in the package's default configuration (i.e., no
10267 configuration files belonging to the system or user
10268 have to be edited to activate the feature); if
10269 configuration files must be modified, add only 10
10270 points.
10271 </p>
10272 </item>
10274 <item>
10275 If the window manager complies with <url
10280 </item>
10282 <item>
10283 If the window manager permits the X session to be
10285 (without killing the X server) in its default
10286 configuration, add 10 points; otherwise add none.
10287 </item>
10288 </list>
10289 That alternative should have a slave alternative
10291 pointing to the corresponding manual page.
10292 </p>
10293 </sect1>
10295 <sect1>
10298 <p>
10299 Packages that provide fonts for the X Window
10300 System<footnote>
10301 For the purposes of Debian Policy, a "font for the X
10302 Window System" is one which is accessed via X protocol
10303 requests. Fonts for the Linux console, for PostScript
10304 renderer, or any other purpose, do not fit this
10305 definition. Any tool which makes such fonts available
10306 to the X Window System, however, must abide by this
10307 font policy.
10308 </footnote>
10309 must do a number of things to ensure that they are both
10310 available without modification of the X or font server
10311 configuration, and that they do not corrupt files used by
10312 other font packages to register information about
10313 themselves.
10314 <enumlist>
10315 <item>
10316 Fonts of any type supported by the X Window System
10317 must be in a separate binary package from any
10318 executables, libraries, or documentation (except
10319 that specific to the fonts shipped, such as their
10320 license information). If one or more of the fonts
10321 so packaged are necessary for proper operation of
10322 the package with which they are associated the font
10323 package may be Recommended; if the fonts merely
10324 provide an enhancement, a Suggests relationship may
10325 be used. Packages must not Depend on font
10326 packages.<footnote>
10327 This is because the X server may retrieve fonts
10328 from the local file system or over the network
10329 from an X font server; the Debian package system
10330 is empowered to deal only with the local
10331 file system.
10332 </footnote>
10333 </item>
10335 <item>
10336 BDF fonts must be converted to PCF fonts with the
10339 placed in a directory that corresponds to their
10340 resolution:
10342 <item>
10343 100 dpi fonts must be placed in
10345 </item>
10347 <item>
10348 75 dpi fonts must be placed in
10350 </item>
10352 <item>
10353 Character-cell fonts, cursor fonts, and other
10354 low-resolution fonts must be placed in
10356 </item>
10357 </list>
10358 </item>
10360 <item>
10361 Type 1 fonts must be placed in
10363 metric files are available, they must be placed here
10364 as well.
10365 </item>
10367 <item>
10369 other than those listed above must be neither
10372 are excepted for historical reasons, but installation of
10373 files into these directories remains discouraged.)
10374 </item>
10376 <item>
10377 Font packages may, instead of placing files directly
10378 in the X font directories listed above, provide
10379 symbolic links in that font directory pointing to
10380 the files' actual location in the filesystem. Such
10381 a location must comply with the FHS.
10382 </item>
10384 <item>
10385 Font packages should not contain both 75dpi and
10386 100dpi versions of a font. If both are available,
10387 they should be provided in separate binary packages
10389 the names of the packages containing the
10390 corresponding fonts.
10391 </item>
10393 <item>
10395 should not be included in the same package as 75dpi
10396 or 100dpi fonts; instead, they should be provided in
10398 its name.
10399 </item>
10401 <item>
10402 Font packages must not provide the files
10405 <list>
10406 <item>
10408 </item>
10410 <item>
10412 files, if needed, should be provided in the
10413 directory
10416 subdirectory of
10418 package's corresponding fonts are stored
10421 that provides these fonts, and
10424 the file contents.
10425 </item>
10426 </list>
10427 </item>
10429 <item>
10430 Font packages must declare a dependency on
10433 </item>
10435 <item>
10436 Font packages that provide one or more
10439 directory into which they installed fonts
10442 This invocation must occur in both the
10446 </item>
10448 <item>
10449 Font packages that provide one or more
10452 directory into which they installed fonts. This
10453 invocation must occur in both the
10457 </item>
10459 <item>
10460 Font packages must invoke
10462 which they installed fonts. This invocation must
10466 </item>
10468 <item>
10469 Font packages must not provide alias names for the
10470 fonts they include which collide with alias names
10471 already in use by fonts already packaged.
10472 </item>
10474 <item>
10475 Font packages must not provide fonts with the same
10476 XLFD registry name as another font already packaged.
10477 </item>
10478 </enumlist>
10479 </p>
10480 </sect1>
10485 <p>
10486 Application defaults files must be installed in the
10489 in the <em>X Toolkit Intrinsics - C Language
10490 Interface</em> manual is also permitted). They must be
10492 configuration files.
10493 </p>
10495 <p>
10496 Customization of programs' X resources may also be
10497 supported with the provision of a file with the same name
10498 as that of the package placed in
10501 configuration file.<footnote>
10502 Note that this mechanism is not the same as using
10503 app-defaults; app-defaults are tied to the client
10504 binary on the local file system, whereas X resources
10505 are stored in the X server and affect all connecting
10506 clients.
10507 </footnote>
10508 </p>
10509 </sect1>
10511 <sect1>
10514 <p>
10515 Historically, packages using the X Window System used a
10516 separate set of installation directories from other packages.
10517 This practice has been discontinued and packages using the X
10518 Window System should now generally be installed in the same
10519 directories as any other package. Specifically, packages must
10522 regarded as obsolete.
10523 </p>
10525 <p>
10526 Include files previously installed under
10529 installed into subdirectories of
10534 </p>
10536 <p>
10537 Configuration files for window, display, or session managers
10538 or other applications that are tightly integrated with the X
10539 Window System may be placed in a subdirectory
10541 Other X Window System applications should use
10544 </p>
10545 </sect1>
10546 </sect>
10551 <p>
10552 Perl programs and modules should follow the current Perl policy.
10553 </p>
10555 <p>
10558 It is also available from the Debian web mirrors at
10561 </p>
10562 </sect>
10567 <p>
10568 Please refer to the "Debian Emacs Policy" for details of how to
10569 package emacs lisp programs.
10570 </p>
10572 <p>
10573 The Emacs policy is available in
10576 It is also available from the Debian web mirrors at
10579 </p>
10580 </sect>
10582 <sect>
10585 <p>
10588 </p>
10590 <p>
10591 Each game decides on its own security policy.</p>
10593 <p>
10594 Games which require protected, privileged access to
10595 high-score files, saved games, etc., may be made
10599 example). They must not be made
10601 an attacker can subvert any set-user-id game they can
10602 overwrite the executable of any other, causing other players
10603 of these games to run a Trojan horse program. With a
10604 set-group-id game the attacker only gets access to less
10605 important game data, and if they can get at the other
10606 players' accounts at all it will take considerably more
10607 effort.)</p>
10609 <p>
10610 Some packages, for example some fortune cookie programs, are
10611 configured by the upstream authors to install with their
10612 data files or other static information made unreadable so
10613 that they can only be accessed through set-id programs
10614 provided. You should not do this in a Debian package: anyone can
10616 so there is no point making the files unreadable. Not
10617 making the files unreadable also means that you don't have
10618 to make so many programs set-id, which reduces the risk of a
10619 security hole.</p>
10621 <p>
10622 As described in the FHS, binaries of games should be
10624 applies to games that use the X Window System. Manual pages
10625 for games (X and non-X games) should be installed in
10627 </sect>
10628 </chapt>
10634 <sect>
10637 <p>
10641 details). You must not install a pre-formatted "cat page".
10642 </p>
10644 <p>
10645 Each program, utility, and function should have an
10646 associated manual page included in the same package. It is
10647 suggested that all configuration files also have a manual
10648 page included as well. Manual pages for protocols and other
10649 auxiliary things are optional.
10650 </p>
10652 <p>
10653 If no manual page is available, this is considered as a bug
10654 and should be reported to the Debian Bug Tracking System (the
10655 maintainer of the package is allowed to write this bug report
10656 themselves, if they so desire). Do not close the bug report
10657 until a proper man page is available.<footnote>
10658 It is not very hard to write a man page. See the
10665 </footnote>
10666 </p>
10668 <p>
10669 You may forward a complaint about a missing man page to the
10670 upstream authors, and mark the bug as forwarded in the
10671 Debian bug tracking system. Even though the GNU Project do
10672 not in general consider the lack of a man page to be a bug,
10673 we do; if they tell you that they don't consider it a bug
10674 you should leave the bug in our bug tracking system open
10675 anyway.
10676 </p>
10678 <p>
10680 </p>
10682 <p>
10683 If one man page needs to be accessible via several names it
10685 feature, but there is no need to fiddle with the relevant
10687 symlinks: don't do it unless it's easy. You should not
10688 create hard links in the manual page directories, nor put
10691 base of the man page tree (usually
10694 in the file system to the alternate names of the man page,
10696 man page under those names based solely on the information in
10697 the man page's header.<footnote>
10699 unreasonable processing time to find a manual page or to
10700 report that none exists, and moves knowledge into man's
10701 database that would be better left in the file system.
10702 This support is therefore deprecated and will cease to
10703 be present in the future.
10704 </footnote>
10705 </p>
10707 <p>
10708 Manual pages in locale-specific subdirectories of
10710 legacy encoding for that language (normally the one corresponding
10711 to the shortest relevant locale name in
10716 use. In future, all manual pages will be required to use
10717 UTF-8.
10718 </footnote>
10719 </p>
10721 <p>
10723 included in the subdirectory name unless it indicates a
10724 significant difference in the language, as this excludes
10725 speakers of the language in other countries.<footnote>
10726 At the time of writing, Chinese and Portuguese are the main
10729 </footnote>
10730 </p>
10732 <p>
10733 If a localized version of a manual page is provided, it should
10734 either be up-to-date or it should be obvious to the reader that
10735 it is outdated and the original manual page should be used
10736 instead. This can be done either by a note at the beginning of
10737 the manual page or by showing the missing or changed portions in
10738 the original language instead of the target language.
10739 </p>
10740 </sect>
10742 <sect>
10745 <p>
10748 </p>
10750 <p>
10753 use of info readers. This file must not be included in packages
10755 </p>
10757 <p>
10759 appropriate using dpkg triggers. Packages other than
10763 for this purpose.
10764 </p>
10766 <p>
10769 </p>
10771 <p>
10772 Info documents should contain section and directory entry
10773 information in the document for the use
10776 space and the section of this info page. The directory entry or
10777 entries should be included between
10780 <example>
10781 INFO-DIR-SECTION Individual utilities
10782 START-INFO-DIR-ENTRY
10783 * example: (example). An example info directory entry.
10784 END-INFO-DIR-ENTRY
10785 </example>
10786 To determine which section to use, you should look
10788 the most relevant (or create a new section if none of the
10789 current sections are relevant).<footnote>
10790 Normally, info documents are generated from Texinfo source.
10791 To include this information in the generated info document, if
10792 it is absent, add commands like:
10793 <example>
10794 @dircategory Individual utilities
10795 @direntry
10796 * example: (example). An example info directory entry.
10797 @end direntry
10798 </example>
10799 to the Texinfo source of the document and ensure that the info
10800 documents are rebuilt from source during the package build.
10801 </footnote>
10802 </p>
10803 </sect>
10808 <p>
10809 Any additional documentation that comes with the package may be
10810 installed at the discretion of the package maintainer. It is
10811 often a good idea to include text information files
10813 source package in the binary package. However, you don't need
10814 to install the instructions for building and installing the
10815 package, of course!
10816 </p>
10818 <p>
10819 Plain text documentation should be compressed with <tt>gzip
10821 </p>
10823 <p>
10824 If a package comes with large amounts of documentation that many
10825 users of the package will not require, you should create a
10826 separate binary package to contain it so that it does not take
10827 up disk space on the machines of users who do not need or want
10828 it installed. As a special case of this rule, shared library
10829 documentation of any appreciable size should always be packaged
10831 or in a separate documentation package, since shared libraries
10832 are frequently installed as dependencies of other packages by
10833 users who have little interest in documentation of the library
10834 itself. The documentation package for the
10838 separate documentation packages for multiple languages).
10839 </p>
10841 <p>
10842 Additional documentation included in the package should be
10844 If the documentation is packaged separately,
10846 either that path or into the documentation directory for the
10847 separate documentation package
10849 example). However, installing the documentation into the
10850 documentation directory of the main package is preferred since
10851 it is independent of the packaging method and will be easier for
10852 users to find.
10853 </p>
10855 <p>
10856 Any separate package providing documentation must still install
10857 standard documentation files in its
10861 </p>
10863 <p>
10864 Packages must not require the existence of any files in
10866 <footnote>
10867 The system administrator should be able to delete files
10869 to break.
10870 </footnote>. Any files that are used or read by programs but
10871 are also useful as stand alone documentation should be installed
10872 elsewhere, such as
10874 included via symbolic links
10876 </p>
10878 <p>
10881 the two packages both come from the same source and the
10882 first package Depends on the second.<footnote>
10883 <p>
10884 Please note that this does not override the section on
10885 changelog files below, so the file
10887 must refer to the changelog for the current version of
10889 that the sources of the target and the destination of the
10890 symlink must be the same (same source package and
10891 version).
10892 </p>
10893 </footnote>
10894 </p>
10895 </sect>
10897 <sect>
10900 <p>
10901 The unification of Debian documentation is being carried out
10902 via HTML.</p>
10904 <p>
10905 If the package comes with extensive documentation in a
10906 markup format that can be converted to various other formats
10907 you should if possible ship HTML versions in a binary
10908 package.<footnote>
10909 Rationale: The important thing here is that HTML
10911 binary package.
10912 </footnote>
10913 The documentation must be installed as specified in
10915 </p>
10917 <p>
10918 Other formats such as PostScript may be provided at the
10919 package maintainer's discretion.
10920 </p>
10921 </sect>
10926 <p>
10927 Every package must be accompanied by a verbatim copy of its
10928 copyright information and distribution license in the file
10930 file must neither be compressed nor be a symbolic link.
10931 </p>
10933 <p>
10934 In addition, the copyright file must say where the upstream
10935 sources (if any) were obtained, and should name the original
10936 authors.
10937 </p>
10939 <p>
10941 areas should state in the copyright file that the package is not
10942 part of the Debian distribution and briefly explain why.
10943 </p>
10945 <p>
10946 A copy of the file which will be installed in
10949 </p>
10951 <p>
10954 the two packages both come from the same source and the
10955 first package Depends on the second. These rules are important
10957 mechanical means.
10958 </p>
10960 <p>
10961 Packages distributed under the Apache license (version 2.0), the
10965 to the corresponding files under
10967 <p>
10968 In particular,
10981 respectively. The University of California BSD license is
10984 brevity of this license, its specificity to code whose
10985 copyright is held by the Regents of the University of
10986 California, and the frequency of minor wording changes, its
10987 text should be included in the copyright file rather than
10988 referencing this file.
10989 </p>
10990 </footnote> rather than quoting them in the copyright
10991 file.
10992 </p>
10994 <p>
10996 file. If your package has such a file it should be
10999 </p>
11001 <p>
11002 All copyright files must be encoded in UTF-8.
11003 </p>
11008 <p>
11009 A specification for a standard, machine-readable format
11014 also available from the Debian web mirrors at
11017 </p>
11019 <p>
11020 Use of this format is optional.
11021 </p>
11022 </sect1>
11023 </sect>
11025 <sect>
11028 <p>
11029 Any examples (configurations, source files, whatever),
11030 should be installed in a directory
11032 files should not be referenced by any program: they're there
11033 for the benefit of the system administrator and users as
11034 documentation only. Architecture-specific example files
11035 should be installed in a directory
11037 links to them from
11039 latter directory itself may be a symbolic link to the
11040 former.
11041 </p>
11043 <p>
11044 If the purpose of a package is to provide examples, then the
11045 example files may be installed into
11047 </p>
11048 </sect>
11053 <p>
11054 Packages that are not Debian-native must contain a
11056 the Debian source tree in
11059 </p>
11061 <p>
11062 If an upstream changelog is available, it should be accessible as
11064 plain text. If the upstream changelog is distributed in
11065 HTML, it should be made available in that form as
11069 the upstream changelog files do not already conform to this
11070 naming convention, then this may be achieved either by
11071 renaming the files, or by adding a symbolic link, at the
11072 maintainer's discretion.<footnote>
11073 Rationale: People should not have to look in places for
11074 upstream changelogs merely because they are given
11075 different names or are distributed in HTML format.
11076 </footnote>
11077 </p>
11079 <p>
11080 All of these files should be installed compressed using
11082 if they start out small.
11083 </p>
11085 <p>
11086 If the package has only one changelog which is used both as
11087 the Debian changelog and the upstream one because there is
11088 no separate upstream maintainer then that changelog should
11089 usually be installed as
11091 there is a separate upstream maintainer, but no upstream
11092 changelog, then the Debian changelog should still be called
11094 </p>
11096 <p>
11097 For details about the format and contents of the Debian
11099 </p>
11100 </sect>
11101 </chapt>
11106 <p>
11107 These appendices are taken essentially verbatim from the
11108 now-deprecated Packaging Manual, version 3.2.1.0. They are
11109 the chapters which are likely to be of use to package
11110 maintainers and which have not already been included in the
11111 policy document itself. Most of these sections are very likely
11112 not relevant to policy; they should be treated as
11113 documentation for the packaging system. Please note that these
11114 appendices are included for convenience, and for historical
11115 reasons: they used to be part of policy package, and they have
11116 not yet been incorporated into dpkg documentation. However,
11117 they still have value, and hence they are presented here.
11118 </p>
11120 <p>
11121 They have not yet been checked to ensure that they are
11122 compatible with the contents of policy, and if there are any
11123 contradictions, the version in the main policy document takes
11124 precedence. The remaining chapters of the old Packaging
11125 Manual have also not been read in detail to ensure that there
11126 are not parts which have been left out. Both of these will be
11127 done in due course.
11128 </p>
11130 <p>
11131 Certain parts of the Packaging manual were integrated into the
11132 Policy Manual proper, and removed from the appendices. Links
11133 have been placed from the old locations to the new ones.
11134 </p>
11136 <p>
11138 package files and installing and removing them on Unix
11139 systems.<footnote>
11141 work on or be ported to other systems.
11142 </footnote>
11143 </p>
11145 <p>
11146 The binary packages are designed for the management of
11147 installed executable programs (usually compiled binaries) and
11148 their associated data, though source code examples and
11149 documentation are provided as part of some packages.</p>
11151 <p>
11152 This manual describes the technical aspects of creating Debian
11154 behavior of the package management programs
11156 they interact with packages.</p>
11158 <p>
11159 This manual does not go into detail about the options and
11160 usage of the package building and installation tools. It
11161 should therefore be read in conjunction with those programs'
11162 man pages.
11163 </p>
11165 <p>
11167 not described in detail here, are documented in their man pages.
11168 </p>
11170 <p>
11171 It is assumed that the reader is reasonably familiar with the
11173 Unfortunately this manual does not yet exist.
11174 </p>
11176 <p>
11177 The Debian version of the FSF's GNU hello program is provided as
11178 an example for people wishing to create Debian packages. However,
11179 while the examples are helpful, they do not replace the need to
11180 read and follow the Policy and Programmer's Manual.</p>
11181 </appendix>
11186 <p>
11188 </p>
11192 </heading>
11194 <p>
11195 All manipulation of binary package files is done by
11199 will spot that the options requested are appropriate to
11201 arguments.)
11202 </p>
11204 <p>
11205 In order to create a binary package, you must make a directory
11206 tree which contains all the files and directories you want to
11207 have in the file system data part of the package. In
11208 Debian-format source packages, this directory is usually
11211 the package's source tree.
11212 </p>
11214 <p>
11215 They should have the locations (relative to the root of the
11216 directory tree you're constructing) ownerships and
11217 permissions which you want them to have on the system when
11218 they are installed.
11219 </p>
11221 <p>
11223 and gid/groupname mappings for the users and groups being
11224 used should be the same on the system where the package is
11225 built and the one where it is installed.
11226 </p>
11228 <p>
11229 You need to add one special directory to the root of the
11230 miniature file system tree you're creating:
11232 information files, notably the binary package control file
11234 </p>
11236 <p>
11238 file system archive of the package, and so won't be installed
11240 </p>
11242 <p>
11243 When you've prepared the package, you should invoke:
11244 <example>
11246 </example>
11247 </p>
11249 <p>
11250 This will build the package in
11254 build the package.)
11255 </p>
11257 <p>
11259 to examine the contents of this newly-created file. You may find the
11260 output of following commands enlightening:
11261 <example>
11265 </example>
11266 To view the copyright file for a package you could use this command:
11267 <example>
11269 </example>
11270 </p>
11271 </sect>
11276 <p>
11277 The control information portion of a binary package is a
11279 It will treat the contents of these files specially - some
11281 installing or removing the package; others are scripts which
11283 </p>
11285 <p>
11286 It is possible to put other files in the package control
11287 information file area, but this is not generally a good idea
11288 (though they will largely be ignored).
11289 </p>
11291 <p>
11292 Here is a brief list of the control information files supported
11294 </p>
11296 <p>
11297 <taglist>
11299 <item>
11300 <p>
11301 This is the key description file used by
11303 and version, gives its description for the user,
11304 states its relationships with other packages, and so
11307 </p>
11309 <p>
11310 It is usually generated automatically from information
11311 in the source package by the
11315 </p>
11316 </item>
11320 </tag>
11321 <item>
11322 <p>
11323 These are executable files (usually scripts) which
11325 and removal of packages. They allow the package to
11326 deal with matters which are particular to that package
11327 or require more complicated processing than that
11330 </p>
11332 <p>
11333 It is very important to make these scripts idempotent.
11335 </p>
11337 <p>
11338 The maintainer scripts are not guaranteed to run with a
11339 controlling terminal and may not be able to interact with
11341 </p>
11342 </item>
11345 </tag>
11346 <item>
11347 This file contains a list of configuration files which
11350 every configuration file should be listed here.
11351 </item>
11354 </tag>
11355 <item>
11356 This file contains a list of the shared libraries
11357 supplied by the package, with dependency details for
11359 when it determines what dependencies are required in a
11362 </item>
11363 </taglist>
11364 </p>
11369 <p>
11370 The most important control information file used by
11373 statistics".
11374 </p>
11376 <p>
11377 The binary package control files of packages built from
11378 Debian sources are made by a special tool,
11382 more details.
11383 </p>
11385 <p>
11386 The fields in binary package control files are listed in
11388 </p>
11390 <p>
11391 A description of the syntax of control files and the purpose
11393 </p>
11394 </sect>
11396 <sect>
11399 <p>
11401 </p>
11402 </sect>
11403 </appendix>
11408 <p>
11409 The Debian binary packages in the distribution are generated
11410 from Debian sources, which are in a special format to assist
11411 the easy and automatic building of binaries.
11412 </p>
11417 <p>
11418 Various tools are provided for manipulating source packages;
11419 they pack and unpack sources and help build of binary
11420 packages and help manage the distribution of new versions.
11421 </p>
11423 <p>
11424 They are introduced and typical uses described here; see
11426 documentation about their arguments and operation.
11427 </p>
11429 <p>
11430 For examples of how to construct a Debian source package,
11431 and how to use those utilities that are used by Debian
11433 package.
11434 </p>
11437 <heading>
11439 packages
11440 </heading>
11442 <p>
11443 This program is frequently used by hand, and is also
11444 called from package-independent automated building scripts
11446 </p>
11448 <p>
11449 To unpack a package it is typically invoked with
11450 <example>
11452 </example>
11453 </p>
11455 <p>
11458 the same directory. It unpacks into
11460 applicable
11462 the current directory.
11463 </p>
11465 <p>
11466 To create a packed source archive it is typically invoked:
11467 <example>
11469 </example>
11470 </p>
11472 <p>
11476 source tree first - this must be done separately if it is
11477 required.
11478 </p>
11480 <p>
11482 </sect1>
11486 <heading>
11488 control script
11489 </heading>
11491 <p>
11493 </p>
11494 </sect1>
11497 <heading>
11499 control files
11500 </heading>
11502 <p>
11505 tree.
11506 </p>
11508 <p>
11509 This is usually done just before the files and directories in the
11510 temporary directory tree where the package is being built have their
11511 permissions and ownerships set and the package is constructed using
11513 <footnote>
11514 This is so that the control file which is produced has
11515 the right permissions
11516 </footnote>.
11517 </p>
11519 <p>
11521 files which are to go into the package have been placed in
11522 the temporary build directory, so that its calculation of
11523 the installed size of a package is correct.
11524 </p>
11526 <p>
11529 variable substitutions created by
11531 are available.
11532 </p>
11534 <p>
11535 For a package which generates only one binary package, and
11537 of the source package, it is usually sufficient to call
11539 </p>
11541 <p>
11542 Sources which build several binaries will typically need
11543 something like:
11544 <example>
11549 tells it which package's control file should be generated.
11550 </p>
11552 <p>
11555 (for example) a future invocation of
11557 </sect1>
11560 <heading>
11562 dependencies
11563 </heading>
11565 <p>
11567 </p>
11568 </sect1>
11571 <heading>
11574 </heading>
11576 <p>
11577 Some packages' uploads need to include files other than
11578 the source and binary package files.
11579 </p>
11581 <p>
11586 </p>
11588 <p>
11591 <example>
11593 </example>
11596 is usually the directory above the top level of the source
11598 file there just before or just after calling
11600 </p>
11602 <p>
11605 </p>
11606 </sect1>
11610 <heading>
11612 upload control file
11613 </heading>
11615 <p>
11617 </p>
11618 </sect1>
11621 <heading>
11623 representation of a changelog
11624 </heading>
11626 <p>
11628 </p>
11629 </sect1>
11632 <heading>
11634 host system
11635 </heading>
11637 <p>
11639 </p>
11640 </sect1>
11641 </sect>
11646 <p>
11647 The source archive scheme described later is intended to
11648 allow a Debian package source tree with some associated
11649 control information to be reproduced and transported easily.
11650 The Debian package source tree is a version of the original
11651 program with certain files added for the benefit of the
11652 packaging process, and with any other changes required
11653 made to the rest of the source code and installation
11654 scripts.
11655 </p>
11657 <p>
11658 The extra files created for Debian are in the subdirectory
11660 source tree. They are described below.
11661 </p>
11666 <p>
11668 </p>
11669 </sect1>
11674 <p>
11676 </p>
11678 </sect1>
11680 <sect1>
11683 <p>
11685 </p>
11686 </sect1>
11689 </heading>
11691 <p>
11692 This is the default temporary location for the construction of
11695 system tree as it is being constructed (for example, by using
11696 the package's upstream makefiles install targets and
11697 redirecting the output there), and it also contains
11700 </p>
11702 <p>
11703 This is only a default and can be easily overridden. Most
11706 case of a source package building only one binary package.
11708 temporary staging area for built files and do not construct
11709 packages from it.
11710 </p>
11712 <p>
11713 If several binary packages are generated from the same source
11714 tree, it is usual to use a separate
11716 package as the temporary construction locations.
11717 </p>
11719 <p>
11720 Whatever temporary directories are created and used by the
11723 </p>
11724 </sect1>
11725 </sect>
11729 </heading>
11731 <p>
11732 As it exists on the FTP site, a Debian source package
11733 consists of three related files. You must have the right
11734 versions of all three to be able to use them.
11735 </p>
11737 <p>
11738 <taglist>
11740 <item>
11742 to extract a source package.
11744 </item>
11746 <tag>
11747 Original source archive -
11748 <file>
11750 </file>
11751 </tag>
11753 <item>
11754 <p>
11757 the upstream authors of the program.
11758 </p>
11759 </item>
11761 <tag>
11762 Debian package diff -
11763 <file>
11765 </file>
11766 </tag>
11767 <item>
11769 <p>
11771 giving the changes which are required to turn the
11772 original source into the Debian source. These changes
11773 may only include editing and creating plain files.
11774 The permissions of files, the targets of symbolic
11775 links and the characteristics of special files or
11776 pipes may not be changed and no files may be removed
11777 or renamed.
11778 </p>
11780 <p>
11781 All the directories in the diff must exist, except the
11783 tree, which will be created by
11785 </p>
11787 <p>
11790 executable (see below).</p></item>
11791 </taglist>
11792 </p>
11794 <p>
11795 If there is no original source code - for example, if the
11796 package is specially prepared for Debian or the Debian
11797 maintainer is the same as the upstream maintainer - the
11798 format is slightly different: then there is no diff, and the
11799 tarfile is named
11801 and preferably contains a directory named
11803 </p>
11804 </sect>
11806 <sect>
11809 <p>
11811 Debian source package. However, if it is not available it
11812 is possible to unpack a Debian source archive as follows:
11814 <item>
11815 <p>
11817 directory.</p>
11818 </item>
11819 <item>
11822 </item>
11823 <item>
11824 <p>
11826 the source tree.</p>
11827 </item>
11829 </item>
11830 <item><p>Untar the tarfile again if you want a copy of the original
11831 source code alongside the Debian version.</p>
11832 </item>
11833 </enumlist>
11835 <p>
11836 It is not possible to generate a valid Debian source archive
11840 </p>
11842 <sect1>
11845 <p>
11846 The source package may not contain any hard links
11847 <footnote>
11848 This is not currently detected when building source
11849 packages, but only when extracting
11850 them.
11851 </footnote>
11852 <footnote>
11853 Hard links may be permitted at some point in the
11854 future, but would require a fair amount of
11855 work.
11856 </footnote>, device special files, sockets or setuid or
11857 setgid files.
11858 <footnote>
11859 Setgid directories are allowed.
11860 </footnote>
11861 </p>
11863 <p>
11864 The source packaging tools manage the changes between the
11868 package source must not involve any changes which cannot be
11869 handled by these tools. Problematic changes which cause
11871 building the source package are:
11874 </item>
11876 </item>
11878 </item>
11881 print a warning but continue anyway are:
11883 <item>
11884 <p>
11885 Removing files, directories or symlinks.
11886 <footnote>
11887 Renaming a file is not treated specially - it is
11888 seen as the removal of the old file (which
11889 generates a warning, but is otherwise ignored),
11890 and the creation of the new one.
11891 </footnote>
11892 </p>
11893 </item>
11894 <item>
11895 <p>
11896 Changed text files which are missing the usual final
11897 newline (either in the original or the modified
11898 source tree).
11899 </p>
11900 </item>
11901 </list>
11902 Changes which are not represented, but which are not detected by
11905 <item><p>Changing the permissions of files (other than
11907 </list>
11908 </p>
11910 <p>
11914 directory, and afterwards it will make
11916 </p>
11917 </sect1>
11918 </sect>
11919 </appendix>
11924 <p>
11926 data in a common format, known as control files. Binary and
11928 files which control the installation of uploaded files, and
11930 format.
11931 </p>
11933 <sect>
11936 <p>
11938 </p>
11940 <p>
11941 It is important to note that there are several fields which
11943 tools are concerned, but which must appear in every Debian
11944 package, or whose omission may cause problems.
11945 </p>
11946 </sect>
11948 <sect>
11951 <p>
11953 </p>
11955 <p>
11956 This section now contains only the fields that didn't belong
11957 to the Policy manual.
11958 </p>
11963 <p>
11965 filename(s) of (the parts of) a package in the
11966 distribution directories, relative to the root of the
11967 Debian hierarchy. If the package has been split into
11968 several parts the parts are all listed in order, separated
11969 by spaces.
11970 </p>
11971 </sect1>
11976 <p>
11978 bytes, expressed in decimal) and MD5 checksum of the
11979 file(s) which make(s) up a binary package in the
11980 distribution. If the package is split into several parts
11981 the values for the parts are listed in order, separated by
11982 spaces.
11983 </p>
11984 </sect1>
11989 <p>
11991 whether the user wants a package installed, removed or
11992 left alone, whether it is broken (requiring
11993 re-installation) or not and what its current state on the
11994 system is. Each of these pieces of information is a
11995 single word.
11996 </p>
11997 </sect1>
12002 <p>
12003 If a package is not installed or not configured, this
12005 version of the package which was successfully
12006 configured.
12007 </p>
12008 </sect1>
12013 <p>
12015 information about the automatically-managed configuration
12017 appear anywhere in a package!
12018 </p>
12019 </sect1>
12021 <sect1>
12024 <p>
12026 not appear anywhere any more.
12033 <item>
12034 The Debian revision part of the package version was
12035 at one point in a separate control field. This
12036 field went through several names.
12037 </item>
12048 </taglist>
12049 </p>
12050 </sect1>
12051 </sect>
12053 </appendix>
12058 <p>
12060 handling of package configuration files.
12061 </p>
12063 <p>
12064 Whether this mechanism is appropriate depends on a number of
12065 factors, but basically there are two approaches to any
12066 particular configuration file.
12067 </p>
12069 <p>
12070 The easy method is to ship a best-effort configuration in the
12072 handle updates. If the user is unlikely to want to edit the
12073 file, but you need them to be able to without losing their
12074 changes, and a new package with a changed version of the file
12075 is only released infrequently, this is a good approach.
12076 </p>
12078 <p>
12079 The hard method is to build the configuration file from
12081 responsibility for fixing any mistakes made in earlier
12082 versions of the package automatically. This will be
12083 appropriate if the file is likely to need to be different on
12084 each system.
12085 </p>
12087 <sect><heading>Automatic handling of configuration files by
12089 </heading>
12091 <p>
12092 A package may contain a control information file called
12094 of configuration files needing automatic handling, separated
12095 by newlines. The filenames should be absolute pathnames,
12096 and the files referred to should actually exist in the
12097 package.
12098 </p>
12100 <p>
12102 the configuration files during the configuration stage,
12104 script,
12105 </p>
12107 <p>
12108 For each file it checks to see whether the version of the
12109 file included in the package is the same as the one that was
12110 included in the last version of the package (the one that is
12111 being upgraded from); it also compares the version currently
12112 installed on the system with the one shipped with the last
12113 version.
12114 </p>
12116 <p>
12117 If neither the user nor the package maintainer has changed
12118 the file, it is left alone. If one or the other has changed
12119 their version, then the changed version is preferred - i.e.,
12120 if the user edits their file, but the package maintainer
12121 doesn't ship a different version, the user's changes will
12122 stay, silently, but if the maintainer ships a new version
12123 and the user hasn't edited it the new version will be
12124 installed (with an informative message). If both have
12125 changed their version the user is prompted about the problem
12126 and must resolve the differences themselves.
12127 </p>
12129 <p>
12130 The comparisons are done by calculating the MD5 message
12131 digests of the files, and storing the MD5 of the file as it
12132 was included in the most recent version of the package.
12133 </p>
12135 <p>
12136 When a package is installed for the first time
12138 unless that would mean overwriting a file already on the
12139 file system.
12140 </p>
12142 <p>
12144 replace a conffile that was removed by the user (or by a
12145 script). This is necessary because with some programs a
12146 missing file produces an effect hard or impossible to
12147 achieve in another way, so that a missing file needs to be
12148 kept that way if the user did it.
12149 </p>
12151 <p>
12155 the user confusing and possibly dangerous options for
12156 conffile update when the package is upgraded.</p>
12157 </sect>
12159 <sect><heading>Fully-featured maintainer script configuration
12160 handling
12161 </heading>
12163 <p>
12164 For files which contain site-specific information such as
12165 the hostname and networking details and so forth, it is
12166 better to create the file in the package's
12168 </p>
12170 <p>
12171 This will typically involve examining the state of the rest
12172 of the system to determine values and other information, and
12173 may involve prompting the user for some information which
12174 can't be obtained some other way.
12175 </p>
12177 <p>
12178 When using this method there are a couple of important
12179 issues which should be considered:
12180 </p>
12182 <p>
12183 If you discover a bug in the program which generates the
12184 configuration file, or if the format of the file changes
12185 from one version to the next, you will have to arrange for
12186 the postinst script to do something sensible - usually this
12187 will mean editing the installed configuration file to remove
12188 the problem or change the syntax. You will have to do this
12189 very carefully, since the user may have changed the file,
12190 perhaps to fix the very problem that your script is trying
12191 to deal with - you will have to detect these situations and
12192 deal with them correctly.
12193 </p>
12195 <p>
12196 If you do go down this route it's probably a good idea to
12197 make the program that generates the configuration file(s) a
12200 appropriate from the post-installation script. The
12202 unquestioningly overwrite an existing configuration - if its
12203 mode of operation is geared towards setting up a package for
12204 the first time (rather than any arbitrary reconfiguration
12205 later) you should have it check whether the configuration
12207 overwrite it.</p></sect>
12208 </appendix>
12212 Packaging Manual)
12213 </heading>
12215 <p>
12216 When several packages all provide different versions of the
12217 same program or file it is useful to have the system select a
12218 default, but to allow the system administrator to change it
12219 and have their decisions respected.
12220 </p>
12222 <p>
12224 editor, and there is no reason to prevent all of them from
12225 being installed at once, each under their own name
12228 refer to something, at least by default.
12229 </p>
12231 <p>
12232 If all the packages involved cooperate, this can be done with
12234 </p>
12236 <p>
12237 Each package provides its own version under its own name, and
12239 register its version (and again in its prerm to deregister
12240 it).
12241 </p>
12243 <p>
12246 </p>
12248 <p>
12250 you may wish to consider using diversions instead.</p>
12251 </appendix>
12254 package's version of a file (from old Packaging Manual)
12255 </heading>
12257 <p>
12259 when it reinstalls the package it belongs to, and to have it
12260 put the file from the package somewhere else instead.
12261 </p>
12263 <p>
12264 This can be used locally to override a package's version of a
12265 file, or by one package to override another's version (or
12266 provide a wrapper for it).
12267 </p>
12269 <p>
12270 Before deciding to use a diversion, read <ref
12272 rather than several alternative versions of a program.
12273 </p>
12275 <p>
12279 details of its operation.
12280 </p>
12282 <p>
12283 When a package wishes to divert a file from another, it should
12285 diversion and rename the existing file. For example,
12288 <example>
12289 dpkg-divert --package smailwrapper --add --rename \
12290 --divert /usr/sbin/smail.real /usr/sbin/smail
12293 can bypass the diversion and get installed as the true version.
12294 It's safe to add the diversion unconditionally on upgrades since
12295 it will be left unchanged if it already exists, but
12297 message, make the command conditional on the version from which
12298 the package is being upgraded:
12299 <example>
12301 dpkg-divert --package smailwrapper --add --rename \
12302 --divert /usr/sbin/smail.real /usr/sbin/smail
12303 fi
12305 diversion was first added to the package. Running the command
12306 during abort-upgrade is pointless but harmless.
12307 </p>
12309 <p>
12310 The postrm has to do the reverse:
12311 <example>
12313 dpkg-divert --package smailwrapper --remove --rename \
12314 --divert /usr/sbin/smail.real /usr/sbin/smail
12315 fi
12316 </example> If the diversion was added at a particular version, the
12317 postrm should also handle the failure case of upgrading from an
12318 older version (unless the older version is so old that direct
12319 upgrades are no longer supported):
12320 <example>
12322 dpkg-divert --package smailwrapper --remove --rename \
12323 --divert /usr/sbin/smail.real /usr/sbin/smail
12324 fi
12326 diversion was first added to the package. The postrm should not
12327 remove the diversion on upgrades both because there's no reason to
12328 remove the diversion only to immediately re-add it and since the
12329 postrm of the old package is run after unpacking so the removal of
12330 the diversion will fail.
12331 </p>
12333 <p>
12334 Do not attempt to divert a file which is vitally important for
12336 there is a time, after it has been diverted but before
12338 does not exist.</p>
12340 <p>
12342 handle it well.
12343 </p>
12344 </appendix>
12346 </book>
12347 </debiandoc>
12348 <!-- Local variables: -->
12349 <!-- indent-tabs-mode: t -->
12350 <!-- End: -->
12351 <!-- vim:set ai sts=2 sw=2 tw=76: -->