search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace 'copyright' by 'copyright information'.
[debian-policy.git] / policy.sgml
blobebf8d66ca3f97b02683e6ac60e6c0236d114ec24
1 <!doctype debiandoc system [
2 <!-- include version information so we don't have to hard code it
3 within the document -->
4 <!entity % versiondata SYSTEM "version.ent"> %versiondata;
5 ]>
6 <debiandoc>
7
8 <book>
9 <titlepag>
10 <title>Debian Policy Manual</title>
11 <author><qref id="authors">The Debian Policy Mailing List</qref></author>
12 <version>version &version;, &date;</version>
13
14 <abstract>
15 This manual describes the policy requirements for the Debian
16 GNU/Linux distribution. This includes the structure and
17 contents of the Debian archive and several design issues of
18 the operating system, as well as technical requirements that
19 each package must satisfy to be included in the distribution.
20 </abstract>
21
22 <copyright>
23 <copyrightsummary>
24 Copyright &copy; 1996,1997,1998 Ian Jackson
25 and Christian Schwarz.
26 </copyrightsummary>
27 <p>
28 These are the copyright dates of the original Policy manual.
29 Since then, this manual has been updated by many others. No
30 comprehensive collection of copyright notices for subsequent
31 work exists.
32 </p>
33
34 <p>
35 This manual is free software; you may redistribute it and/or
36 modify it under the terms of the GNU General Public License
37 as published by the Free Software Foundation; either version
38 2, or (at your option) any later version.
39 </p>
40
41 <p>
42 This is distributed in the hope that it will be useful, but
43 <em>without any warranty</em>; without even the implied
44 warranty of merchantability or fitness for a particular
45 purpose. See the GNU General Public License for more
46 details.
47 </p>
48
49 <p>
50 A copy of the GNU General Public License is available as
51 <file>/usr/share/common-licenses/GPL</file> in the Debian GNU/Linux
52 distribution or on the World Wide Web at
53 <url id="http://www.gnu.org/copyleft/gpl.html"
54 name="the GNU General Public Licence">. You can also
55 obtain it by writing to the Free Software Foundation, Inc.,
56 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
57 </p>
58 </copyright>
59 </titlepag>
60
61 <toc detail="sect1">
62
63 <chapt id="scope">
64 <heading>About this manual</heading>
65 <sect>
66 <heading>Scope</heading>
67 <p>
68 This manual describes the policy requirements for the Debian
69 GNU/Linux distribution. This includes the structure and
70 contents of the Debian archive and several design issues of the
71 operating system, as well as technical requirements that
72 each package must satisfy to be included in the
73 distribution.
74 </p>
75
76 <p>
77 This manual also describes Debian policy as it relates to
78 creating Debian packages. It is not a tutorial on how to build
79 packages, nor is it exhaustive where it comes to describing
80 the behavior of the packaging system. Instead, this manual
81 attempts to define the interface to the package management
82 system that the developers have to be conversant with.<footnote>
83 Informally, the criteria used for inclusion is that the
84 material meet one of the following requirements:
85 <taglist compact="compact">
86 <tag>Standard interfaces</tag>
87 <item>
88 The material presented represents an interface to
89 the packaging system that is mandated for use, and
90 is used by, a significant number of packages, and
91 therefore should not be changed without peer
92 review. Package maintainers can then rely on this
93 interface not changing, and the package management
94 software authors need to ensure compatibility with
95 this interface definition. (Control file and
96 changelog file formats are examples.)
97 </item>
98 <tag>Chosen Convention</tag>
99 <item>
100 If there are a number of technically viable choices
101 that can be made, but one needs to select one of
102 these options for inter-operability. The version
103 number format is one example.
104 </item>
105 </taglist>
106 Please note that these are not mutually exclusive;
107 selected conventions often become parts of standard
108 interfaces.
109 </footnote>
110 </p>
111
112 <p>
113 The footnotes present in this manual are
114 merely informative, and are not part of Debian policy itself.
115 </p>
116
117 <p>
118 The appendices to this manual are not necessarily normative,
119 either. Please see <ref id="pkg-scope"> for more information.
120 </p>
121
122 <p>
123 In the normative part of this manual,
124 the words <em>must</em>, <em>should</em> and
125 <em>may</em>, and the adjectives <em>required</em>,
126 <em>recommended</em> and <em>optional</em>, are used to
127 distinguish the significance of the various guidelines in
128 this policy document. Packages that do not conform to the
129 guidelines denoted by <em>must</em> (or <em>required</em>)
130 will generally not be considered acceptable for the Debian
131 distribution. Non-conformance with guidelines denoted by
132 <em>should</em> (or <em>recommended</em>) will generally be
133 considered a bug, but will not necessarily render a package
134 unsuitable for distribution. Guidelines denoted by
135 <em>may</em> (or <em>optional</em>) are truly optional and
136 adherence is left to the maintainer's discretion.
137 </p>
138
139 <p>
140 These classifications are roughly equivalent to the bug
141 severities <em>serious</em> (for <em>must</em> or
142 <em>required</em> directive violations), <em>minor</em>,
143 <em>normal</em> or <em>important</em>
144 (for <em>should</em> or <em>recommended</em> directive
145 violations) and <em>wishlist</em> (for <em>optional</em>
146 items).
147 <footnote>
148 Compare RFC 2119. Note, however, that these words are
149 used in a different way in this document.
150 </footnote>
151 </p>
152
153 <p>
154 Much of the information presented in this manual will be
155 useful even when building a package which is to be
156 distributed in some other way or is intended for local use
157 only.
158 </p>
159 </sect>
160
161 <sect>
162 <heading>New versions of this document</heading>
163
164 <p>
165 This manual is distributed via the Debian package
166 <package><url name="debian-policy"
167 id="http://packages.debian.org/debian-policy"></package>
168 (<httpsite>packages.debian.org</httpsite>
169 <httppath>/debian-policy</httppath>).
170 </p>
171
172 <p>
173 The current version of this document is also available from
174 the Debian web mirrors at
175 <tt><url name="/doc/debian-policy/"
176 id="http://www.debian.org/doc/debian-policy/"></tt>.
177 (
178 <httpsite>www.debian.org</httpsite>
179 <httppath>/doc/debian-policy/</httppath>)
180 Also available from the same directory are several other
181 formats: <file>policy.html.tar.gz</file>
182 (<httppath>/doc/debian-policy/policy.html.tar.gz</httppath>),
183 <file>policy.pdf.gz</file>
184 (<httppath>/doc/debian-policy/policy.pdf.gz</httppath>)
185 and <file>policy.ps.gz</file>
186 (<httppath>/doc/debian-policy/policy.ps.gz</httppath>).
187 </p>
188
189 <p>
190 The <package>debian-policy</package> package also includes the file
191 <file>upgrading-checklist.txt.gz</file> which indicates policy
192 changes between versions of this document.
193 </p>
194 </sect>
195
196 <sect id="authors">
197 <heading>Authors and Maintainers</heading>
198
199 <p>
200 Originally called "Debian GNU/Linux Policy Manual", this
201 manual was initially written in 1996 by Ian Jackson.
202 It was revised on November 27th, 1996 by David A. Morris.
203 Christian Schwarz added new sections on March 15th, 1997,
204 and reworked/restructured it in April-July 1997.
205 Christoph Lameter contributed the "Web Standard".
206 Julian Gilbey largely restructured it in 2001.
207 </p>
208
209 <p>
210 Since September 1998, the responsibility for the contents of
211 this document lies on the <url name="debian-policy mailing list"
212 id="mailto:debian-policy@lists.debian.org">. Proposals
213 are discussed there and inserted into policy after a certain
214 consensus is established.
215 <!-- insert shameless policy-process plug here eventually -->
216 The actual editing is done by a group of maintainers that have
217 no editorial powers. These are the current maintainers:
218
219 <enumlist>
220 <item>Julian Gilbey</item>
221 <item>Branden Robinson</item>
222 <item>Josip Rodin</item>
223 <item>Manoj Srivastava</item>
224 </enumlist>
225 </p>
226
227 <p>
228 While the authors of this document have tried hard to avoid
229 typos and other errors, these do still occur. If you discover
230 an error in this manual or if you want to give any
231 comments, suggestions, or criticisms please send an email to
232 the Debian Policy List,
233 <email>debian-policy@lists.debian.org</email>, or submit a
234 bug report against the <tt>debian-policy</tt> package.
235 </p>
236
237 <p>
238 Please do not try to reach the individual authors or maintainers
239 of the Policy Manual regarding changes to the Policy.
240 </p>
241 </sect>
242
243 <sect id="related">
244 <heading>Related documents</heading>
245
246 <p>
247 There are several other documents other than this Policy Manual
248 that are necessary to fully understand some Debian policies and
249 procedures.
250 </p>
251
252 <p>
253 The external "sub-policy" documents are referred to in:
254 <list compact="compact">
255 <item><ref id="fhs"></item>
256 <item><ref id="virtual_pkg"></item>
257 <item><ref id="menus"></item>
258 <item><ref id="mime"></item>
259 <item><ref id="perl"></item>
260 <item><ref id="maintscriptprompt"></item>
261 <item><ref id="emacs"></item>
262 </list>
263 </p>
264
265 <p>
266 In addition to those, which carry the weight of policy, there
267 is the Debian Developer's Reference. This document describes
268 procedures and resources for Debian developers, but it is
269 <em>not</em> normative; rather, it includes things that don't
270 belong in the Policy, such as best practices for developers.
271 </p>
272
273 <p>
274 The Developer's Reference is available in the
275 <package>developers-reference</package> package.
276 It's also available from the Debian web mirrors at
277 <tt><url name="/doc/developers-reference/"
278 id="http://www.debian.org/doc/developers-reference/"></tt>.
279 </p>
280 </sect>
281
282 <sect id="definitions">
283 <heading>Definitions</heading>
284
285 <p>
286 The following terms are used in this Policy Manual:
287 <taglist>
288 <tag>ASCII</tag>
289 <item>
290 The character encoding specified by ANSI X3.4-1986 and its
291 predecessor standards, referred to in MIME as US-ASCII, and
292 corresponding to an encoding in eight bits per character of
293 the first 128 <url id="http://www.unicode.org/"
294 name="Unicode"> characters, with the eighth bit always zero.
295 </item>
296 <tag>UTF-8</tag>
297 <item>
298 The transformation format (sometimes called encoding) of
299 <url id="http://www.unicode.org/" name="Unicode"> defined by
300 <url id="http://www.rfc-editor.org/rfc/rfc3629.txt"
301 name="RFC 3629">. UTF-8 has the useful property of having
302 ASCII as a subset, so any text encoded in ASCII is trivially
303 also valid UTF-8.
304 </item>
305 </taglist>
306 </p>
307 </sect>
308 </chapt>
309
310
311 <chapt id="archive">
312 <heading>The Debian Archive</heading>
313
314 <p>
315 The Debian GNU/Linux system is maintained and distributed as a
316 collection of <em>packages</em>. Since there are so many of
317 them (currently well over 15000), they are split into
318 <em>sections</em> and given <em>priorities</em> to simplify
319 the handling of them.
320 </p>
321
322 <p>
323 The effort of the Debian project is to build a free operating
324 system, but not every package we want to make accessible is
325 <em>free</em> in our sense (see the Debian Free Software
326 Guidelines, below), or may be imported/exported without
327 restrictions. Thus, the archive is split into areas<footnote>
328 The Debian archive software uses the term "component" internally
329 and in the Release file format to refer to the division of an
330 archive. The Debian Social Contract simply refers to "areas."
331 This document uses terminology similar to the Social Contract.
332 </footnote> based on their licenses and other restrictions.
333 </p>
334
335 <p>
336 The aims of this are:
337
338 <list compact="compact">
339 <item>to allow us to make as much software available as we can</item>
340 <item>to allow us to encourage everyone to write free software,
341 and</item>
342 <item>to allow us to make it easy for people to produce
343 CD-ROMs of our system without violating any licenses,
344 import/export restrictions, or any other laws.</item>
345 </list>
346 </p>
347
348 <p>
349 The <em>main</em> archive area forms the <em>Debian GNU/Linux
350 distribution</em>.
351 </p>
352
353 <p>
354 Packages in the other archive areas (<tt>contrib</tt>,
355 <tt>non-free</tt>) are not considered to be part of the Debian
356 distribution, although we support their use and provide
357 infrastructure for them (such as our bug-tracking system and
358 mailing lists). This Debian Policy Manual applies to these
359 packages as well.
360 </p>
361
362 <sect id="dfsg">
363 <heading>The Debian Free Software Guidelines</heading>
364 <p>
365 The Debian Free Software Guidelines (DFSG) form our
366 definition of "free software". These are:
367 <taglist>
368 <tag>1. Free Redistribution
369 </tag>
370 <item>
371 The license of a Debian component may not restrict any
372 party from selling or giving away the software as a
373 component of an aggregate software distribution
374 containing programs from several different
375 sources. The license may not require a royalty or
376 other fee for such sale.
377 </item>
378 <tag>2. Source Code
379 </tag>
380 <item>
381 The program must include source code, and must allow
382 distribution in source code as well as compiled form.
383 </item>
384 <tag>3. Derived Works
385 </tag>
386 <item>
387 The license must allow modifications and derived
388 works, and must allow them to be distributed under the
389 same terms as the license of the original software.
390 </item>
391 <tag>4. Integrity of The Author's Source Code
392 </tag>
393 <item>
394 The license may restrict source-code from being
395 distributed in modified form <em>only</em> if the
396 license allows the distribution of "patch files"
397 with the source code for the purpose of modifying the
398 program at build time. The license must explicitly
399 permit distribution of software built from modified
400 source code. The license may require derived works to
401 carry a different name or version number from the
402 original software. (This is a compromise. The Debian
403 Project encourages all authors to not restrict any
404 files, source or binary, from being modified.)
405 </item>
406 <tag>5. No Discrimination Against Persons or Groups
407 </tag>
408 <item>
409 The license must not discriminate against any person
410 or group of persons.
411 </item>
412 <tag>6. No Discrimination Against Fields of Endeavor
413 </tag>
414 <item>
415 The license must not restrict anyone from making use
416 of the program in a specific field of endeavor. For
417 example, it may not restrict the program from being
418 used in a business, or from being used for genetic
419 research.
420 </item>
421 <tag>7. Distribution of License
422 </tag>
423 <item>
424 The rights attached to the program must apply to all
425 to whom the program is redistributed without the need
426 for execution of an additional license by those
427 parties.
428 </item>
429 <tag>8. License Must Not Be Specific to Debian
430 </tag>
431 <item>
432 The rights attached to the program must not depend on
433 the program's being part of a Debian system. If the
434 program is extracted from Debian and used or
435 distributed without Debian but otherwise within the
436 terms of the program's license, all parties to whom
437 the program is redistributed must have the same
438 rights as those that are granted in conjunction with
439 the Debian system.
440 </item>
441 <tag>9. License Must Not Contaminate Other Software
442 </tag>
443 <item>
444 The license must not place restrictions on other
445 software that is distributed along with the licensed
446 software. For example, the license must not insist
447 that all other programs distributed on the same medium
448 must be free software.
449 </item>
450 <tag>10. Example Licenses
451 </tag>
452 <item>
453 The "GPL," "BSD," and "Artistic" licenses are examples of
454 licenses that we consider <em>free</em>.
455 </item>
456 </taglist>
457 </p>
458 </sect>
459
460 <sect id="sections">
461 <heading>Archive areas</heading>
462
463 <sect1 id="main">
464 <heading>The main archive area</heading>
465
466 <p>
467 Every package in <em>main</em> must comply with the DFSG
468 (Debian Free Software Guidelines).
469 </p>
470
471 <p>
472 In addition, the packages in <em>main</em>
473 <list compact="compact">
474 <item>
475 must not require a package outside of <em>main</em>
476 for compilation or execution (thus, the package must
477 not declare a "Depends", "Recommends", or
478 "Build-Depends" relationship on a non-<em>main</em>
479 package),
480 </item>
481 <item>
482 must not be so buggy that we refuse to support them,
483 and
484 </item>
485 <item>
486 must meet all policy requirements presented in this
487 manual.
488 </item>
489 </list>
490 </p>
491
492 </sect1>
493
494 <sect1 id="contrib">
495 <heading>The contrib archive area</heading>
496
497 <p>
498 Every package in <em>contrib</em> must comply with the DFSG.
499 </p>
500
501 <p>
502 In addition, the packages in <em>contrib</em>
503 <list compact="compact">
504 <item>
505 must not be so buggy that we refuse to support them,
506 and
507 </item>
508 <item>
509 must meet all policy requirements presented in this
510 manual.
511 </item>
512 </list>
513 </p>
514
515
516 <p>
517 Examples of packages which would be included in
518 <em>contrib</em> are:
519 <list compact="compact">
520 <item>
521 free packages which require <em>contrib</em>,
522 <em>non-free</em> packages or packages which are not
523 in our archive at all for compilation or execution,
524 and
525 </item>
526 <item>
527 wrapper packages or other sorts of free accessories for
528 non-free programs.
529 </item>
530 </list>
531 </p>
532 </sect1>
533
534 <sect1 id="non-free">
535 <heading>The non-free archive area</heading>
536
537 <p>
538 Packages must be placed in <em>non-free</em> if they are
539 not compliant with the DFSG or are encumbered by patents
540 or other legal issues that make their distribution
541 problematic.
542 </p>
543
544 <p>
545 In addition, the packages in <em>non-free</em>
546 <list compact="compact">
547 <item>
548 must not be so buggy that we refuse to support them,
549 and
550 </item>
551 <item>
552 must meet all policy requirements presented in this
553 manual that it is possible for them to meet.
554 <footnote>
555 It is possible that there are policy
556 requirements which the package is unable to
557 meet, for example, if the source is
558 unavailable. These situations will need to be
559 handled on a case-by-case basis.
560 </footnote>
561 </item>
562 </list>
563 </p>
564 </sect1>
565
566 </sect>
567
568 <sect id="pkgcopyright">
569 <heading>Copyright considerations</heading>
570
571 <p>
572 Every package must be accompanied by a verbatim copy of its
573 copyright information and distribution license in the file
574 <file>/usr/share/doc/<var>package</var>/copyright</file>
575 (see <ref id="copyrightfile"> for further details).
576 </p>
577
578 <p>
579 We reserve the right to restrict files from being included
580 anywhere in our archives if
581 <list compact="compact">
582 <item>
583 their use or distribution would break a law,
584 </item>
585 <item>
586 there is an ethical conflict in their distribution or
587 use,
588 </item>
589 <item>
590 we would have to sign a license for them, or
591 </item>
592 <item>
593 their distribution would conflict with other project
594 policies.
595 </item>
596 </list>
597 </p>
598
599 <p>
600 Programs whose authors encourage the user to make
601 donations are fine for the main distribution, provided
602 that the authors do not claim that not donating is
603 immoral, unethical, illegal or something similar; in such
604 a case they must go in <em>non-free</em>.
605 </p>
606
607 <p>
608 Packages whose copyright permission notices (or patent
609 problems) do not even allow redistribution of binaries
610 only, and where no special permission has been obtained,
611 must not be placed on the Debian FTP site and its mirrors
612 at all.
613 </p>
614
615 <p>
616 Note that under international copyright law (this applies
617 in the United States, too), <em>no</em> distribution or
618 modification of a work is allowed without an explicit
619 notice saying so. Therefore a program without a copyright
620 notice <em>is</em> copyrighted and you may not do anything
621 to it without risking being sued! Likewise if a program
622 has a copyright notice but no statement saying what is
623 permitted then nothing is permitted.
624 </p>
625
626 <p>
627 Many authors are unaware of the problems that restrictive
628 copyrights (or lack of copyright notices) can cause for
629 the users of their supposedly-free software. It is often
630 worthwhile contacting such authors diplomatically to ask
631 them to modify their license terms. However, this can be a
632 politically difficult thing to do and you should ask for
633 advice on the <tt>debian-legal</tt> mailing list first, as
634 explained below.
635 </p>
636
637 <p>
638 When in doubt about a copyright, send mail to
639 <email>debian-legal@lists.debian.org</email>. Be prepared
640 to provide us with the copyright statement. Software
641 covered by the GPL, public domain software and BSD-like
642 copyrights are safe; be wary of the phrases "commercial
643 use prohibited" and "distribution restricted".
644 </p>
645 </sect>
646
647 <sect id="subsections">
648 <heading>Sections</heading>
649
650 <p>
651 The packages in the archive areas <em>main</em>,
652 <em>contrib</em> and <em>non-free</em> are grouped further into
653 <em>sections</em> to simplify handling.
654 </p>
655
656 <p>
657 The archive area and section for each package should be
658 specified in the package's <tt>Section</tt> control record (see
659 <ref id="f-Section">). However, the maintainer of the Debian
660 archive may override this selection to ensure the consistency of
661 the Debian distribution. The <tt>Section</tt> field should be
662 of the form:
663 <list compact="compact">
664 <item>
665 <em>section</em> if the package is in the
666 <em>main</em> archive area,
667 </item>
668 <item>
669 <em>area/section</em> if the package is in
670 the <em>contrib</em> or <em>non-free</em>
671 archive areas.
672 </item>
673 </list>
674 </p>
675
676 <p>
677 The Debian archive maintainers provide the authoritative
678 list of sections. At present, they are:
679 <em>admin</em>, <em>cli-mono</em>, <em>comm</em>, <em>database</em>,
680 <em>devel</em>, <em>debug</em>, <em>doc</em>, <em>editors</em>,
681 <em>electronics</em>, <em>embedded</em>, <em>fonts</em>,
682 <em>games</em>, <em>gnome</em>, <em>graphics</em>, <em>gnu-r</em>,
683 <em>gnustep</em>, <em>hamradio</em>, <em>haskell</em>,
684 <em>httpd</em>, <em>interpreters</em>, <em>java</em>, <em>kde</em>,
685 <em>kernel</em>, <em>libs</em>, <em>libdevel</em>, <em>lisp</em>,
686 <em>localization</em>, <em>mail</em>, <em>math</em>, <em>misc</em>,
687 <em>net</em>, <em>news</em>, <em>ocaml</em>, <em>oldlibs</em>,
688 <em>otherosfs</em>, <em>perl</em>, <em>php</em>, <em>python</em>,
689 <em>ruby</em>, <em>science</em>, <em>shells</em>, <em>sound</em>,
690 <em>tex</em>, <em>text</em>, <em>utils</em>, <em>vcs</em>,
691 <em>video</em>, <em>web</em>, <em>x11</em>, <em>xfce</em>,
692 <em>zope</em>.
693 </p>
694 </sect>
695
696 <sect id="priorities">
697 <heading>Priorities</heading>
698
699 <p>
700 Each package should have a <em>priority</em> value, which is
701 included in the package's <em>control record</em>
702 (see <ref id="f-Priority">).
703 This information is used by the Debian package management tools to
704 separate high-priority packages from less-important packages.
705 </p>
706
707 <p>
708 The following <em>priority levels</em> are recognized by the
709 Debian package management tools.
710 <taglist>
711 <tag><tt>required</tt></tag>
712 <item>
713 Packages which are necessary for the proper
714 functioning of the system (usually, this means that
715 dpkg functionality depends on these packages).
716 Removing a <tt>required</tt> package may cause your
717 system to become totally broken and you may not even
718 be able to use <prgn>dpkg</prgn> to put things back,
719 so only do so if you know what you are doing. Systems
720 with only the <tt>required</tt> packages are probably
721 unusable, but they do have enough functionality to
722 allow the sysadmin to boot and install more software.
723 </item>
724 <tag><tt>important</tt></tag>
725 <item>
726 Important programs, including those which one would
727 expect to find on any Unix-like system. If the
728 expectation is that an experienced Unix person who
729 found it missing would say "What on earth is going on,
730 where is <prgn>foo</prgn>?", it must be an
731 <tt>important</tt> package.<footnote>
732 This is an important criterion because we are
733 trying to produce, amongst other things, a free
734 Unix.
735 </footnote>
736 Other packages without which the system will not run
737 well or be usable must also have priority
738 <tt>important</tt>. This does
739 <em>not</em> include Emacs, the X Window System, TeX
740 or any other large applications. The
741 <tt>important</tt> packages are just a bare minimum of
742 commonly-expected and necessary tools.
743 </item>
744 <tag><tt>standard</tt></tag>
745 <item>
746 These packages provide a reasonably small but not too
747 limited character-mode system. This is what will be
748 installed by default if the user doesn't select anything
749 else. It doesn't include many large applications.
750 </item>
751 <tag><tt>optional</tt></tag>
752 <item>
753 (In a sense everything that isn't required is
754 optional, but that's not what is meant here.) This is
755 all the software that you might reasonably want to
756 install if you didn't know what it was and don't have
757 specialized requirements. This is a much larger system
758 and includes the X Window System, a full TeX
759 distribution, and many applications. Note that
760 optional packages should not conflict with each other.
761 </item>
762 <tag><tt>extra</tt></tag>
763 <item>
764 This contains all packages that conflict with others
765 with required, important, standard or optional
766 priorities, or are only likely to be useful if you
767 already know what they are or have specialized
768 requirements (such as packages containing only detached
769 debugging symbols).
770 </item>
771 </taglist>
772 </p>
773
774 <p>
775 Packages must not depend on packages with lower priority
776 values (excluding build-time dependencies). In order to
777 ensure this, the priorities of one or more packages may need
778 to be adjusted.
779 </p>
780 </sect>
781
782 </chapt>
783
784
785 <chapt id="binary">
786 <heading>Binary packages</heading>
787
788 <p>
789 The Debian GNU/Linux distribution is based on the Debian
790 package management system, called <prgn>dpkg</prgn>. Thus,
791 all packages in the Debian distribution must be provided
792 in the <tt>.deb</tt> file format.
793 </p>
794
795 <sect>
796 <heading>The package name</heading>
797
798 <p>
799 Every package must have a name that's unique within the Debian
800 archive.
801 </p>
802
803 <p>
804 The package name is included in the control field
805 <tt>Package</tt>, the format of which is described
806 in <ref id="f-Package">.
807 The package name is also included as a part of the file name
808 of the <tt>.deb</tt> file.
809 </p>
810 </sect>
811
812 <sect id="versions">
813 <heading>The version of a package</heading>
814
815 <p>
816 Every package has a version number recorded in its
817 <tt>Version</tt> control file field, described in
818 <ref id="f-Version">.
819 </p>
820
821 <p>
822 The package management system imposes an ordering on version
823 numbers, so that it can tell whether packages are being up- or
824 downgraded and so that package system front end applications
825 can tell whether a package it finds available is newer than
826 the one installed on the system. The version number format
827 has the most significant parts (as far as comparison is
828 concerned) at the beginning.
829 </p>
830
831 <p>
832 If an upstream package has problematic version numbers they
833 should be converted to a sane form for use in the
834 <tt>Version</tt> field.
835 </p>
836
837 <sect1>
838 <heading>Version numbers based on dates</heading>
839
840 <p>
841 In general, Debian packages should use the same version
842 numbers as the upstream sources.
843 </p>
844
845 <p>
846 However, in some cases where the upstream version number is
847 based on a date (e.g., a development "snapshot" release) the
848 package management system cannot handle these version
849 numbers without epochs. For example, dpkg will consider
850 "96May01" to be greater than "96Dec24".
851 </p>
852
853 <p>
854 To prevent having to use epochs for every new upstream
855 version, the date based portion of the version number
856 should be changed to the following format in such cases:
857 "19960501", "19961224". It is up to the maintainer whether
858 they want to bother the upstream maintainer to change
859 the version numbers upstream, too.
860 </p>
861
862 <p>
863 Note that other version formats based on dates which are
864 parsed correctly by the package management system should
865 <em>not</em> be changed.
866 </p>
867
868 <p>
869 Native Debian packages (i.e., packages which have been
870 written especially for Debian) whose version numbers include
871 dates should always use the "YYYYMMDD" format.
872 </p>
873 </sect1>
874
875 </sect>
876
877 <sect>
878 <heading>The maintainer of a package</heading>
879
880 <p>
881 Every package must have a Debian maintainer (the
882 maintainer may be one person or a group of people
883 reachable from a common email address, such as a mailing
884 list). The maintainer is responsible for ensuring that
885 the package is placed in the appropriate distributions.
886 </p>
887
888 <p>
889 The maintainer must be specified in the
890 <tt>Maintainer</tt> control field with their correct name
891 and a working email address. If one person maintains
892 several packages, they should try to avoid having
893 different forms of their name and email address in
894 the <tt>Maintainer</tt> fields of those packages.
895 </p>
896
897 <p>
898 The format of the <tt>Maintainer</tt> control field is
899 described in <ref id="f-Maintainer">.
900 </p>
901
902 <p>
903 If the maintainer of a package quits from the Debian
904 project, "Debian QA Group"
905 <email>packages@qa.debian.org</email> takes over the
906 maintainer-ship of the package until someone else
907 volunteers for that task. These packages are called
908 <em>orphaned packages</em>.<footnote>
909 The detailed procedure for doing this gracefully can
910 be found in the Debian Developer's Reference,
911 see <ref id="related">.
912 </footnote>
913 </p>
914 </sect>
915
916 <sect id="descriptions">
917 <heading>The description of a package</heading>
918
919 <p>
920 Every Debian package must have an extended description
921 stored in the appropriate field of the control record.
922 The technical information about the format of the
923 <tt>Description</tt> field is in <ref id="f-Description">.
924 </p>
925
926 <p>
927 The description should describe the package (the program) to a
928 user (system administrator) who has never met it before so that
929 they have enough information to decide whether they want to
930 install it. This description should not just be copied verbatim
931 from the program's documentation.
932 </p>
933
934 <p>
935 Put important information first, both in the synopsis and
936 extended description. Sometimes only the first part of the
937 synopsis or of the description will be displayed. You can
938 assume that there will usually be a way to see the whole
939 extended description.
940 </p>
941
942 <p>
943 The description should also give information about the
944 significant dependencies and conflicts between this package
945 and others, so that the user knows why these dependencies and
946 conflicts have been declared.
947 </p>
948
949 <p>
950 Instructions for configuring or using the package should
951 not be included (that is what installation scripts,
952 manual pages, info files, etc., are for). Copyright
953 statements and other administrivia should not be included
954 either (that is what the copyright file is for).
955 </p>
956
957 <sect1 id="synopsis"><heading>The single line synopsis</heading>
958
959 <p>
960 The single line synopsis should be kept brief - certainly
961 under 80 characters.
962 </p>
963
964 <p>
965 Do not include the package name in the synopsis line. The
966 display software knows how to display this already, and you
967 do not need to state it. Remember that in many situations
968 the user may only see the synopsis line - make it as
969 informative as you can.
970 </p>
971
972 </sect1>
973
974 <sect1 id="extendeddesc"><heading>The extended description</heading>
975
976 <p>
977 Do not try to continue the single line synopsis into the
978 extended description. This will not work correctly when
979 the full description is displayed, and makes no sense
980 where only the summary (the single line synopsis) is
981 available.
982 </p>
983
984 <p>
985 The extended description should describe what the package
986 does and how it relates to the rest of the system (in terms
987 of, for example, which subsystem it is which part of).
988 </p>
989
990 <p>
991 The description field needs to make sense to anyone, even
992 people who have no idea about any of the things the
993 package deals with.<footnote>
994 The blurb that comes with a program in its
995 announcements and/or <prgn>README</prgn> files is
996 rarely suitable for use in a description. It is
997 usually aimed at people who are already in the
998 community where the package is used.
999 </footnote>
1000 </p>
1001
1002 </sect1>
1003
1004 </sect>
1005
1006 <sect>
1007 <heading>Dependencies</heading>
1008
1009 <p>
1010 Every package must specify the dependency information
1011 about other packages that are required for the first to
1012 work correctly.
1013 </p>
1014
1015 <p>
1016 For example, a dependency entry must be provided for any
1017 shared libraries required by a dynamically-linked executable
1018 binary in a package.
1019 </p>
1020
1021 <p>
1022 Packages are not required to declare any dependencies they
1023 have on other packages which are marked <tt>Essential</tt>
1024 (see below), and should not do so unless they depend on a
1025 particular version of that package.<footnote>
1026 <p>
1027 Essential is needed in part to avoid unresolvable dependency
1028 loops on upgrade. If packages add unnecessary dependencies
1029 on packages in this set, the chances that there
1030 <strong>will</strong> be an unresolvable dependency loop
1031 caused by forcing these Essential packages to be configured
1032 first before they need to be is greatly increased. It also
1033 increases the chances that frontends will be unable to
1034 <strong>calculate</strong> an upgrade path, even if one
1035 exists.
1036 </p>
1037 <p>
1038 Also, functionality is rarely ever removed from the
1039 Essential set, but <em>packages</em> have been removed from
1040 the Essential set when the functionality moved to a
1041 different package. So depending on these packages <em>just
1042 in case</em> they stop being essential does way more harm
1043 than good.
1044 </p>
1045 </footnote>
1046 </p>
1047
1048 <p>
1049 Sometimes, a package requires another package to be installed
1050 <em>and</em> configured before it can be installed. In this
1051 case, you must specify a <tt>Pre-Depends</tt> entry for
1052 the package.
1053 </p>
1054
1055 <p>
1056 You should not specify a <tt>Pre-Depends</tt> entry for a
1057 package before this has been discussed on the
1058 <tt>debian-devel</tt> mailing list and a consensus about
1059 doing that has been reached.
1060 </p>
1061
1062 <p>
1063 The format of the package interrelationship control fields is
1064 described in <ref id="relationships">.
1065 </p>
1066 </sect>
1067
1068 <sect id="virtual_pkg">
1069 <heading>Virtual packages</heading>
1070
1071 <p>
1072 Sometimes, there are several packages which offer
1073 more-or-less the same functionality. In this case, it's
1074 useful to define a <em>virtual package</em> whose name
1075 describes that common functionality. (The virtual
1076 packages only exist logically, not physically; that's why
1077 they are called <em>virtual</em>.) The packages with this
1078 particular function will then <em>provide</em> the virtual
1079 package. Thus, any other package requiring that function
1080 can simply depend on the virtual package without having to
1081 specify all possible packages individually.
1082 </p>
1083
1084 <p>
1085 All packages should use virtual package names where
1086 appropriate, and arrange to create new ones if necessary.
1087 They should not use virtual package names (except privately,
1088 amongst a cooperating group of packages) unless they have
1089 been agreed upon and appear in the list of virtual package
1090 names. (See also <ref id="virtual">)
1091 </p>
1092
1093 <p>
1094 The latest version of the authoritative list of virtual
1095 package names can be found in the <tt>debian-policy</tt> package.
1096 It is also available from the Debian web mirrors at
1097 <tt><url name="/doc/packaging-manuals/virtual-package-names-list.txt"
1098 id="http://www.debian.org/doc/packaging-manuals/virtual-package-names-list.txt"></tt>.
1099 </p>
1100
1101 <p>
1102 The procedure for updating the list is described in the preface
1103 to the list.
1104 </p>
1105
1106 </sect>
1107
1108 <sect>
1109 <heading>Base system</heading>
1110
1111 <p>
1112 The <tt>base system</tt> is a minimum subset of the Debian
1113 GNU/Linux system that is installed before everything else
1114 on a new system. Only very few packages are allowed to form
1115 part of the base system, in order to keep the required disk
1116 usage very small.
1117 </p>
1118
1119 <p>
1120 The base system consists of all those packages with priority
1121 <tt>required</tt> or <tt>important</tt>. Many of them will
1122 be tagged <tt>essential</tt> (see below).
1123 </p>
1124 </sect>
1125
1126 <sect>
1127 <heading>Essential packages</heading>
1128
1129 <p>
1130 Essential is defined as the minimal set of functionality that
1131 must be available and usable on the system at all times, even
1132 when packages are in an unconfigured (but unpacked) state.
1133 Packages are tagged <tt>essential</tt> for a system using the
1134 <tt>Essential</tt> control file field. The format of the
1135 <tt>Essential</tt> control field is described in <ref
1136 id="f-Essential">.
1137 </p>
1138
1139 <p>
1140 Since these packages cannot be easily removed (one has to
1141 specify an extra <em>force option</em> to
1142 <prgn>dpkg</prgn> to do so), this flag must not be used
1143 unless absolutely necessary. A shared library package
1144 must not be tagged <tt>essential</tt>; dependencies will
1145 prevent its premature removal, and we need to be able to
1146 remove it when it has been superseded.
1147 </p>
1148
1149 <p>
1150 Since dpkg will not prevent upgrading of other packages
1151 while an <tt>essential</tt> package is in an unconfigured
1152 state, all <tt>essential</tt> packages must supply all of
1153 their core functionality even when unconfigured. If the
1154 package cannot satisfy this requirement it must not be
1155 tagged as essential, and any packages depending on this
1156 package must instead have explicit dependency fields as
1157 appropriate.
1158 </p>
1159
1160 <p>
1161 Maintainers should take great care in adding any programs,
1162 interfaces, or functionality to <tt>essential</tt> packages.
1163 Packages may assume that functionality provided by
1164 <tt>essential</tt> packages is always available without
1165 declaring explicit dependencies, which means that removing
1166 functionality from the Essential set is very difficult and is
1167 almost never done. Any capability added to an
1168 <tt>essential</tt> package therefore creates an obligation to
1169 support that capability as part of the Essential set in
1170 perpetuity.
1171 </p>
1172
1173 <p>
1174 You must not tag any packages <tt>essential</tt> before
1175 this has been discussed on the <tt>debian-devel</tt>
1176 mailing list and a consensus about doing that has been
1177 reached.
1178 </p>
1179 </sect>
1180
1181 <sect id="maintscripts">
1182 <heading>Maintainer Scripts</heading>
1183
1184 <p>
1185 The package installation scripts should avoid producing
1186 output which is unnecessary for the user to see and
1187 should rely on <prgn>dpkg</prgn> to stave off boredom on
1188 the part of a user installing many packages. This means,
1189 amongst other things, using the <tt>--quiet</tt> option on
1190 <prgn>install-info</prgn>.
1191 </p>
1192
1193 <p>
1194 Errors which occur during the execution of an installation
1195 script must be checked and the installation must not
1196 continue after an error.
1197 </p>
1198
1199 <p>
1200 Note that in general <ref id="scripts"> applies to package
1201 maintainer scripts, too.
1202 </p>
1203
1204 <p>
1205 You should not use <prgn>dpkg-divert</prgn> on a file
1206 belonging to another package without consulting the
1207 maintainer of that package first.
1208 </p>
1209
1210 <p>
1211 All packages which supply an instance of a common command
1212 name (or, in general, filename) should generally use
1213 <prgn>update-alternatives</prgn>, so that they may be
1214 installed together. If <prgn>update-alternatives</prgn>
1215 is not used, then each package must use
1216 <tt>Conflicts</tt> to ensure that other packages are
1217 de-installed. (In this case, it may be appropriate to
1218 specify a conflict against earlier versions of something
1219 that previously did not use
1220 <prgn>update-alternatives</prgn>; this is an exception to
1221 the usual rule that versioned conflicts should be
1222 avoided.)
1223 </p>
1224
1225 <sect1 id="maintscriptprompt">
1226 <heading>Prompting in maintainer scripts</heading>
1227 <p>
1228 Package maintainer scripts may prompt the user if
1229 necessary. Prompting must be done by communicating
1230 through a program, such as <prgn>debconf</prgn>, which
1231 conforms to the Debian Configuration Management
1232 Specification, version 2 or higher.
1233 </p>
1234
1235 <p>
1236 Packages which are essential, or which are dependencies of
1237 essential packages, may fall back on another prompting method
1238 if no such interface is available when they are executed.
1239 </p>
1240
1241 <p>
1242 The Debian Configuration Management Specification is included
1243 in the <file>debconf_specification</file> files in the
1244 <package>debian-policy</package> package.
1245 It is also available from the Debian web mirrors at
1246 <tt><url name="/doc/packaging-manuals/debconf_specification.html"
1247 id="http://www.debian.org/doc/packaging-manuals/debconf_specification.html"></tt>.
1248 </p>
1249
1250 <p>
1251 Packages which use the Debian Configuration Management
1252 Specification may contain an additional
1253 <prgn>config</prgn> script and a <tt>templates</tt>
1254 file in their control archive<footnote>
1255 The control.tar.gz inside the .deb.
1256 See <manref name="deb" section="5">.
1257 </footnote>.
1258 The <prgn>config</prgn> script might be run before the
1259 <prgn>preinst</prgn> script, and before the package is unpacked
1260 or any of its dependencies or pre-dependencies are satisfied.
1261 Therefore it must work using only the tools present in
1262 <em>essential</em> packages.<footnote>
1263 <package>Debconf</package> or another tool that
1264 implements the Debian Configuration Management
1265 Specification will also be installed, and any
1266 versioned dependencies on it will be satisfied
1267 before preconfiguration begins.
1268 </footnote>
1269 </p>
1270
1271 <p>
1272 Packages which use the Debian Configuration Management
1273 Specification must allow for translation of their user-visible
1274 messages by using a gettext-based system such as the one
1275 provided by the <package>po-debconf</package> package.
1276 </p>
1277
1278 <p>
1279 Packages should try to minimize the amount of prompting
1280 they need to do, and they should ensure that the user
1281 will only ever be asked each question once. This means
1282 that packages should try to use appropriate shared
1283 configuration files (such as <file>/etc/papersize</file> and
1284 <file>/etc/news/server</file>), and shared
1285 <package>debconf</package> variables rather than each
1286 prompting for their own list of required pieces of
1287 information.
1288 </p>
1289
1290 <p>
1291 It also means that an upgrade should not ask the same
1292 questions again, unless the user has used
1293 <tt>dpkg --purge</tt> to remove the package's configuration.
1294 The answers to configuration questions should be stored in an
1295 appropriate place in <file>/etc</file> so that the user can
1296 modify them, and how this has been done should be
1297 documented.
1298 </p>
1299
1300 <p>
1301 If a package has a vitally important piece of
1302 information to pass to the user (such as "don't run me
1303 as I am, you must edit the following configuration files
1304 first or you risk your system emitting badly-formatted
1305 messages"), it should display this in the
1306 <prgn>config</prgn> or <prgn>postinst</prgn> script and
1307 prompt the user to hit return to acknowledge the
1308 message. Copyright messages do not count as vitally
1309 important (they belong in
1310 <file>/usr/share/doc/<var>package</var>/copyright</file>);
1311 neither do instructions on how to use a program (these
1312 should be in on-line documentation, where all the users
1313 can see them).
1314 </p>
1315
1316 <p>
1317 Any necessary prompting should almost always be confined
1318 to the <prgn>config</prgn> or <prgn>postinst</prgn>
1319 script. If it is done in the <prgn>postinst</prgn>, it
1320 should be protected with a conditional so that
1321 unnecessary prompting doesn't happen if a package's
1322 installation fails and the <prgn>postinst</prgn> is
1323 called with <tt>abort-upgrade</tt>,
1324 <tt>abort-remove</tt> or <tt>abort-deconfigure</tt>.
1325 </p>
1326 </sect1>
1327
1328 </sect>
1329
1330 </chapt>
1331
1332
1333 <chapt id="source">
1334 <heading>Source packages</heading>
1335
1336 <sect id="standardsversion">
1337 <heading>Standards conformance</heading>
1338
1339 <p>
1340 Source packages should specify the most recent version number
1341 of this policy document with which your package complied
1342 when it was last updated.
1343 </p>
1344
1345 <p>
1346 This information may be used to file bug reports
1347 automatically if your package becomes too much out of date.
1348 </p>
1349
1350 <p>
1351 The version is specified in the <tt>Standards-Version</tt>
1352 control field.
1353 The format of the <tt>Standards-Version</tt> field is
1354 described in <ref id="f-Standards-Version">.
1355 </p>
1356
1357 <p>
1358 You should regularly, and especially if your package has
1359 become out of date, check for the newest Policy Manual
1360 available and update your package, if necessary. When your
1361 package complies with the new standards you should update the
1362 <tt>Standards-Version</tt> source package field and
1363 release it.<footnote>
1364 See the file <file>upgrading-checklist</file> for
1365 information about policy which has changed between
1366 different versions of this document.
1367 </footnote>
1368 </p>
1369
1370 </sect>
1371
1372 <sect id="pkg-relations">
1373 <heading>Package relationships</heading>
1374
1375 <p>
1376 Source packages should specify which binary packages they
1377 require to be installed or not to be installed in order to
1378 build correctly. For example, if building a package
1379 requires a certain compiler, then the compiler should be
1380 specified as a build-time dependency.
1381 </p>
1382
1383 <p>
1384 It is not necessary to explicitly specify build-time
1385 relationships on a minimal set of packages that are always
1386 needed to compile, link and put in a Debian package a
1387 standard "Hello World!" program written in C or C++. The
1388 required packages are called <em>build-essential</em>, and
1389 an informational list can be found in
1390 <file>/usr/share/doc/build-essential/list</file> (which is
1391 contained in the <tt>build-essential</tt>
1392 package).<footnote>
1393 Rationale:
1394 <list compact="compact">
1395 <item>
1396 This allows maintaining the list separately
1397 from the policy documents (the list does not
1398 need the kind of control that the policy
1399 documents do).
1400 </item>
1401 <item>
1402 Having a separate package allows one to install
1403 the build-essential packages on a machine, as
1404 well as allowing other packages such as tasks to
1405 require installation of the build-essential
1406 packages using the depends relation.
1407 </item>
1408 <item>
1409 The separate package allows bug reports against
1410 the list to be categorized separately from
1411 the policy management process in the BTS.
1412 </item>
1413 </list>
1414 </footnote>
1415 </p>
1416
1417 <p>
1418 When specifying the set of build-time dependencies, one
1419 should list only those packages explicitly required by the
1420 build. It is not necessary to list packages which are
1421 required merely because some other package in the list of
1422 build-time dependencies depends on them.<footnote>
1423 The reason for this is that dependencies change, and
1424 you should list all those packages, and <em>only</em>
1425 those packages that <em>you</em> need directly. What
1426 others need is their business. For example, if you
1427 only link against <file>libimlib</file>, you will need to
1428 build-depend on <package>libimlib2-dev</package> but
1429 not against any <tt>libjpeg*</tt> packages, even
1430 though <tt>libimlib2-dev</tt> currently depends on
1431 them: installation of <package>libimlib2-dev</package>
1432 will automatically ensure that all of its run-time
1433 dependencies are satisfied.
1434 </footnote>
1435 </p>
1436
1437 <p>
1438 If build-time dependencies are specified, it must be
1439 possible to build the package and produce working binaries
1440 on a system with only essential and build-essential
1441 packages installed and also those required to satisfy the
1442 build-time relationships (including any implied
1443 relationships). In particular, this means that version
1444 clauses should be used rigorously in build-time
1445 relationships so that one cannot produce bad or
1446 inconsistently configured packages when the relationships
1447 are properly satisfied.
1448 </p>
1449
1450 <p>
1451 <ref id="relationships"> explains the technical details.
1452 </p>
1453 </sect>
1454
1455 <sect>
1456 <heading>Changes to the upstream sources</heading>
1457
1458 <p>
1459 If changes to the source code are made that are not
1460 specific to the needs of the Debian system, they should be
1461 sent to the upstream authors in whatever form they prefer
1462 so as to be included in the upstream version of the
1463 package.
1464 </p>
1465
1466 <p>
1467 If you need to configure the package differently for
1468 Debian or for Linux, and the upstream source doesn't
1469 provide a way to do so, you should add such configuration
1470 facilities (for example, a new <prgn>autoconf</prgn> test
1471 or <tt>#define</tt>) and send the patch to the upstream
1472 authors, with the default set to the way they originally
1473 had it. You can then easily override the default in your
1474 <file>debian/rules</file> or wherever is appropriate.
1475 </p>
1476
1477 <p>
1478 You should make sure that the <prgn>configure</prgn> utility
1479 detects the correct architecture specification string
1480 (refer to <ref id="arch-spec"> for details).
1481 </p>
1482
1483 <p>
1484 If you need to edit a <prgn>Makefile</prgn> where GNU-style
1485 <prgn>configure</prgn> scripts are used, you should edit the
1486 <file>.in</file> files rather than editing the
1487 <prgn>Makefile</prgn> directly. This allows the user to
1488 reconfigure the package if necessary. You should
1489 <em>not</em> configure the package and edit the generated
1490 <prgn>Makefile</prgn>! This makes it impossible for someone
1491 else to later reconfigure the package without losing the
1492 changes you made.
1493 </p>
1494
1495 </sect>
1496
1497 <sect id="dpkgchangelog">
1498 <heading>Debian changelog: <file>debian/changelog</file></heading>
1499
1500 <p>
1501 Changes in the Debian version of the package should be
1502 briefly explained in the Debian changelog file
1503 <file>debian/changelog</file>.<footnote>
1504 <p>
1505 Mistakes in changelogs are usually best rectified by
1506 making a new changelog entry rather than "rewriting
1507 history" by editing old changelog entries.
1508 </p>
1509 </footnote>
1510 This includes modifications
1511 made in the Debian package compared to the upstream one
1512 as well as other changes and updates to the package.
1513 <footnote>
1514 Although there is nothing stopping an author who is also
1515 the Debian maintainer from using this changelog for all
1516 their changes, it will have to be renamed if the Debian
1517 and upstream maintainers become different people. In such
1518 a case, however, it might be better to maintain the package
1519 as a non-native package.
1520 </footnote>
1521 </p>
1522
1523 <p>
1524 The format of the <file>debian/changelog</file> allows the
1525 package building tools to discover which version of the package
1526 is being built and find out other release-specific information.
1527 </p>
1528
1529 <p>
1530 That format is a series of entries like this:
1531
1532 <example compact="compact">
1533 <var>package</var> (<var>version</var>) <var>distribution(s)</var>; urgency=<var>urgency</var>
1534 <var>
1535 [optional blank line(s), stripped]
1536 </var>
1537 * <var>change details</var>
1538 <var>more change details</var>
1539 <var>
1540 [blank line(s), included in output of dpkg-parsechangelog]
1541 </var>
1542 * <var>even more change details</var>
1543 <var>
1544 [optional blank line(s), stripped]
1545 </var>
1546 -- <var>maintainer name</var> &lt;<var>email address</var>&gt;<var>[two spaces]</var> <var>date</var>
1547 </example>
1548 </p>
1549
1550 <p>
1551 <var>package</var> and <var>version</var> are the source
1552 package name and version number.
1553 </p>
1554
1555 <p>
1556 <var>distribution(s)</var> lists the distributions where
1557 this version should be installed when it is uploaded - it
1558 is copied to the <tt>Distribution</tt> field in the
1559 <file>.changes</file> file. See <ref id="f-Distribution">.
1560 </p>
1561
1562 <p>
1563 <var>urgency</var> is the value for the <tt>Urgency</tt>
1564 field in the <file>.changes</file> file for the upload
1565 (see <ref id="f-Urgency">). It is not possible to specify
1566 an urgency containing commas; commas are used to separate
1567 <tt><var>keyword</var>=<var>value</var></tt> settings in the
1568 <prgn>dpkg</prgn> changelog format (though there is
1569 currently only one useful <var>keyword</var>,
1570 <tt>urgency</tt>).
1571 </p>
1572
1573 <p>
1574 The change details may in fact be any series of lines
1575 starting with at least two spaces, but conventionally each
1576 change starts with an asterisk and a separating space and
1577 continuation lines are indented so as to bring them in
1578 line with the start of the text above. Blank lines may be
1579 used here to separate groups of changes, if desired.
1580 </p>
1581
1582 <p>
1583 If this upload resolves bugs recorded in the Bug Tracking
1584 System (BTS), they may be automatically closed on the
1585 inclusion of this package into the Debian archive by
1586 including the string: <tt>closes: Bug#<var>nnnnn</var></tt>
1587 in the change details.<footnote>
1588 To be precise, the string should match the following
1589 Perl regular expression:
1590 <example>
1591 /closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i
1592 </example>
1593 Then all of the bug numbers listed will be closed by the
1594 archive maintenance script (<prgn>katie</prgn>) using the
1595 <var>version</var> of the changelog entry.
1596 </footnote>
1597 This information is conveyed via the <tt>Closes</tt> field
1598 in the <tt>.changes</tt> file (see <ref id="f-Closes">).
1599 </p>
1600
1601 <p>
1602 The maintainer name and email address used in the changelog
1603 should be the details of the person uploading <em>this</em>
1604 version. They are <em>not</em> necessarily those of the
1605 usual package maintainer. The information here will be
1606 copied to the <tt>Changed-By</tt> field in the
1607 <tt>.changes</tt> file (see <ref id="f-Changed-By">),
1608 and then later used to send an acknowledgement when the
1609 upload has been installed.
1610 </p>
1611
1612 <p>
1613 The <var>date</var> must be in RFC822 format<footnote>
1614 This is generated by <tt>date -R</tt>.
1615 </footnote>; it must include the time zone specified
1616 numerically, with the time zone name or abbreviation
1617 optionally present as a comment in parentheses.
1618 </p>
1619
1620 <p>
1621 The first "title" line with the package name must start
1622 at the left hand margin. The "trailer" line with the
1623 maintainer and date details must be preceded by exactly
1624 one space. The maintainer details and the date must be
1625 separated by exactly two spaces.
1626 </p>
1627
1628 <p>
1629 The entire changelog must be encoded in UTF-8.
1630 </p>
1631
1632 <p>
1633 For more information on placement of the changelog files
1634 within binary packages, please see <ref id="changelogs">.
1635 </p>
1636 </sect>
1637
1638 <sect id="dpkgcopyright">
1639 <heading>Copyright: <file>debian/copyright</file></heading>
1640 <p>
1641 Every package must be accompanied by a verbatim copy of its
1642 copyright information and distribution license in the file
1643 <file>/usr/share/doc/<var>package</var>/copyright</file>
1644 (see <ref id="copyrightfile"> for further details). Also see
1645 <ref id="pkgcopyright"> for further considerations related
1646 to copyrights for packages.
1647 </p>
1648 </sect>
1649 <sect>
1650 <heading>Error trapping in makefiles</heading>
1651
1652 <p>
1653 When <prgn>make</prgn> invokes a command in a makefile
1654 (including your package's upstream makefiles and
1655 <file>debian/rules</file>), it does so using <prgn>sh</prgn>. This
1656 means that <prgn>sh</prgn>'s usual bad error handling
1657 properties apply: if you include a miniature script as one
1658 of the commands in your makefile you'll find that if you
1659 don't do anything about it then errors are not detected
1660 and <prgn>make</prgn> will blithely continue after
1661 problems.
1662 </p>
1663
1664 <p>
1665 Every time you put more than one shell command (this
1666 includes using a loop) in a makefile command you
1667 must make sure that errors are trapped. For
1668 simple compound commands, such as changing directory and
1669 then running a program, using <tt>&amp;&amp;</tt> rather
1670 than semicolon as a command separator is sufficient. For
1671 more complex commands including most loops and
1672 conditionals you should include a separate <tt>set -e</tt>
1673 command at the start of every makefile command that's
1674 actually one of these miniature shell scripts.
1675 </p>
1676 </sect>
1677
1678 <sect id="timestamps">
1679 <heading>Time Stamps</heading>
1680 <p>
1681 Maintainers should preserve the modification times of the
1682 upstream source files in a package, as far as is reasonably
1683 possible.<footnote>
1684 The rationale is that there is some information conveyed
1685 by knowing the age of the file, for example, you could
1686 recognize that some documentation is very old by looking
1687 at the modification time, so it would be nice if the
1688 modification time of the upstream source would be
1689 preserved.
1690 </footnote>
1691 </p>
1692 </sect>
1693
1694 <sect id="restrictions">
1695 <heading>Restrictions on objects in source packages</heading>
1696
1697 <p>
1698 The source package may not contain any hard links<footnote>
1699 <p>
1700 This is not currently detected when building source
1701 packages, but only when extracting
1702 them.
1703 </p>
1704 <p>
1705 Hard links may be permitted at some point in the
1706 future, but would require a fair amount of
1707 work.
1708 </p>
1709 </footnote>, device special files, sockets or setuid or
1710 setgid files.<footnote>
1711 Setgid directories are allowed.
1712 </footnote>
1713 </p>
1714 </sect>
1715
1716 <sect id="debianrules">
1717 <heading>Main building script: <file>debian/rules</file></heading>
1718
1719 <p>
1720 This file must be an executable makefile, and contains the
1721 package-specific recipes for compiling the package and
1722 building binary package(s) from the source.
1723 </p>
1724
1725 <p>
1726 It must start with the line <tt>#!/usr/bin/make -f</tt>,
1727 so that it can be invoked by saying its name rather than
1728 invoking <prgn>make</prgn> explicitly. That is, invoking
1729 either of <tt>make -f debian/rules <em>args...</em></tt>
1730 or <tt>./debian/rules <em>args...</em></tt> must result in
1731 identical behavior.
1732 </p>
1733
1734 <p>
1735 Since an interactive <file>debian/rules</file> script makes it
1736 impossible to auto-compile that package and also makes it
1737 hard for other people to reproduce the same binary
1738 package, all <em>required targets</em> must be
1739 non-interactive. At a minimum, required targets are the
1740 ones called by <prgn>dpkg-buildpackage</prgn>, namely,
1741 <em>clean</em>, <em>binary</em>, <em>binary-arch</em>,
1742 <em>binary-indep</em>, and <em>build</em>. It also follows
1743 that any target that these targets depend on must also be
1744 non-interactive.
1745 </p>
1746
1747 <p>
1748 The targets are as follows (required unless stated otherwise):
1749 <taglist>
1750 <tag><tt>build</tt></tag>
1751 <item>
1752 <p>
1753 The <tt>build</tt> target should perform all the
1754 configuration and compilation of the package.
1755 If a package has an interactive pre-build
1756 configuration routine, the Debianized source package
1757 must either be built after this has taken place (so
1758 that the binary package can be built without rerunning
1759 the configuration) or the configuration routine
1760 modified to become non-interactive. (The latter is
1761 preferable if there are architecture-specific features
1762 detected by the configuration routine.)
1763 </p>
1764
1765 <p>
1766 For some packages, notably ones where the same
1767 source tree is compiled in different ways to produce
1768 two binary packages, the <tt>build</tt> target
1769 does not make much sense. For these packages it is
1770 good enough to provide two (or more) targets
1771 (<tt>build-a</tt> and <tt>build-b</tt> or whatever)
1772 for each of the ways of building the package, and a
1773 <tt>build</tt> target that does nothing. The
1774 <tt>binary</tt> target will have to build the
1775 package in each of the possible ways and make the
1776 binary package out of each.
1777 </p>
1778
1779 <p>
1780 The <tt>build</tt> target must not do anything
1781 that might require root privilege.
1782 </p>
1783
1784 <p>
1785 The <tt>build</tt> target may need to run the
1786 <tt>clean</tt> target first - see below.
1787 </p>
1788
1789 <p>
1790 When a package has a configuration and build routine
1791 which takes a long time, or when the makefiles are
1792 poorly designed, or when <tt>build</tt> needs to
1793 run <tt>clean</tt> first, it is a good idea to
1794 <tt>touch build</tt> when the build process is
1795 complete. This will ensure that if <tt>debian/rules
1796 build</tt> is run again it will not rebuild the whole
1797 program.<footnote>
1798 Another common way to do this is for <tt>build</tt>
1799 to depend on <prgn>build-stamp</prgn> and to do
1800 nothing else, and for the <prgn>build-stamp</prgn>
1801 target to do the building and to <tt>touch
1802 build-stamp</tt> on completion. This is
1803 especially useful if the build routine creates a
1804 file or directory called <tt>build</tt>; in such a
1805 case, <tt>build</tt> will need to be listed as
1806 a phony target (i.e., as a dependency of the
1807 <tt>.PHONY</tt> target). See the documentation of
1808 <prgn>make</prgn> for more information on phony
1809 targets.
1810 </footnote>
1811 </p>
1812 </item>
1813
1814 <tag><tt>build-arch</tt> (optional),
1815 <tt>build-indep</tt> (optional)
1816 </tag>
1817 <item>
1818 <p>
1819 A package may also provide both of the targets
1820 <tt>build-arch</tt> and <tt>build-indep</tt>.
1821 The <tt>build-arch</tt> target, if provided, should
1822 perform all the configuration and compilation required
1823 for producing all architecture-dependant binary packages
1824 (those packages for which the body of the
1825 <tt>Architecture</tt> field in <tt>debian/control</tt>
1826 is not <tt>all</tt>).
1827 Similarly, the <tt>build-indep</tt> target, if
1828 provided, should perform all the configuration and
1829 compilation required for producing all
1830 architecture-independent binary packages
1831 (those packages for which the body of the
1832 <tt>Architecture</tt> field in <tt>debian/control</tt>
1833 is <tt>all</tt>).
1834 The <tt>build</tt> target should depend on those of the
1835 targets <tt>build-arch</tt> and <tt>build-indep</tt> that
1836 are provided in the rules file.
1837 </p>
1838
1839 <p>
1840 If one or both of the targets <tt>build-arch</tt> and
1841 <tt>build-indep</tt> are not provided, then invoking
1842 <file>debian/rules</file> with one of the not-provided
1843 targets as arguments should produce a exit status code
1844 of 2. Usually this is provided automatically by make
1845 if the target is missing.
1846 </p>
1847
1848 <p>
1849 The <tt>build-arch</tt> and <tt>build-indep</tt> targets
1850 must not do anything that might require root privilege.
1851 </p>
1852 </item>
1853
1854 <tag><tt>binary</tt>, <tt>binary-arch</tt>,
1855 <tt>binary-indep</tt>
1856 </tag>
1857 <item>
1858 <p>
1859 The <tt>binary</tt> target must be all that is
1860 necessary for the user to build the binary package(s)
1861 produced from this source package. It is
1862 split into two parts: <prgn>binary-arch</prgn> builds
1863 the binary packages which are specific to a particular
1864 architecture, and <tt>binary-indep</tt> builds
1865 those which are not.
1866 </p>
1867 <p>
1868 <tt>binary</tt> may be (and commonly is) a target with
1869 no commands which simply depends on
1870 <tt>binary-arch</tt> and <tt>binary-indep</tt>.
1871 </p>
1872 <p>
1873 Both <tt>binary-*</tt> targets should depend on the
1874 <tt>build</tt> target, or on the appropriate
1875 <tt>build-arch</tt> or <tt>build-indep</tt> target, if
1876 provided, so that the package is built if it has not
1877 been already. It should then create the relevant
1878 binary package(s), using <prgn>dpkg-gencontrol</prgn> to
1879 make their control files and <prgn>dpkg-deb</prgn> to
1880 build them and place them in the parent of the top
1881 level directory.
1882 </p>
1883
1884 <p>
1885 Both the <tt>binary-arch</tt> and
1886 <tt>binary-indep</tt> targets <em>must</em> exist.
1887 If one of them has nothing to do (which will always be
1888 the case if the source generates only a single binary
1889 package, whether architecture-dependent or not), it
1890 must still exist and must always succeed.
1891 </p>
1892
1893 <p>
1894 The <tt>binary</tt> targets must be invoked as
1895 root.<footnote>
1896 The <prgn>fakeroot</prgn> package often allows one
1897 to build a package correctly even without being
1898 root.
1899 </footnote>
1900 </p>
1901 </item>
1902
1903 <tag><tt>clean</tt></tag>
1904 <item>
1905 <p>
1906 This must undo any effects that the <tt>build</tt>
1907 and <tt>binary</tt> targets may have had, except
1908 that it should leave alone any output files created in
1909 the parent directory by a run of a <tt>binary</tt>
1910 target.
1911 </p>
1912
1913 <p>
1914 If a <tt>build</tt> file is touched at the end of
1915 the <tt>build</tt> target, as suggested above, it
1916 should be removed as the first action that
1917 <tt>clean</tt> performs, so that running
1918 <tt>build</tt> again after an interrupted
1919 <tt>clean</tt> doesn't think that everything is
1920 already done.
1921 </p>
1922
1923 <p>
1924 The <tt>clean</tt> target may need to be
1925 invoked as root if <tt>binary</tt> has been
1926 invoked since the last <tt>clean</tt>, or if
1927 <tt>build</tt> has been invoked as root (since
1928 <tt>build</tt> may create directories, for
1929 example).
1930 </p>
1931 </item>
1932
1933 <tag><tt>get-orig-source</tt> (optional)</tag>
1934 <item>
1935 <p>
1936 This target fetches the most recent version of the
1937 original source package from a canonical archive site
1938 (via FTP or WWW, for example), does any necessary
1939 rearrangement to turn it into the original source
1940 tar file format described below, and leaves it in the
1941 current directory.
1942 </p>
1943
1944 <p>
1945 This target may be invoked in any directory, and
1946 should take care to clean up any temporary files it
1947 may have left.
1948 </p>
1949
1950 <p>
1951 This target is optional, but providing it if
1952 possible is a good idea.
1953 </p>
1954 </item>
1955
1956 <tag><tt>patch</tt> (optional)</tag>
1957 <item>
1958 <p>
1959 This target performs whatever additional actions are
1960 required to make the source ready for editing (unpacking
1961 additional upstream archives, applying patches, etc.).
1962 It is recommended to be implemented for any package where
1963 <tt>dpkg-source -x</tt> does not result in source ready
1964 for additional modification. See
1965 <ref id="readmesource">.
1966 </p>
1967 </item>
1968 </taglist>
1969
1970 <p>
1971 The <tt>build</tt>, <tt>binary</tt> and
1972 <tt>clean</tt> targets must be invoked with the current
1973 directory being the package's top-level directory.
1974 </p>
1975
1976
1977 <p>
1978 Additional targets may exist in <file>debian/rules</file>,
1979 either as published or undocumented interfaces or for the
1980 package's internal use.
1981 </p>
1982
1983 <p>
1984 The architectures we build on and build for are determined
1985 by <prgn>make</prgn> variables using the utility
1986 <qref id="pkg-dpkg-architecture"><prgn>dpkg-architecture</prgn></qref>.
1987 You can determine the
1988 Debian architecture and the GNU style architecture
1989 specification string for the build machine (the machine type
1990 we are building on) as well as for the host machine (the
1991 machine type we are building for). Here is a list of
1992 supported <prgn>make</prgn> variables:
1993 <list compact="compact">
1994 <item>
1995 <tt>DEB_*_ARCH</tt> (the Debian architecture)
1996 </item>
1997 <item>
1998 <tt>DEB_*_ARCH_CPU</tt> (the Debian CPU name)
1999 </item>
2000 <item>
2001 <tt>DEB_*_ARCH_OS</tt> (the Debian System name)
2002 </item>
2003 <item>
2004 <tt>DEB_*_GNU_TYPE</tt> (the GNU style architecture
2005 specification string)
2006 </item>
2007 <item>
2008 <tt>DEB_*_GNU_CPU</tt> (the CPU part of
2009 <tt>DEB_*_GNU_TYPE</tt>)
2010 </item>
2011 <item>
2012 <tt>DEB_*_GNU_SYSTEM</tt> (the System part of
2013 <tt>DEB_*_GNU_TYPE</tt>)
2014 </list>
2015 where <tt>*</tt> is either <tt>BUILD</tt> for specification of
2016 the build machine or <tt>HOST</tt> for specification of the
2017 host machine.
2018 </p>
2019
2020 <p>
2021 Backward compatibility can be provided in the rules file
2022 by setting the needed variables to suitable default
2023 values; please refer to the documentation of
2024 <prgn>dpkg-architecture</prgn> for details.
2025 </p>
2026
2027 <p>
2028 It is important to understand that the <tt>DEB_*_ARCH</tt>
2029 string only determines which Debian architecture we are
2030 building on or for. It should not be used to get the CPU
2031 or system information; the <tt>DEB_*_ARCH_CPU</tt> and
2032 <tt>DEB_*_ARCH_OS</tt> variables should be used for that.
2033 GNU style variables should generally only be used with upstream
2034 build systems.
2035 </p>
2036
2037 <sect1 id="debianrules-options">
2038 <heading><file>debian/rules</file> and
2039 <tt>DEB_BUILD_OPTIONS</tt></heading>
2040
2041 <p>
2042 Supporting the standardized environment variable
2043 <tt>DEB_BUILD_OPTIONS</tt> is recommended. This variable can
2044 contain several flags to change how a package is compiled and
2045 built. Each flag must be in the form <var>flag</var> or
2046 <var>flag</var>=<var>options</var>. If multiple flags are
2047 given, they must be separated by whitespace.<footnote>
2048 Some packages support any delimiter, but whitespace is the
2049 easiest to parse inside a makefile and avoids ambiguity with
2050 flag values that contain commas.
2051 </footnote>
2052 <var>flag</var> must start with a lowercase letter
2053 (<tt>a-z</tt>) and consist only of lowercase letters,
2054 numbers (<tt>0-9</tt>), and the characters
2055 <tt>-</tt> and <tt>_</tt> (hyphen and underscore).
2056 <var>options</var> must not contain whitespace. The same
2057 tag should not be given multiple times with conflicting
2058 values. Package maintainers may assume that
2059 <tt>DEB_BUILD_OPTIONS</tt> will not contain conflicting tags.
2060 </p>
2061
2062 <p>
2063 The meaning of the following tags has been standardized:
2064 <taglist>
2065 <tag>nocheck</tag>
2066 <item>
2067 This tag says to not run any build-time test suite
2068 provided by the package.
2069 </item>
2070 <tag>noopt</tag>
2071 <item>
2072 The presence of this tag means that the package should
2073 be compiled with a minimum of optimization. For C
2074 programs, it is best to add <tt>-O0</tt> to
2075 <tt>CFLAGS</tt> (although this is usually the default).
2076 Some programs might fail to build or run at this level
2077 of optimization; it may be necessary to use
2078 <tt>-O1</tt>, for example.
2079 </item>
2080 <tag>nostrip</tag>
2081 <item>
2082 This tag means that the debugging symbols should not be
2083 stripped from the binary during installation, so that
2084 debugging information may be included in the package.
2085 </item>
2086 <tag>parallel=n</tag>
2087 <item>
2088 This tag means that the package should be built using up
2089 to <tt>n</tt> parallel processes if the package build
2090 system supports this.<footnote>
2091 Packages built with <tt>make</tt> can often implement
2092 this by passing the <tt>-j</tt><var>n</var> option to
2093 <tt>make</tt>.
2094 </footnote>
2095 If the package build system does not support parallel
2096 builds, this string must be ignored. If the package
2097 build system only supports a lower level of concurrency
2098 than <var>n</var>, the package should be built using as
2099 many parallel processes as the package build system
2100 supports. It is up to the package maintainer to decide
2101 whether the package build times are long enough and the
2102 package build system is robust enough to make supporting
2103 parallel builds worthwhile.
2104 </item>
2105 </taglist>
2106 </p>
2107
2108 <p>
2109 Unknown flags must be ignored by <file>debian/rules</file>.
2110 </p>
2111
2112 <p>
2113 The following makefile snippet is an example of how one may
2114 implement the build options; you will probably have to
2115 massage this example in order to make it work for your
2116 package.
2117 <example compact="compact">
2118 CFLAGS = -Wall -g
2119 INSTALL = install
2120 INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
2121 INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
2122 INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755
2123 INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
2124
2125 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
2126 CFLAGS += -O0
2127 else
2128 CFLAGS += -O2
2129 endif
2130 ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
2131 INSTALL_PROGRAM += -s
2132 endif
2133 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2134 NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2135 MAKEFLAGS += -j$(NUMJOBS)
2136 endif
2137
2138 build:
2139 # ...
2140 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
2141 # Code to run the package test suite.
2142 endif
2143 </example>
2144 </p>
2145 </sect1>
2146 </sect>
2147
2148 <!-- FIXME: section pkg-srcsubstvars is the same as substvars -->
2149 <sect id="substvars">
2150 <heading>Variable substitutions: <file>debian/substvars</file></heading>
2151
2152 <p>
2153 When <prgn>dpkg-gencontrol</prgn>,
2154 <prgn>dpkg-genchanges</prgn> and <prgn>dpkg-source</prgn>
2155 generate control files they perform variable substitutions
2156 on their output just before writing it. Variable
2157 substitutions have the form <tt>${<var>variable</var>}</tt>.
2158 The optional file <file>debian/substvars</file> contains
2159 variable substitutions to be used; variables can also be set
2160 directly from <file>debian/rules</file> using the <tt>-V</tt>
2161 option to the source packaging commands, and certain
2162 predefined variables are also available.
2163 </p>
2164
2165 <p>
2166 The <file>debian/substvars</file> file is usually generated and
2167 modified dynamically by <file>debian/rules</file> targets, in
2168 which case it must be removed by the <tt>clean</tt> target.
2169 </p>
2170
2171 <p>
2172 See <manref name="deb-substvars" section="5"> for full
2173 details about source variable substitutions, including the
2174 format of <file>debian/substvars</file>.</p>
2175 </sect>
2176
2177 <sect id="debianwatch">
2178 <heading>Optional upstream source location: <file>debian/watch</file></heading>
2179
2180 <p>
2181 This is an optional, recommended control file for the
2182 <tt>uscan</tt> utility which defines how to automatically
2183 scan ftp or http sites for newly available updates of the
2184 package. This is used by <url id="
2185 http://dehs.alioth.debian.org/"> and other Debian QA tools
2186 to help with quality control and maintenance of the
2187 distribution as a whole.
2188 </p>
2189
2190 </sect>
2191
2192 <sect id="debianfiles">
2193 <heading>Generated files list: <file>debian/files</file></heading>
2194
2195 <p>
2196 This file is not a permanent part of the source tree; it
2197 is used while building packages to record which files are
2198 being generated. <prgn>dpkg-genchanges</prgn> uses it
2199 when it generates a <file>.changes</file> file.
2200 </p>
2201
2202 <p>
2203 It should not exist in a shipped source package, and so it
2204 (and any backup files or temporary files such as
2205 <file>files.new</file><footnote>
2206 <file>files.new</file> is used as a temporary file by
2207 <prgn>dpkg-gencontrol</prgn> and
2208 <prgn>dpkg-distaddfile</prgn> - they write a new
2209 version of <tt>files</tt> here before renaming it,
2210 to avoid leaving a corrupted copy if an error
2211 occurs.
2212 </footnote>) should be removed by the
2213 <tt>clean</tt> target. It may also be wise to
2214 ensure a fresh start by emptying or removing it at the
2215 start of the <tt>binary</tt> target.
2216 </p>
2217
2218 <p>
2219 When <prgn>dpkg-gencontrol</prgn> is run for a binary
2220 package, it adds an entry to <file>debian/files</file> for the
2221 <file>.deb</file> file that will be created when <tt>dpkg-deb
2222 --build</tt> is run for that binary package. So for most
2223 packages all that needs to be done with this file is to
2224 delete it in the <tt>clean</tt> target.
2225 </p>
2226
2227 <p>
2228 If a package upload includes files besides the source
2229 package and any binary packages whose control files were
2230 made with <prgn>dpkg-gencontrol</prgn> then they should be
2231 placed in the parent of the package's top-level directory
2232 and <prgn>dpkg-distaddfile</prgn> should be called to add
2233 the file to the list in <file>debian/files</file>.</p>
2234 </sect>
2235
2236 <sect id="embeddedfiles">
2237 <heading>Convenience copies of code</heading>
2238
2239 <p>
2240 Some software packages include in their distribution convenience
2241 copies of code from other software packages, generally so that
2242 users compiling from source don't have to download multiple
2243 packages. Debian packages should not make use of these
2244 convenience copies unless the included package is explicitly
2245 intended to be used in this way.<footnote>
2246 For example, parts of the GNU build system work like this.
2247 </footnote>
2248 If the included code is already in the Debian archive in the
2249 form of a library, the Debian packaging should ensure that
2250 binary packages reference the libraries already in Debian and
2251 the convenience copy is not used. If the included code is not
2252 already in Debian, it should be packaged separately as a
2253 prerequisite if possible.
2254 <footnote>
2255 Having multiple copies of the same code in Debian is
2256 inefficient, often creates either static linking or shared
2257 library conflicts, and, most importantly, increases the
2258 difficulty of handling security vulnerabilities in the
2259 duplicated code.
2260 </footnote>
2261 </p>
2262 </sect>
2263
2264 <sect id="readmesource">
2265 <heading>Source package handling:
2266 <file>debian/README.source</file></heading>
2267
2268 <p>
2269 If running <prgn>dpkg-source -x</prgn> on a source package
2270 doesn't produce the source of the package, ready for editing,
2271 and allow one to make changes and run
2272 <prgn>dpkg-buildpackage</prgn> to produce a modified package
2273 without taking any additional steps, creating a
2274 <file>debian/README.source</file> documentation file is
2275 recommended. This file should explain how to do all of the
2276 following:
2277 <enumlist>
2278 <item>Generate the fully patched source, in a form ready for
2279 editing, that would be built to create Debian
2280 packages. Doing this with a <tt>patch</tt> target in
2281 <file>debian/rules</file> is recommended; see
2282 <ref id="debianrules">.</item>
2283 <item>Modify the source and save those modifications so that
2284 they will be applied when building the package.</item>
2285 <item>Remove source modifications that are currently being
2286 applied when building the package.</item>
2287 <item>Optionally, document what steps are necessary to
2288 upgrade the Debian source package to a new upstream version,
2289 if applicable.</item>
2290 </enumlist>
2291 This explanation should include specific commands and mention
2292 any additional required Debian packages. It should not assume
2293 familiarity with any specific Debian packaging system or patch
2294 management tools.
2295 </p>
2296
2297 <p>
2298 This explanation may refer to a documentation file installed by
2299 one of the package's build dependencies provided that the
2300 referenced documentation clearly explains these tasks and is not
2301 a general reference manual.
2302 </p>
2303
2304 <p>
2305 <file>debian/README.source</file> may also include any other
2306 information that would be helpful to someone modifying the
2307 source package. Even if the package doesn't fit the above
2308 description, maintainers are encouraged to document in a
2309 <file>debian/README.source</file> file any source package with a
2310 particularly complex or unintuitive source layout or build
2311 system (for example, a package that builds the same source
2312 multiple times to generate different binary packages).
2313 </p>
2314 </sect>
2315 </chapt>
2316
2317
2318 <chapt id="controlfields">
2319 <heading>Control files and their fields</heading>
2320
2321 <p>
2322 The package management system manipulates data represented in
2323 a common format, known as <em>control data</em>, stored in
2324 <em>control files</em>.
2325 Control files are used for source packages, binary packages and
2326 the <file>.changes</file> files which control the installation
2327 of uploaded files<footnote>
2328 <prgn>dpkg</prgn>'s internal databases are in a similar
2329 format.
2330 </footnote>.
2331 </p>
2332
2333 <sect id="controlsyntax">
2334 <heading>Syntax of control files</heading>
2335
2336 <p>
2337 A control file consists of one or more paragraphs of
2338 fields<footnote>
2339 The paragraphs are also sometimes referred to as stanzas.
2340 </footnote>.
2341 The paragraphs are separated by blank lines. Some control
2342 files allow only one paragraph; others allow several, in
2343 which case each paragraph usually refers to a different
2344 package. (For example, in source packages, the first
2345 paragraph refers to the source package, and later paragraphs
2346 refer to binary packages generated from the source.)
2347 </p>
2348
2349 <p>
2350 Each paragraph consists of a series of data fields; each
2351 field consists of the field name, followed by a colon and
2352 then the data/value associated with that field. It ends at
2353 the end of the (logical) line. Horizontal whitespace
2354 (spaces and tabs) may occur immediately before or after the
2355 value and is ignored there; it is conventional to put a
2356 single space after the colon. For example, a field might
2357 be:
2358 <example compact="compact">
2359 Package: libc6
2360 </example>
2361 the field name is <tt>Package</tt> and the field value
2362 <tt>libc6</tt>.
2363 </p>
2364
2365 <p>
2366 Many fields' values may span several lines; in this case
2367 each continuation line must start with a space or a tab.
2368 Any trailing spaces or tabs at the end of individual
2369 lines of a field value are ignored.
2370 </p>
2371
2372 <p>
2373 In fields where it is specified that lines may not wrap,
2374 only a single line of data is allowed and whitespace is not
2375 significant in a field body. Whitespace must not appear
2376 inside names (of packages, architectures, files or anything
2377 else) or version numbers, or between the characters of
2378 multi-character version relationships.
2379 </p>
2380
2381 <p>
2382 Field names are not case-sensitive, but it is usual to
2383 capitalize the field names using mixed case as shown below.
2384 Field values are case-sensitive unless the description of the
2385 field says otherwise.
2386 </p>
2387
2388 <p>
2389 Blank lines, or lines consisting only of spaces and tabs,
2390 are not allowed within field values or between fields - that
2391 would mean a new paragraph.
2392 </p>
2393
2394 <p>
2395 All control files must be encoded in UTF-8.
2396 </p>
2397 </sect>
2398
2399 <sect id="sourcecontrolfiles">
2400 <heading>Source package control files -- <file>debian/control</file></heading>
2401
2402 <p>
2403 The <file>debian/control</file> file contains the most vital
2404 (and version-independent) information about the source package
2405 and about the binary packages it creates.
2406 </p>
2407
2408 <p>
2409 The first paragraph of the control file contains information about
2410 the source package in general. The subsequent sets each describe a
2411 binary package that the source tree builds.
2412 </p>
2413
2414 <p>
2415 The fields in the general paragraph (the first one, for the source
2416 package) are:
2417
2418 <list compact="compact">
2419 <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
2420 <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
2421 <item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
2422 <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
2423 <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
2424 <item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
2425 <item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
2426 <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
2427 </list>
2428 </p>
2429
2430 <p>
2431 The fields in the binary package paragraphs are:
2432
2433 <list compact="compact">
2434 <item><qref id="f-Package"><tt>Package</tt></qref> (mandatory)</item>
2435 <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
2436 <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
2437 <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
2438 <item><qref id="f-Essential"><tt>Essential</tt></qref></item>
2439 <item><qref id="binarydeps"><tt>Depends</tt> et al</qref></item>
2440 <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
2441 <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
2442 </list>
2443 </p>
2444
2445 <p>
2446 The syntax and semantics of the fields are described below.
2447 </p>
2448
2449 <!-- stuff -->
2450
2451 <p>
2452 These fields are used by <prgn>dpkg-gencontrol</prgn> to
2453 generate control files for binary packages (see below), by
2454 <prgn>dpkg-genchanges</prgn> to generate the
2455 <tt>.changes</tt> file to accompany the upload, and by
2456 <prgn>dpkg-source</prgn> when it creates the
2457 <file>.dsc</file> source control file as part of a source
2458 archive. Many fields are permitted to span multiple lines in
2459 <file>debian/control</file> but not in any other control
2460 file. These tools are responsible for removing the line
2461 breaks from such fields when using fields from
2462 <file>debian/control</file> to generate other control files.
2463 </p>
2464
2465 <p>
2466 The fields here may contain variable references - their
2467 values will be substituted by <prgn>dpkg-gencontrol</prgn>,
2468 <prgn>dpkg-genchanges</prgn> or <prgn>dpkg-source</prgn>
2469 when they generate output control files.
2470 See <ref id="substvars"> for details.
2471 </p>
2472
2473 <p>
2474 In addition to the control file syntax described <qref
2475 id="controlsyntax">above</qref>, this file may also contain
2476 comment lines starting with <tt>#</tt> without any preceding
2477 whitespace. All such lines are ignored, even in the middle of
2478 continuation lines for a multiline field, and do not end a
2479 multiline field.
2480 </p>
2481
2482 </sect>
2483
2484 <sect id="binarycontrolfiles">
2485 <heading>Binary package control files -- <file>DEBIAN/control</file></heading>
2486
2487 <p>
2488 The <file>DEBIAN/control</file> file contains the most vital
2489 (and version-dependent) information about a binary package.
2490 </p>
2491
2492 <p>
2493 The fields in this file are:
2494
2495 <list compact="compact">
2496 <item><qref id="f-Package"><tt>Package</tt></qref> (mandatory)</item>
2497 <item><qref id="f-Source"><tt>Source</tt></qref></item>
2498 <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
2499 <item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
2500 <item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
2501 <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
2502 <item><qref id="f-Essential"><tt>Essential</tt></qref></item>
2503 <item><qref id="binarydeps"><tt>Depends</tt> et al</qref></item>
2504 <item><qref id="f-Installed-Size"><tt>Installed-Size</tt></qref></item>
2505 <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
2506 <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
2507 <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
2508 </list>
2509 </p>
2510 </sect>
2511
2512 <sect id="debiansourcecontrolfiles">
2513 <heading>Debian source control files -- <tt>.dsc</tt></heading>
2514
2515 <p>
2516 This file contains a series of fields, identified and
2517 separated just like the fields in the control file of
2518 a binary package. The fields are listed below; their
2519 syntax is described above, in <ref id="pkg-controlfields">.
2520
2521 <list compact="compact">
2522 <item><qref id="f-Format"><tt>Format</tt></qref> (mandatory)</item>
2523 <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
2524 <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
2525 <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
2526 <item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
2527 <item><qref id="f-Binary"><tt>Binary</tt></qref></item>
2528 <item><qref id="f-Architecture"><tt>Architecture</tt></qref></item>
2529 <item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
2530 <item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
2531 <item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
2532 <item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
2533 </list>
2534 </p>
2535
2536 <p>
2537 The source package control file is generated by
2538 <prgn>dpkg-source</prgn> when it builds the source
2539 archive, from other files in the source package,
2540 described above. When unpacking, it is checked against
2541 the files and directories in the other parts of the
2542 source package.
2543 </p>
2544
2545 </sect>
2546
2547 <sect id="debianchangesfiles">
2548 <heading>Debian changes files -- <file>.changes</file></heading>
2549
2550 <p>
2551 The .changes files are used by the Debian archive maintenance
2552 software to process updates to packages. They contain one
2553 paragraph which contains information from the
2554 <tt>debian/control</tt> file and other data about the
2555 source package gathered via <tt>debian/changelog</tt>
2556 and <tt>debian/rules</tt>.
2557 </p>
2558
2559 <p>
2560 The fields in this file are:
2561
2562 <list compact="compact">
2563 <item><qref id="f-Format"><tt>Format</tt></qref> (mandatory)</item>
2564 <item><qref id="f-Date"><tt>Date</tt></qref> (mandatory)</item>
2565 <item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
2566 <item><qref id="f-Binary"><tt>Binary</tt></qref> (mandatory)</item>
2567 <item><qref id="f-Architecture"><tt>Architecture</tt></qref> (mandatory)</item>
2568 <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
2569 <item><qref id="f-Distribution"><tt>Distribution</tt></qref> (mandatory)</item>
2570 <item><qref id="f-Urgency"><tt>Urgency</tt></qref> (recommended)</item>
2571 <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
2572 <item><qref id="f-Changed-By"><tt>Changed-By</tt></qref></item>
2573 <item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
2574 <item><qref id="f-Closes"><tt>Closes</tt></qref></item>
2575 <item><qref id="f-Changes"><tt>Changes</tt></qref> (mandatory)</item>
2576 <item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
2577 </list>
2578 </p>
2579 </sect>
2580
2581 <sect id="controlfieldslist">
2582 <heading>List of fields</heading>
2583
2584 <sect1 id="f-Source">
2585 <heading><tt>Source</tt></heading>
2586
2587 <p>
2588 This field identifies the source package name.
2589 </p>
2590
2591 <p>
2592 In <file>debian/control</file> or a <file>.dsc</file> file,
2593 this field must contain only the name of the source package.
2594 </p>
2595
2596 <p>
2597 In a binary package control file or a <file>.changes</file>
2598 file, the source package name may be followed by a version
2599 number in parentheses<footnote>
2600 It is customary to leave a space after the package name
2601 if a version number is specified.
2602 </footnote>.
2603 This version number may be omitted (and is, by
2604 <prgn>dpkg-gencontrol</prgn>) if it has the same value as
2605 the <tt>Version</tt> field of the binary package in
2606 question. The field itself may be omitted from a binary
2607 package control file when the source package has the same
2608 name and version as the binary package.
2609 </p>
2610
2611 <p>
2612 Package names (both source and binary,
2613 see <ref id="f-Package">) must consist only of lower case
2614 letters (<tt>a-z</tt>), digits (<tt>0-9</tt>), plus
2615 (<tt>+</tt>) and minus (<tt>-</tt>) signs, and periods
2616 (<tt>.</tt>). They must be at least two characters long and
2617 must start with an alphanumeric character.
2618 </p>
2619 </sect1>
2620
2621 <sect1 id="f-Maintainer">
2622 <heading><tt>Maintainer</tt></heading>
2623
2624 <p>
2625 The package maintainer's name and email address. The name
2626 should come first, then the email address inside angle
2627 brackets <tt>&lt;&gt</tt> (in RFC822 format).
2628 </p>
2629
2630 <p>
2631 If the maintainer's name contains a full stop then the
2632 whole field will not work directly as an email address due
2633 to a misfeature in the syntax specified in RFC822; a
2634 program using this field as an address must check for this
2635 and correct the problem if necessary (for example by
2636 putting the name in round brackets and moving it to the
2637 end, and bringing the email address forward).
2638 </p>
2639 </sect1>
2640
2641 <sect1 id="f-Uploaders">
2642 <heading><tt>Uploaders</tt></heading>
2643
2644 <p>
2645 List of the names and email addresses of co-maintainers of
2646 the package, if any. If the package has other maintainers
2647 beside the one named in the
2648 <qref id="f-Maintainer">Maintainer field</qref>, their
2649 names and email addresses should be listed here. The
2650 format is the same as that of the Maintainer tag, and
2651 multiple entries should be comma separated. Currently,
2652 this field is restricted to a single line of data. This
2653 is an optional field.
2654 </p>
2655 <p>
2656 Any parser that interprets the Uploaders field in
2657 <file>debian/control</file> must permit it to span multiple
2658 lines. Line breaks in an Uploaders field that spans multiple
2659 lines are not significant and the semantics of the field are
2660 the same as if the line breaks had not been present.
2661 </p>
2662 </sect1>
2663
2664 <sect1 id="f-Changed-By">
2665 <heading><tt>Changed-By</tt></heading>
2666
2667 <p>
2668 The name and email address of the person who changed the
2669 said package. Usually the name of the maintainer.
2670 All the rules for the Maintainer field apply here, too.
2671 </p>
2672 </sect1>
2673
2674 <sect1 id="f-Section">
2675 <heading><tt>Section</tt></heading>
2676
2677 <p>
2678 This field specifies an application area into which the package
2679 has been classified. See <ref id="subsections">.
2680 </p>
2681
2682 <p>
2683 When it appears in the <file>debian/control</file> file,
2684 it gives the value for the subfield of the same name in
2685 the <tt>Files</tt> field of the <file>.changes</file> file.
2686 It also gives the default for the same field in the binary
2687 packages.
2688 </p>
2689 </sect1>
2690
2691 <sect1 id="f-Priority">
2692 <heading><tt>Priority</tt></heading>
2693
2694 <p>
2695 This field represents how important it is that the user
2696 have the package installed. See <ref id="priorities">.
2697 </p>
2698
2699 <p>
2700 When it appears in the <file>debian/control</file> file,
2701 it gives the value for the subfield of the same name in
2702 the <tt>Files</tt> field of the <file>.changes</file> file.
2703 It also gives the default for the same field in the binary
2704 packages.
2705 </p>
2706 </sect1>
2707
2708 <sect1 id="f-Package">
2709 <heading><tt>Package</tt></heading>
2710
2711 <p>
2712 The name of the binary package.
2713 </p>
2714
2715 <p>
2716 Binary package names must follow the same syntax and
2717 restrictions as source package names. See <ref id="f-Source">
2718 for the details.
2719 </p>
2720 </sect1>
2721
2722 <sect1 id="f-Architecture">
2723 <heading><tt>Architecture</tt></heading>
2724
2725 <p>
2726 Depending on context and the control file used, the
2727 <tt>Architecture</tt> field can include the following sets of
2728 values:
2729 <list>
2730 <item>
2731 A unique single word identifying a Debian machine
2732 architecture as described in <ref id="arch-spec">.
2733 </item>
2734 <item>
2735 An architecture wildcard identifying a set of Debian
2736 machine architectures, see <ref id="arch-wildcard-spec">.
2737 </item>
2738 <item>
2739 <tt>all</tt>, which indicates an
2740 architecture-independent package.
2741 </item>
2742 <item>
2743 <tt>source</tt>, which indicates a source package.
2744 </item>
2745 </list>
2746 </p>
2747
2748 <p>
2749 In the main <file>debian/control</file> file in the source
2750 package, this field may contain special value <tt>all</tt> or
2751 a list of specific and wildcard architectures separated by
2752 spaces. If <tt>all</tt> appears, that value must be the
2753 entire contents of the field. Most packages will use
2754 either <tt>any</tt> or <tt>all</tt>. Specifying a specific
2755 list of architectures is for the minority of cases where a
2756 program is not portable or is not useful on some
2757 architectures, and where possible the program should be made
2758 portable instead.
2759 </p>
2760
2761 <p>
2762 In the source package control file <file>.dsc</file>, this
2763 field may contain either the special value <tt>any</tt> or a
2764 list of architectures separated by spaces. If a list is given,
2765 it may include (or consist solely of) the special value
2766 <tt>all</tt>. In other words, in <file>.dsc</file> files
2767 unlike the <file>debian/control</file>, <tt>all</tt> may occur
2768 in combination with specific architectures. The
2769 <tt>Architecture</tt> field in the source package control file
2770 <file>.dsc</file> is generally constructed from the
2771 <tt>Architecture</tt> fields in the
2772 <file>debian/control</file> in the source package.
2773 </p>
2774
2775 <p>
2776 Specifying <tt>any</tt> indicates that the source package
2777 isn't dependent on any particular architecture and should
2778 compile fine on any one. The produced binary package(s)
2779 will either be specific to whatever the current build
2780 architecture is or will be architecture-independent.
2781 </p>
2782
2783 <p>
2784 Specifying only <tt>all</tt> indicates that the source package
2785 will only build architecture-independent packages. If this is
2786 the case, <tt>all</tt> must be used rather than <tt>any</tt>;
2787 <tt>any</tt> implies that the source package will build at
2788 least one architecture-dependent package.
2789 </p>
2790
2791 <p>
2792 Specifying a list of architectures indicates that the source
2793 will build an architecture-dependent package, and will only
2794 work correctly on the listed architectures. If the source
2795 package also builds at least one architecture-independent
2796 package, <tt>all</tt> will also be included in the list.
2797 </p>
2798
2799 <p>
2800 Specifying a list of architecture wildcards indicates that
2801 the source will build an architecture-dependent package on
2802 the union of the lists of architectures from the expansion
2803 of each specified architecture wildcard, and will only
2804 work correctly on the architectures in the union of the
2805 lists.<footnote>
2806 As mentioned in the footnote for specifying a list of
2807 architectures, this is for a minority of cases where the
2808 program is not portable. It should not be used for most
2809 packages. Wildcards are not expanded into a list of known
2810 architectures before comparing to the build architecutre.
2811 Instead, the build architecture is matched against any
2812 wildcards and this package is built if any wildcard
2813 matches.
2814 </footnote>
2815 If the source package also builds at least one
2816 architecture-independent package, <tt>all</tt> will also be
2817 included in the list.
2818 </p>
2819
2820 <p>
2821 In a <file>.changes</file> file, the <tt>Architecture</tt>
2822 field lists the architecture(s) of the package(s)
2823 currently being uploaded. This will be a list; if the
2824 source for the package is also being uploaded, the special
2825 entry <tt>source</tt> is also present. <tt>all</tt> will be
2826 present if any architecture-independent packages are being
2827 uploaded. <tt>any</tt> may never occur in the
2828 <tt>Architecture</tt> field in the <file>.changes</file>
2829 file.
2830 </p>
2831
2832 <p>
2833 See <ref id="debianrules"> for information on how to get
2834 the architecture for the build process.
2835 </p>
2836 </sect1>
2837
2838 <sect1 id="f-Essential">
2839 <heading><tt>Essential</tt></heading>
2840
2841 <p>
2842 This is a boolean field which may occur only in the
2843 control file of a binary package or in a per-package fields
2844 paragraph of a main source control data file.
2845 </p>
2846
2847 <p>
2848 If set to <tt>yes</tt> then the package management system
2849 will refuse to remove the package (upgrading and replacing
2850 it is still possible). The other possible value is <tt>no</tt>,
2851 which is the same as not having the field at all.
2852 </p>
2853 </sect1>
2854
2855 <sect1>
2856 <heading>Package interrelationship fields:
2857 <tt>Depends</tt>, <tt>Pre-Depends</tt>,
2858 <tt>Recommends</tt>, <tt>Suggests</tt>,
2859 <tt>Breaks</tt>, <tt>Conflicts</tt>,
2860 <tt>Provides</tt>, <tt>Replaces</tt>, <tt>Enhances</tt>
2861 </heading>
2862
2863 <p>
2864 These fields describe the package's relationships with
2865 other packages. Their syntax and semantics are described
2866 in <ref id="relationships">.</p>
2867 </sect1>
2868
2869 <sect1 id="f-Standards-Version">
2870 <heading><tt>Standards-Version</tt></heading>
2871
2872 <p>
2873 The most recent version of the standards (the policy
2874 manual and associated texts) with which the package
2875 complies.
2876 </p>
2877
2878 <p>
2879 The version number has four components: major and minor
2880 version number and major and minor patch level. When the
2881 standards change in a way that requires every package to
2882 change the major number will be changed. Significant
2883 changes that will require work in many packages will be
2884 signaled by a change to the minor number. The major patch
2885 level will be changed for any change to the meaning of the
2886 standards, however small; the minor patch level will be
2887 changed when only cosmetic, typographical or other edits
2888 are made which neither change the meaning of the document
2889 nor affect the contents of packages.
2890 </p>
2891
2892 <p>
2893 Thus only the first three components of the policy version
2894 are significant in the <em>Standards-Version</em> control
2895 field, and so either these three components or all four
2896 components may be specified.<footnote>
2897 In the past, people specified the full version number
2898 in the Standards-Version field, for example "2.3.0.0".
2899 Since minor patch-level changes don't introduce new
2900 policy, it was thought it would be better to relax
2901 policy and only require the first 3 components to be
2902 specified, in this example "2.3.0". All four
2903 components may still be used if someone wishes to do so.
2904 </footnote>
2905 </p>
2906
2907 </sect1>
2908
2909 <sect1 id="f-Version">
2910 <heading><tt>Version</tt></heading>
2911
2912 <p>
2913 The version number of a package. The format is:
2914 [<var>epoch</var><tt>:</tt>]<var>upstream_version</var>[<tt>-</tt><var>debian_revision</var>]
2915 </p>
2916
2917 <p>
2918 The three components here are:
2919 <taglist>
2920 <tag><var>epoch</var></tag>
2921 <item>
2922 <p>
2923 This is a single (generally small) unsigned integer. It
2924 may be omitted, in which case zero is assumed. If it is
2925 omitted then the <var>upstream_version</var> may not
2926 contain any colons.
2927 </p>
2928
2929 <p>
2930 It is provided to allow mistakes in the version numbers
2931 of older versions of a package, and also a package's
2932 previous version numbering schemes, to be left behind.
2933 </p>
2934 </item>
2935
2936 <tag><var>upstream_version</var></tag>
2937 <item>
2938 <p>
2939 This is the main part of the version number. It is
2940 usually the version number of the original ("upstream")
2941 package from which the <file>.deb</file> file has been made,
2942 if this is applicable. Usually this will be in the same
2943 format as that specified by the upstream author(s);
2944 however, it may need to be reformatted to fit into the
2945 package management system's format and comparison
2946 scheme.
2947 </p>
2948
2949 <p>
2950 The comparison behavior of the package management system
2951 with respect to the <var>upstream_version</var> is
2952 described below. The <var>upstream_version</var>
2953 portion of the version number is mandatory.
2954 </p>
2955
2956 <p>
2957 The <var>upstream_version</var> may contain only
2958 alphanumerics<footnote>
2959 Alphanumerics are <tt>A-Za-z0-9</tt> only.
2960 </footnote>
2961 and the characters <tt>.</tt> <tt>+</tt> <tt>-</tt>
2962 <tt>:</tt> <tt>~</tt> (full stop, plus, hyphen, colon,
2963 tilde) and should start with a digit. If there is no
2964 <var>debian_revision</var> then hyphens are not allowed;
2965 if there is no <var>epoch</var> then colons are not
2966 allowed.
2967 </p>
2968 </item>
2969
2970 <tag><var>debian_revision</var></tag>
2971 <item>
2972 <p>
2973 This part of the version number specifies the version of
2974 the Debian package based on the upstream version. It
2975 may contain only alphanumerics and the characters
2976 <tt>+</tt> <tt>.</tt> <tt>~</tt> (plus, full stop,
2977 tilde) and is compared in the same way as the
2978 <var>upstream_version</var> is.
2979 </p>
2980
2981 <p>
2982 It is optional; if it isn't present then the
2983 <var>upstream_version</var> may not contain a hyphen.
2984 This format represents the case where a piece of
2985 software was written specifically to be turned into a
2986 Debian package, and so there is only one "debianisation"
2987 of it and therefore no revision indication is required.
2988 </p>
2989
2990 <p>
2991 It is conventional to restart the
2992 <var>debian_revision</var> at <tt>1</tt> each time the
2993 <var>upstream_version</var> is increased.
2994 </p>
2995
2996 <p>
2997 The package management system will break the version
2998 number apart at the last hyphen in the string (if there
2999 is one) to determine the <var>upstream_version</var> and
3000 <var>debian_revision</var>. The absence of a
3001 <var>debian_revision</var> is equivalent to a
3002 <var>debian_revision</var> of <tt>0</tt>.
3003 </p>
3004 </item>
3005 </taglist>
3006 </p>
3007
3008 <p>
3009 When comparing two version numbers, first the <var>epoch</var>
3010 of each are compared, then the <var>upstream_version</var> if
3011 <var>epoch</var> is equal, and then <var>debian_revision</var>
3012 if <var>upstream_version</var> is also equal.
3013 <var>epoch</var> is compared numerically. The
3014 <var>upstream_version</var> and <var>debian_revision</var>
3015 parts are compared by the package management system using the
3016 following algorithm:
3017 </p>
3018
3019 <p>
3020 The strings are compared from left to right.
3021 </p>
3022
3023 <p>
3024 First the initial part of each string consisting entirely of
3025 non-digit characters is determined. These two parts (one of
3026 which may be empty) are compared lexically. If a difference
3027 is found it is returned. The lexical comparison is a
3028 comparison of ASCII values modified so that all the letters
3029 sort earlier than all the non-letters and so that a tilde
3030 sorts before anything, even the end of a part. For example,
3031 the following parts are in sorted order from earliest to
3032 latest: <tt>~~</tt>, <tt>~~a</tt>, <tt>~</tt>, the empty part,
3033 <tt>a</tt>.<footnote>
3034 One common use of <tt>~</tt> is for upstream pre-releases.
3035 For example, <tt>1.0~beta1~svn1245</tt> sorts earlier than
3036 <tt>1.0~beta1</tt>, which sorts earlier than <tt>1.0</tt>.
3037 </footnote>
3038 </p>
3039
3040 <p>
3041 Then the initial part of the remainder of each string which
3042 consists entirely of digit characters is determined. The
3043 numerical values of these two parts are compared, and any
3044 difference found is returned as the result of the comparison.
3045 For these purposes an empty string (which can only occur at
3046 the end of one or both version strings being compared) counts
3047 as zero.
3048 </p>
3049
3050 <p>
3051 These two steps (comparing and removing initial non-digit
3052 strings and initial digit strings) are repeated until a
3053 difference is found or both strings are exhausted.
3054 </p>
3055
3056 <p>
3057 Note that the purpose of epochs is to allow us to leave behind
3058 mistakes in version numbering, and to cope with situations
3059 where the version numbering scheme changes. It is
3060 <em>not</em> intended to cope with version numbers containing
3061 strings of letters which the package management system cannot
3062 interpret (such as <tt>ALPHA</tt> or <tt>pre-</tt>), or with
3063 silly orderings (the author of this manual has heard of a
3064 package whose versions went <tt>1.1</tt>, <tt>1.2</tt>,
3065 <tt>1.3</tt>, <tt>1</tt>, <tt>2.1</tt>, <tt>2.2</tt>,
3066 <tt>2</tt> and so forth).
3067 </p>
3068 </sect1>
3069
3070 <sect1 id="f-Description">
3071 <heading><tt>Description</tt></heading>
3072
3073 <p>
3074 In a source or binary control file, the <tt>Description</tt>
3075 field contains a description of the binary package, consisting
3076 of two parts, the synopsis or the short description, and the
3077 long description. The field's format is as follows:
3078 </p>
3079
3080 <p>
3081 <example>
3082 Description: &lt;single line synopsis&gt;
3083 &lt;extended description over several lines&gt;
3084 </example>
3085 </p>
3086
3087 <p>
3088 The lines in the extended description can have these formats:
3089 </p>
3090
3091 <p><list>
3092
3093 <item>
3094 Those starting with a single space are part of a paragraph.
3095 Successive lines of this form will be word-wrapped when
3096 displayed. The leading space will usually be stripped off.
3097 </item>
3098
3099 <item>
3100 Those starting with two or more spaces. These will be
3101 displayed verbatim. If the display cannot be panned
3102 horizontally, the displaying program will line wrap them "hard"
3103 (i.e., without taking account of word breaks). If it can they
3104 will be allowed to trail off to the right. None, one or two
3105 initial spaces may be deleted, but the number of spaces
3106 deleted from each line will be the same (so that you can have
3107 indenting work correctly, for example).
3108 </item>
3109
3110 <item>
3111 Those containing a single space followed by a single full stop
3112 character. These are rendered as blank lines. This is the
3113 <em>only</em> way to get a blank line<footnote>
3114 Completely empty lines will not be rendered as blank lines.
3115 Instead, they will cause the parser to think you're starting
3116 a whole new record in the control file, and will therefore
3117 likely abort with an error.
3118 </footnote>.
3119 </item>
3120
3121 <item>
3122 Those containing a space, a full stop and some more characters.
3123 These are for future expansion. Do not use them.
3124 </item>
3125
3126 </list></p>
3127
3128 <p>
3129 Do not use tab characters. Their effect is not predictable.
3130 </p>
3131
3132 <p>
3133 See <ref id="descriptions"> for further information on this.
3134 </p>
3135
3136 <p>
3137 In a <file>.changes</file> file, the <tt>Description</tt>
3138 field contains a summary of the descriptions for the packages
3139 being uploaded. For this case, the first line of the field
3140 value (the part on the same line as <tt>Description:</tt>) is
3141 always empty. The content of the field is expressed as
3142 continuation lines, one line per package. Each line is
3143 indented by one space and contains the name of a binary
3144 package, a space, a hyphen (<tt>-</tt>), a space, and the
3145 short description line from that package.
3146 </p>
3147 </sect1>
3148
3149 <sect1 id="f-Distribution">
3150 <heading><tt>Distribution</tt></heading>
3151
3152 <p>
3153 In a <file>.changes</file> file or parsed changelog output
3154 this contains the (space-separated) name(s) of the
3155 distribution(s) where this version of the package should
3156 be installed. Valid distributions are determined by the
3157 archive maintainers.<footnote>
3158 Example distribution names in the Debian archive used in
3159 <file>.changes</file> files are:
3160 <taglist compact="compact">
3161 <tag><em>unstable</em></tag>
3162 <item>
3163 This distribution value refers to the
3164 <em>developmental</em> part of the Debian distribution
3165 tree. Most new packages, new upstream versions of
3166 packages and bug fixes go into the <em>unstable</em>
3167 directory tree.
3168 </item>
3169
3170 <tag><em>experimental</em></tag>
3171 <item>
3172 The packages with this distribution value are deemed
3173 by their maintainers to be high risk. Oftentimes they
3174 represent early beta or developmental packages from
3175 various sources that the maintainers want people to
3176 try, but are not ready to be a part of the other parts
3177 of the Debian distribution tree.
3178 </item>
3179 </taglist>
3180
3181 <p>
3182 Others are used for updating stable releases or for
3183 security uploads. More information is available in the
3184 Debian Developer's Reference, section "The Debian
3185 archive".
3186 </p>
3187 </footnote>
3188 The Debian archive software only supports listing a single
3189 distribution. Migration of packages to other distributions is
3190 handled outside of the upload process.
3191 </p>
3192 </sect1>
3193
3194 <sect1 id="f-Date">
3195 <heading><tt>Date</tt></heading>
3196
3197 <p>
3198 This field includes the date the package was built or last edited.
3199 </p>
3200
3201 <p>
3202 The value of this field is usually extracted from the
3203 <file>debian/changelog</file> file - see
3204 <ref id="dpkgchangelog">).
3205 </p>
3206 </sect1>
3207
3208 <sect1 id="f-Format">
3209 <heading><tt>Format</tt></heading>
3210
3211 <p>
3212 This field specifies a format revision for the file.
3213 The most current format described in the Policy Manual
3214 is version <strong>1.5</strong>. The syntax of the
3215 format value is the same as that of a package version
3216 number except that no epoch or Debian revision is allowed
3217 - see <ref id="f-Version">.
3218 </p>
3219 </sect1>
3220
3221 <sect1 id="f-Urgency">
3222 <heading><tt>Urgency</tt></heading>
3223
3224 <p>
3225 This is a description of how important it is to upgrade to
3226 this version from previous ones. It consists of a single
3227 keyword taking one of the values <tt>low</tt>,
3228 <tt>medium</tt>, <tt>high</tt>, <tt>emergency</tt>, or
3229 <tt>critical</tt><footnote>
3230 Other urgency values are supported with configuration
3231 changes in the archive software but are not used in Debian.
3232 The urgency affects how quickly a package will be considered
3233 for inclusion into the <tt>testing</tt> distribution and
3234 gives an indication of the importance of any fixes included
3235 in the upload. <tt>Emergency</tt> and <tt>critical</tt> are
3236 treated as synonymous.
3237 </footnote> (not case-sensitive) followed by an optional
3238 commentary (separated by a space) which is usually in
3239 parentheses. For example:
3240
3241 <example>
3242 Urgency: low (HIGH for users of diversions)
3243 </example>
3244
3245 </p>
3246
3247 <p>
3248 The value of this field is usually extracted from the
3249 <file>debian/changelog</file> file - see
3250 <ref id="dpkgchangelog">.
3251 </p>
3252 </sect1>
3253
3254 <sect1 id="f-Changes">
3255 <heading><tt>Changes</tt></heading>
3256
3257 <p>
3258 This field contains the human-readable changes data, describing
3259 the differences between the last version and the current one.
3260 </p>
3261
3262 <p>
3263 The first line of the field value (the part on the same line
3264 as <tt>Changes:</tt>) is always empty. The content of the
3265 field is expressed as continuation lines, with each line
3266 indented by at least one space. Blank lines must be
3267 represented by a line consisting only of a space and a full
3268 stop (<tt>.</tt>).
3269 </p>
3270
3271 <p>
3272 The value of this field is usually extracted from the
3273 <file>debian/changelog</file> file - see
3274 <ref id="dpkgchangelog">).
3275 </p>
3276
3277 <p>
3278 Each version's change information should be preceded by a
3279 "title" line giving at least the version, distribution(s)
3280 and urgency, in a human-readable way.
3281 </p>
3282
3283 <p>
3284 If data from several versions is being returned the entry
3285 for the most recent version should be returned first, and
3286 entries should be separated by the representation of a
3287 blank line (the "title" line may also be followed by the
3288 representation of a blank line).
3289 </p>
3290 </sect1>
3291
3292 <sect1 id="f-Binary">
3293 <heading><tt>Binary</tt></heading>
3294
3295 <p>
3296 This field is a list of binary packages. Its syntax and
3297 meaning varies depending on the control file in which it
3298 appears.
3299 </p>
3300
3301 <p>
3302 When it appears in the <file>.dsc</file> file, it lists binary
3303 packages which a source package can produce, separated by
3304 commas<footnote>
3305 A space after each comma is conventional.
3306 </footnote>. It may span multiple lines. The source package
3307 does not necessarily produce all of these binary packages for
3308 every architecture. The source control file doesn't contain
3309 details of which architectures are appropriate for which of
3310 the binary packages.
3311 </p>
3312
3313 <p>
3314 When it appears in a <file>.changes</file> file, it lists the
3315 names of the binary packages being uploaded, separated by
3316 whitespace (not commas). It may span multiple lines.
3317 </p>
3318 </sect1>
3319
3320 <sect1 id="f-Installed-Size">
3321 <heading><tt>Installed-Size</tt></heading>
3322
3323 <p>
3324 This field appears in the control files of binary packages,
3325 and in the <file>Packages</file> files. It gives an estimate
3326 of the total amount of disk space required to install the
3327 named package. Actual installed size may vary based on block
3328 size, file system properties, or actions taken by package
3329 maintainer scripts.
3330 </p>
3331
3332 <p>
3333 The disk space is given as the integer value of the estimated
3334 installed size in bytes, divided by 1024 and rounded up.
3335 </p>
3336 </sect1>
3337
3338 <sect1 id="f-Files">
3339 <heading><tt>Files</tt></heading>
3340
3341 <p>
3342 This field contains a list of files with information about
3343 each one. The exact information and syntax varies with
3344 the context.
3345 </p>
3346
3347 <p>
3348 In all cases, Files is a multiline field. The first line of
3349 the field value (the part on the same line as <tt>Files:</tt>)
3350 is always empty. The content of the field is expressed as
3351 continuation lines, one line per file. Each line must be
3352 indented by one space and contain a number of sub-fields,
3353 separated by spaces, as described below.
3354 </p>
3355
3356 <p>
3357 In the <file>.dsc</file> file, each line contains the MD5
3358 checksum, size and filename of the tar file and (if
3359 applicable) diff file which make up the remainder of the
3360 source package<footnote>
3361 That is, the parts which are not the <tt>.dsc</tt>.
3362 </footnote>. For example:
3363 <example>
3364 Files:
3365 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
3366 938512f08422f3509ff36f125f5873ba 6220 example_1.2-1.diff.gz
3367 </example>
3368 The exact forms of the filenames are described
3369 in <ref id="pkg-sourcearchives">.
3370 </p>
3371
3372 <p>
3373 In the <file>.changes</file> file this contains one line per
3374 file being uploaded. Each line contains the MD5 checksum,
3375 size, section and priority and the filename. For example:
3376 <example>
3377 Files:
3378 4c31ab7bfc40d3cf49d7811987390357 1428 text extra example_1.2-1.dsc
3379 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
3380 938512f08422f3509ff36f125f5873ba 6220 text extra example_1.2-1.diff.gz
3381 7c98fe853b3bbb47a00e5cd129b6cb56 703542 text extra example_1.2-1_i386.deb
3382 </example>
3383 The <qref id="f-Section">section</qref>
3384 and <qref id="f-Priority">priority</qref> are the values of
3385 the corresponding fields in the main source control file. If
3386 no section or priority is specified then <tt>-</tt> should be
3387 used, though section and priority values must be specified for
3388 new packages to be installed properly.
3389 </p>
3390
3391 <p>
3392 The special value <tt>byhand</tt> for the section in a
3393 <tt>.changes</tt> file indicates that the file in question
3394 is not an ordinary package file and must by installed by
3395 hand by the distribution maintainers. If the section is
3396 <tt>byhand</tt> the priority should be <tt>-</tt>.
3397 </p>
3398
3399 <p>
3400 If a new Debian revision of a package is being shipped and
3401 no new original source archive is being distributed the
3402 <tt>.dsc</tt> must still contain the <tt>Files</tt> field
3403 entry for the original source archive
3404 <file><var>package</var>_<var>upstream-version</var>.orig.tar.gz</file>,
3405 but the <file>.changes</file> file should leave it out. In
3406 this case the original source archive on the distribution
3407 site must match exactly, byte-for-byte, the original
3408 source archive which was used to generate the
3409 <file>.dsc</file> file and diff which are being uploaded.</p>
3410 </sect1>
3411
3412 <sect1 id="f-Closes">
3413 <heading><tt>Closes</tt></heading>
3414
3415 <p>
3416 A space-separated list of bug report numbers that the upload
3417 governed by the .changes file closes.
3418 </p>
3419 </sect1>
3420
3421 <sect1 id="f-Homepage">
3422 <heading><tt>Homepage</tt></heading>
3423
3424 <p>
3425 The URL of the web site for this package, preferably (when
3426 applicable) the site from which the original source can be
3427 obtained and any additional upstream documentation or
3428 information may be found. The content of this field is a
3429 simple URL without any surrounding characters such as
3430 <tt>&lt;&gt;</tt>.
3431 </p>
3432 </sect1>
3433
3434 </sect>
3435
3436 <sect>
3437 <heading>User-defined fields</heading>
3438
3439 <p>
3440 Additional user-defined fields may be added to the
3441 source package control file. Such fields will be
3442 ignored, and not copied to (for example) binary or
3443 source package control files or upload control files.
3444 </p>
3445
3446 <p>
3447 If you wish to add additional unsupported fields to
3448 these output files you should use the mechanism
3449 described here.
3450 </p>
3451
3452 <p>
3453 Fields in the main source control information file with
3454 names starting <tt>X</tt>, followed by one or more of
3455 the letters <tt>BCS</tt> and a hyphen <tt>-</tt>, will
3456 be copied to the output files. Only the part of the
3457 field name after the hyphen will be used in the output
3458 file. Where the letter <tt>B</tt> is used the field
3459 will appear in binary package control files, where the
3460 letter <tt>S</tt> is used in source package control
3461 files and where <tt>C</tt> is used in upload control
3462 (<tt>.changes</tt>) files.
3463 </p>
3464
3465 <p>
3466 For example, if the main source information control file
3467 contains the field
3468 <example>
3469 XBS-Comment: I stand between the candle and the star.
3470 </example>
3471 then the binary and source package control files will contain the
3472 field
3473 <example>
3474 Comment: I stand between the candle and the star.
3475 </example>
3476 </p>
3477
3478 </sect>
3479
3480 </chapt>
3481
3482
3483 <chapt id="maintainerscripts">
3484 <heading>Package maintainer scripts and installation procedure</heading>
3485
3486 <sect>
3487 <heading>Introduction to package maintainer scripts</heading>
3488
3489 <p>
3490 It is possible to supply scripts as part of a package which
3491 the package management system will run for you when your
3492 package is installed, upgraded or removed.
3493 </p>
3494
3495 <p>
3496 These scripts are the files <prgn>preinst</prgn>,
3497 <prgn>postinst</prgn>, <prgn>prerm</prgn> and
3498 <prgn>postrm</prgn> in the control area of the package.
3499 They must be proper executable files; if they are scripts
3500 (which is recommended), they must start with the usual
3501 <tt>#!</tt> convention. They should be readable and
3502 executable by anyone, and must not be world-writable.
3503 </p>
3504
3505 <p>
3506 The package management system looks at the exit status from
3507 these scripts. It is important that they exit with a
3508 non-zero status if there is an error, so that the package
3509 management system can stop its processing. For shell
3510 scripts this means that you <em>almost always</em> need to
3511 use <tt>set -e</tt> (this is usually true when writing shell
3512 scripts, in fact). It is also important, of course, that
3513 they exit with a zero status if everything went well.
3514 </p>
3515
3516 <p>
3517 Additionally, packages interacting with users using
3518 <tt>debconf</tt> in the <prgn>postinst</prgn> script should
3519 install a <prgn>config</prgn> script in the control area,
3520 see <ref id="maintscriptprompt"> for details.
3521 </p>
3522
3523 <p>
3524 When a package is upgraded a combination of the scripts from
3525 the old and new packages is called during the upgrade
3526 procedure. If your scripts are going to be at all
3527 complicated you need to be aware of this, and may need to
3528 check the arguments to your scripts.
3529 </p>
3530
3531 <p>
3532 Broadly speaking the <prgn>preinst</prgn> is called before
3533 (a particular version of) a package is installed, and the
3534 <prgn>postinst</prgn> afterwards; the <prgn>prerm</prgn>
3535 before (a version of) a package is removed and the
3536 <prgn>postrm</prgn> afterwards.
3537 </p>
3538
3539 <p>
3540 Programs called from maintainer scripts should not normally
3541 have a path prepended to them. Before installation is
3542 started, the package management system checks to see if the
3543 programs <prgn>ldconfig</prgn>,
3544 <prgn>start-stop-daemon</prgn>, <prgn>install-info</prgn>,
3545 and <prgn>update-rc.d</prgn> can be found via the
3546 <tt>PATH</tt> environment variable. Those programs, and any
3547 other program that one would expect to be in the
3548 <tt>PATH</tt>, should thus be invoked without an absolute
3549 pathname. Maintainer scripts should also not reset the
3550 <tt>PATH</tt>, though they might choose to modify it by
3551 prepending or appending package-specific directories. These
3552 considerations really apply to all shell scripts.</p>
3553 </sect>
3554
3555 <sect id="idempotency">
3556 <heading>Maintainer scripts idempotency</heading>
3557
3558 <p>
3559 It is necessary for the error recovery procedures that the
3560 scripts be idempotent. This means that if it is run
3561 successfully, and then it is called again, it doesn't bomb
3562 out or cause any harm, but just ensures that everything is
3563 the way it ought to be. If the first call failed, or
3564 aborted half way through for some reason, the second call
3565 should merely do the things that were left undone the first
3566 time, if any, and exit with a success status if everything
3567 is OK.<footnote>
3568 This is so that if an error occurs, the user interrupts
3569 <prgn>dpkg</prgn> or some other unforeseen circumstance
3570 happens you don't leave the user with a badly-broken
3571 package when <prgn>dpkg</prgn> attempts to repeat the
3572 action.
3573 </footnote>
3574 </p>
3575 </sect>
3576
3577 <sect id="controllingterminal">
3578 <heading>Controlling terminal for maintainer scripts</heading>
3579
3580 <p>
3581 The maintainer scripts are guaranteed to run with a
3582 controlling terminal and can interact with the user.
3583 Because these scripts may be executed with standard output
3584 redirected into a pipe for logging purposes, Perl scripts
3585 should set unbuffered output by setting <tt>$|=1</tt> so
3586 that the output is printed immediately rather than being
3587 buffered.
3588 </p>
3589 </sect>
3590 <sect id="exitstatus">
3591 <heading>Exit status</heading>
3592
3593 <p>
3594 Each script must return a zero exit status for
3595 success, or a nonzero one for failure, since the package
3596 management system looks for the exit status of these scripts
3597 and determines what action to take next based on that datum.
3598 </p>
3599 </sect>
3600
3601 <sect id="mscriptsinstact"><heading>Summary of ways maintainer
3602 scripts are called
3603 </heading>
3604
3605 <p>
3606 <list compact="compact">
3607 <item>
3608 <var>new-preinst</var> <tt>install</tt>
3609 </item>
3610 <item>
3611 <var>new-preinst</var> <tt>install</tt> <var>old-version</var>
3612 </item>
3613 <item>
3614 <var>new-preinst</var> <tt>upgrade</tt> <var>old-version</var>
3615 </item>
3616 <item>
3617 <var>old-preinst</var> <tt>abort-upgrade</tt>
3618 <var>new-version</var>
3619 </item>
3620 </list>
3621
3622 <p>
3623 <list compact="compact">
3624 <item>
3625 <var>postinst</var> <tt>configure</tt>
3626 <var>most-recently-configured-version</var>
3627 </item>
3628 <item>
3629 <var>old-postinst</var> <tt>abort-upgrade</tt>
3630 <var>new-version</var>
3631 </item>
3632 <item>
3633 <var>conflictor's-postinst</var> <tt>abort-remove</tt>
3634 <tt>in-favour</tt> <var>package</var>
3635 <var>new-version</var>
3636 </item>
3637 <item>
3638 <var>postinst</var> <tt>abort-remove</tt>
3639 </item>
3640 <item>
3641 <var>deconfigured's-postinst</var>
3642 <tt>abort-deconfigure</tt> <tt>in-favour</tt>
3643 <var>failed-install-package</var> <var>version</var>
3644 [<tt>removing</tt> <var>conflicting-package</var>
3645 <var>version</var>]
3646 </item>
3647 </list>
3648
3649 <p>
3650 <list compact="compact">
3651 <item>
3652 <var>prerm</var> <tt>remove</tt>
3653 </item>
3654 <item>
3655 <var>old-prerm</var> <tt>upgrade</tt>
3656 <var>new-version</var>
3657 </item>
3658 <item>
3659 <var>new-prerm</var> <tt>failed-upgrade</tt>
3660 <var>old-version</var>
3661 </item>
3662 <item>
3663 <var>conflictor's-prerm</var> <tt>remove</tt>
3664 <tt>in-favour</tt> <var>package</var>
3665 <var>new-version</var>
3666 </item>
3667 <item>
3668 <var>deconfigured's-prerm</var> <tt>deconfigure</tt>
3669 <tt>in-favour</tt> <var>package-being-installed</var>
3670 <var>version</var> [<tt>removing</tt>
3671 <var>conflicting-package</var>
3672 <var>version</var>]
3673 </item>
3674 </list>
3675
3676 <p>
3677 <list compact="compact">
3678 <item>
3679 <var>postrm</var> <tt>remove</tt>
3680 </item>
3681 <item>
3682 <var>postrm</var> <tt>purge</tt>
3683 </item>
3684 <item>
3685 <var>old-postrm</var> <tt>upgrade</tt>
3686 <var>new-version</var>
3687 </item>
3688 <item>
3689 <var>new-postrm</var> <tt>failed-upgrade</tt>
3690 <var>old-version</var>
3691 </item>
3692 <item>
3693 <var>new-postrm</var> <tt>abort-install</tt>
3694 </item>
3695 <item>
3696 <var>new-postrm</var> <tt>abort-install</tt>
3697 <var>old-version</var>
3698 </item>
3699 <item>
3700 <var>new-postrm</var> <tt>abort-upgrade</tt>
3701 <var>old-version</var>
3702 </item>
3703 <item>
3704 <var>disappearer's-postrm</var> <tt>disappear</tt>
3705 <var>overwriter</var>
3706 <var>overwriter-version</var>
3707 </item>
3708 </list>
3709 </p>
3710
3711
3712 <sect id="unpackphase">
3713 <heading>Details of unpack phase of installation or upgrade</heading>
3714
3715 <p>
3716 The procedure on installation/upgrade/overwrite/disappear
3717 (i.e., when running <tt>dpkg --unpack</tt>, or the unpack
3718 stage of <tt>dpkg --install</tt>) is as follows. In each
3719 case, if a major error occurs (unless listed below) the
3720 actions are, in general, run backwards - this means that the
3721 maintainer scripts are run with different arguments in
3722 reverse order. These are the "error unwind" calls listed
3723 below.
3724
3725 <enumlist>
3726 <item>
3727 <enumlist>
3728 <item>
3729 If a version of the package is already installed, call
3730 <example compact="compact">
3731 <var>old-prerm</var> upgrade <var>new-version</var>
3732 </example>
3733 </item>
3734 <item>
3735 If the script runs but exits with a non-zero
3736 exit status, <prgn>dpkg</prgn> will attempt:
3737 <example compact="compact">
3738 <var>new-prerm</var> failed-upgrade <var>old-version</var>
3739 </example>
3740 If this works, the upgrade continues. If this
3741 does not work, the error unwind:
3742 <example compact="compact">
3743 <var>old-postinst</var> abort-upgrade <var>new-version</var>
3744 </example>
3745 If this works, then the old-version is
3746 "Installed", if not, the old version is in a
3747 "Half-Configured" state.
3748 </item>
3749 </enumlist>
3750 </item>
3751
3752 <item>
3753 If a "conflicting" package is being removed at the same time,
3754 or if any package will be broken (due to <tt>Breaks</tt>):
3755 <enumlist>
3756 <item>
3757 If <tt>--auto-deconfigure</tt> is
3758 specified, call, for each package to be deconfigured
3759 due to <tt>Breaks</tt>:
3760 <example compact="compact">
3761 <var>deconfigured's-prerm</var> deconfigure \
3762 in-favour <var>package-being-installed</var> <var>version</var>
3763 </example>
3764 Error unwind:
3765 <example compact="compact">
3766 <var>deconfigured's-postinst</var> abort-deconfigure \
3767 in-favour <var>package-being-installed-but-failed</var> <var>version</var>
3768 </example>
3769 The deconfigured packages are marked as
3770 requiring configuration, so that if
3771 <tt>--install</tt> is used they will be
3772 configured again if possible.
3773 </item>
3774 <item>
3775 If any packages depended on a conflicting
3776 package being removed and <tt>--auto-deconfigure</tt> is
3777 specified, call, for each such package:
3778 <example compact="compact">
3779 <var>deconfigured's-prerm</var> deconfigure \
3780 in-favour <var>package-being-installed</var> <var>version</var> \
3781 removing <var>conflicting-package</var> <var>version</var>
3782 </example>
3783 Error unwind:
3784 <example compact="compact">
3785 <var>deconfigured's-postinst</var> abort-deconfigure \
3786 in-favour <var>package-being-installed-but-failed</var> <var>version</var> \
3787 removing <var>conflicting-package</var> <var>version</var>
3788 </example>
3789 The deconfigured packages are marked as
3790 requiring configuration, so that if
3791 <tt>--install</tt> is used they will be
3792 configured again if possible.
3793 </item>
3794 <item>
3795 To prepare for removal of each conflicting package, call:
3796 <example compact="compact">
3797 <var>conflictor's-prerm</var> remove \
3798 in-favour <var>package</var> <var>new-version</var>
3799 </example>
3800 Error unwind:
3801 <example compact="compact">
3802 <var>conflictor's-postinst</var> abort-remove \
3803 in-favour <var>package</var> <var>new-version</var>
3804 </example>
3805 </item>
3806 </enumlist>
3807 </item>
3808
3809 <item>
3810 <enumlist>
3811 <item>
3812 If the package is being upgraded, call:
3813 <example compact="compact">
3814 <var>new-preinst</var> upgrade <var>old-version</var>
3815 </example>
3816 If this fails, we call:
3817 <example>
3818 <var>new-postrm</var> abort-upgrade <var>old-version</var>
3819 </example>
3820 <enumlist>
3821 <item>
3822 <p>
3823 If that works, then
3824 <example>
3825 <var>old-postinst</var> abort-upgrade <var>new-version</var>
3826 </example>
3827 is called. If this works, then the old version
3828 is in an "Installed" state, or else it is left
3829 in an "Unpacked" state.
3830 </p>
3831 </item>
3832 <item>
3833 <p>
3834 If it fails, then the old version is left
3835 in an "Half-Installed" state.
3836 </p>
3837 </item>
3838 </enumlist>
3839
3840 </item>
3841 <item>
3842 Otherwise, if the package had some configuration
3843 files from a previous version installed (i.e., it
3844 is in the "configuration files only" state):
3845 <example compact="compact">
3846 <var>new-preinst</var> install <var>old-version</var>
3847 </example>
3848 Error unwind:
3849 <example>
3850 <var>new-postrm</var> abort-install <var>old-version</var>
3851 </example>
3852 If this fails, the package is left in a
3853 "Half-Installed" state, which requires a
3854 reinstall. If it works, the packages is left in
3855 a "Config-Files" state.
3856 </item>
3857 <item>
3858 Otherwise (i.e., the package was completely purged):
3859 <example compact="compact">
3860 <var>new-preinst</var> install
3861 </example>
3862 Error unwind:
3863 <example compact="compact">
3864 <var>new-postrm</var> abort-install
3865 </example>
3866 If the error-unwind fails, the package is in a
3867 "Half-Installed" phase, and requires a
3868 reinstall. If the error unwind works, the
3869 package is in a not installed state.
3870 </item>
3871 </enumlist>
3872 </item>
3873
3874 <item>
3875 <p>
3876 The new package's files are unpacked, overwriting any
3877 that may be on the system already, for example any
3878 from the old version of the same package or from
3879 another package. Backups of the old files are kept
3880 temporarily, and if anything goes wrong the package
3881 management system will attempt to put them back as
3882 part of the error unwind.
3883 </p>
3884
3885 <p>
3886 It is an error for a package to contain files which
3887 are on the system in another package, unless
3888 <tt>Replaces</tt> is used (see <ref id="replaces">).
3889 <!--
3890 The following paragraph is not currently the case:
3891 Currently the <tt>- - force-overwrite</tt> flag is
3892 enabled, downgrading it to a warning, but this may not
3893 always be the case.
3894 -->
3895 </p>
3896
3897 <p>
3898 It is a more serious error for a package to contain a
3899 plain file or other kind of non-directory where another
3900 package has a directory (again, unless
3901 <tt>Replaces</tt> is used). This error can be
3902 overridden if desired using
3903 <tt>--force-overwrite-dir</tt>, but this is not
3904 advisable.
3905 </p>
3906
3907 <p>
3908 Packages which overwrite each other's files produce
3909 behavior which, though deterministic, is hard for the
3910 system administrator to understand. It can easily
3911 lead to "missing" programs if, for example, a package
3912 is installed which overwrites a file from another
3913 package, and is then removed again.<footnote>
3914 Part of the problem is due to what is arguably a
3915 bug in <prgn>dpkg</prgn>.
3916 </footnote>
3917 </p>
3918
3919 <p>
3920 A directory will never be replaced by a symbolic link
3921 to a directory or vice versa; instead, the existing
3922 state (symlink or not) will be left alone and
3923 <prgn>dpkg</prgn> will follow the symlink if there is
3924 one.
3925 </p>
3926 </item>
3927
3928 <item>
3929 <p>
3930 <enumlist>
3931 <item>
3932 If the package is being upgraded, call
3933 <example compact="compact">
3934 <var>old-postrm</var> upgrade <var>new-version</var>
3935 </example>
3936 </item>
3937 <item>
3938 If this fails, <prgn>dpkg</prgn> will attempt:
3939 <example compact="compact">
3940 <var>new-postrm</var> failed-upgrade <var>old-version</var>
3941 </example>
3942 If this works, installation continues. If not,
3943 Error unwind:
3944 <example compact="compact">
3945 <var>old-preinst</var> abort-upgrade <var>new-version</var>
3946 </example>
3947 If this fails, the old version is left in a
3948 "Half-Installed" state. If it works, dpkg now
3949 calls:
3950 <example compact="compact">
3951 <var>new-postrm</var> abort-upgrade <var>old-version</var>
3952 </example>
3953 If this fails, the old version is left in a
3954 "Half-Installed" state. If it works, dpkg now
3955 calls:
3956 <example compact="compact">
3957 <var>old-postinst</var> abort-upgrade <var>new-version</var>
3958 </example>
3959 If this fails, the old version is in an
3960 "Unpacked" state.
3961 </item>
3962 </enumlist>
3963 </p>
3964
3965 <p>
3966 This is the point of no return - if
3967 <prgn>dpkg</prgn> gets this far, it won't back off
3968 past this point if an error occurs. This will
3969 leave the package in a fairly bad state, which
3970 will require a successful re-installation to clear
3971 up, but it's when <prgn>dpkg</prgn> starts doing
3972 things that are irreversible.
3973 </p>
3974 </item>
3975
3976 <item>
3977 Any files which were in the old version of the package
3978 but not in the new are removed.
3979 </item>
3980
3981 <item>
3982 The new file list replaces the old.
3983 </item>
3984
3985 <item>
3986 The new maintainer scripts replace the old.
3987 </item>
3988
3989 <item>
3990 Any packages all of whose files have been overwritten
3991 during the installation, and which aren't required for
3992 dependencies, are considered to have been removed.
3993 For each such package
3994 <enumlist>
3995 <item>
3996 <prgn>dpkg</prgn> calls:
3997 <example compact="compact">
3998 <var>disappearer's-postrm</var> disappear \
3999 <var>overwriter</var> <var>overwriter-version</var>
4000 </example>
4001 </item>
4002 <item>
4003 The package's maintainer scripts are removed.
4004 </item>
4005 <item>
4006 It is noted in the status database as being in a
4007 sane state, namely not installed (any conffiles
4008 it may have are ignored, rather than being
4009 removed by <prgn>dpkg</prgn>). Note that
4010 disappearing packages do not have their prerm
4011 called, because <prgn>dpkg</prgn> doesn't know
4012 in advance that the package is going to
4013 vanish.
4014 </item>
4015 </enumlist>
4016 </item>
4017
4018 <item>
4019 Any files in the package we're unpacking that are also
4020 listed in the file lists of other packages are removed
4021 from those lists. (This will lobotomize the file list
4022 of the "conflicting" package if there is one.)
4023 </item>
4024
4025 <item>
4026 The backup files made during installation, above, are
4027 deleted.
4028 </item>
4029
4030 <item>
4031 <p>
4032 The new package's status is now sane, and recorded as
4033 "unpacked".
4034 </p>
4035
4036 <p>
4037 Here is another point of no return - if the
4038 conflicting package's removal fails we do not unwind
4039 the rest of the installation; the conflicting package
4040 is left in a half-removed limbo.
4041 </p>
4042 </item>
4043
4044 <item>
4045 If there was a conflicting package we go and do the
4046 removal actions (described below), starting with the
4047 removal of the conflicting package's files (any that
4048 are also in the package being installed have already
4049 been removed from the conflicting package's file list,
4050 and so do not get removed now).
4051 </item>
4052 </enumlist>
4053 </p>
4054 </sect>
4055
4056 <sect id="configdetails"><heading>Details of configuration</heading>
4057
4058 <p>
4059 When we configure a package (this happens with <tt>dpkg
4060 --install</tt> and <tt>dpkg --configure</tt>), we first
4061 update any <tt>conffile</tt>s and then call:
4062 <example compact="compact">
4063 <var>postinst</var> configure <var>most-recently-configured-version</var>
4064 </example>
4065 </p>
4066
4067 <p>
4068 No attempt is made to unwind after errors during
4069 configuration. If the configuration fails, the package is in
4070 a "Failed Config" state, and an error message is generated.
4071 </p>
4072
4073 <p>
4074 If there is no most recently configured version
4075 <prgn>dpkg</prgn> will pass a null argument.
4076 <footnote>
4077 <p>
4078 Historical note: Truly ancient (pre-1997) versions of
4079 <prgn>dpkg</prgn> passed <tt>&lt;unknown&gt;</tt>
4080 (including the angle brackets) in this case. Even older
4081 ones did not pass a second argument at all, under any
4082 circumstance. Note that upgrades using such an old dpkg
4083 version are unlikely to work for other reasons, even if
4084 this old argument behavior is handled by your postinst script.
4085 </p>
4086 </footnote>
4087 </p>
4088 </sect>
4089
4090 <sect id="removedetails"><heading>Details of removal and/or
4091 configuration purging</heading>
4092
4093 <p>
4094 <enumlist>
4095 <item>
4096 <p>
4097 <example compact="compact">
4098 <var>prerm</var> remove
4099 </example>
4100 </p>
4101 <p>
4102 If prerm fails during replacement due to conflict
4103 <example>
4104 <var>conflictor's-postinst</var> abort-remove \
4105 in-favour <var>package</var> <var>new-version</var>
4106 </example>
4107 Or else we call:
4108 <example>
4109 <var>postinst</var> abort-remove
4110 </example>
4111 </p>
4112 <p>
4113 If this fails, the package is in a "Half-Configured"
4114 state, or else it remains "Installed".
4115 </p>
4116 </item>
4117 <item>
4118 The package's files are removed (except <tt>conffile</tt>s).
4119 </item>
4120 <item>
4121 <example compact="compact">
4122 <var>postrm</var> remove
4123 </example>
4124
4125 <p>
4126 If it fails, there's no error unwind, and the package is in
4127 an "Half-Installed" state.
4128 </p>
4129 </item>
4130 <item>
4131 <p>
4132 All the maintainer scripts except the <prgn>postrm</prgn>
4133 are removed.
4134 </p>
4135
4136 <p>
4137 If we aren't purging the package we stop here. Note
4138 that packages which have no <prgn>postrm</prgn> and no
4139 <tt>conffile</tt>s are automatically purged when
4140 removed, as there is no difference except for the
4141 <prgn>dpkg</prgn> status.
4142 </p>
4143 </item>
4144 <item>
4145 The <tt>conffile</tt>s and any backup files
4146 (<tt>~</tt>-files, <tt>#*#</tt> files,
4147 <tt>%</tt>-files, <tt>.dpkg-{old,new,tmp}</tt>, etc.)
4148 are removed.
4149 </item>
4150 <item>
4151 <p>
4152 <example compact="compact">
4153 <var>postrm</var> purge
4154 </example>
4155 </p>
4156 <p>
4157 If this fails, the package remains in a "Config-Files"
4158 state.
4159 </p>
4160 </item>
4161 <item>
4162 The package's file list is removed.
4163 </item>
4164 </enumlist>
4165
4166 </p>
4167 </sect>
4168 </chapt>
4169
4170
4171 <chapt id="relationships">
4172 <heading>Declaring relationships between packages</heading>
4173
4174 <sect id="depsyntax">
4175 <heading>Syntax of relationship fields</heading>
4176
4177 <p>
4178 These fields all have a uniform syntax. They are a list of
4179 package names separated by commas.
4180 </p>
4181
4182 <p>
4183 In the <tt>Depends</tt>, <tt>Recommends</tt>,
4184 <tt>Suggests</tt>, <tt>Pre-Depends</tt>,
4185 <tt>Build-Depends</tt> and <tt>Build-Depends-Indep</tt>
4186 control file fields of the package, which declare
4187 dependencies on other packages, the package names listed may
4188 also include lists of alternative package names, separated
4189 by vertical bar (pipe) symbols <tt>|</tt>. In such a case,
4190 if any one of the alternative packages is installed, that
4191 part of the dependency is considered to be satisfied.
4192 </p>
4193
4194 <p>
4195 All of the fields except for <tt>Provides</tt> may restrict
4196 their applicability to particular versions of each named
4197 package. This is done in parentheses after each individual
4198 package name; the parentheses should contain a relation from
4199 the list below followed by a version number, in the format
4200 described in <ref id="f-Version">.
4201 </p>
4202
4203 <p>
4204 The relations allowed are <tt>&lt;&lt;</tt>, <tt>&lt;=</tt>,
4205 <tt>=</tt>, <tt>&gt;=</tt> and <tt>&gt;&gt;</tt> for
4206 strictly earlier, earlier or equal, exactly equal, later or
4207 equal and strictly later, respectively. The deprecated
4208 forms <tt>&lt;</tt> and <tt>&gt;</tt> were used to mean
4209 earlier/later or equal, rather than strictly earlier/later,
4210 so they should not appear in new packages (though
4211 <prgn>dpkg</prgn> still supports them).
4212 </p>
4213
4214 <p>
4215 Whitespace may appear at any point in the version
4216 specification subject to the rules in <ref
4217 id="controlsyntax">, and must appear where it's necessary to
4218 disambiguate; it is not otherwise significant. All of the
4219 relationship fields may span multiple lines. For
4220 consistency and in case of future changes to
4221 <prgn>dpkg</prgn> it is recommended that a single space be
4222 used after a version relationship and before a version
4223 number; it is also conventional to put a single space after
4224 each comma, on either side of each vertical bar, and before
4225 each open parenthesis. When wrapping a relationship field, it
4226 is conventional to do so after a comma and before the space
4227 following that comma.
4228 </p>
4229
4230 <p>
4231 For example, a list of dependencies might appear as:
4232 <example compact="compact">
4233 Package: mutt
4234 Version: 1.3.17-1
4235 Depends: libc6 (>= 2.2.1), exim | mail-transport-agent
4236 </example>
4237 </p>
4238
4239 <p>
4240 All fields that specify build-time relationships
4241 (<tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
4242 <tt>Build-Conflicts</tt> and <tt>Build-Conflicts-Indep</tt>)
4243 may be restricted to a certain set of architectures. This
4244 is indicated in brackets after each individual package name and
4245 the optional version specification. The brackets enclose a
4246 list of Debian architecture names separated by whitespace.
4247 Exclamation marks may be prepended to each of the names.
4248 (It is not permitted for some names to be prepended with
4249 exclamation marks while others aren't.) If the current Debian
4250 host architecture is not in this list and there are no
4251 exclamation marks in the list, or it is in the list with a
4252 prepended exclamation mark, the package name and the
4253 associated version specification are ignored completely for
4254 the purposes of defining the relationships.
4255 </p>
4256
4257 <p>
4258 For example:
4259 <example compact="compact">
4260 Source: glibc
4261 Build-Depends-Indep: texinfo
4262 Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
4263 hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
4264 </example>
4265 requires <tt>kernel-headers-2.2.10</tt> on all architectures
4266 other than hurd-i386 and requires <tt>hurd-dev</tt> and
4267 <tt>gnumach-dev</tt> only on hurd-i386.
4268 </p>
4269
4270 <p>
4271 If the architecture-restricted dependency is part of a set of
4272 alternatives using <tt>|</tt>, that alternative is ignored
4273 completely on architectures that do not match the restriction.
4274 For example:
4275 <example compact="compact">
4276 Build-Depends: foo [!i386] | bar [!amd64]
4277 </example>
4278 is equivalent to <tt>bar</tt> on the i386 architecture, to
4279 <tt>foo</tt> on the amd64 architecture, and to <tt>foo |
4280 bar</tt> on all other architectures.
4281 </p>
4282
4283 <p>
4284 Note that the binary package relationship fields such as
4285 <tt>Depends</tt> appear in one of the binary package
4286 sections of the control file, whereas the build-time
4287 relationships such as <tt>Build-Depends</tt> appear in the
4288 source package section of the control file (which is the
4289 first section).
4290 </p>
4291 <p>
4292 All fields that specify build-time relationships
4293 (<tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
4294 <tt>Build-Conflicts</tt> and <tt>Build-Conflicts-Indep</tt>) may also
4295 be restricted to a certain set of architectures using architecture
4296 wildcards. The syntax for declaring such restrictions is the same as
4297 declaring restrictions using a certain set of architectures without
4298 architecture wildcards.
4299 For example:
4300 <example compact="compact">
4301 Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
4302 </example>
4303 is equivalent to <tt>foo</tt> on architectures using the
4304 Linux kernel and any cpu, <tt>bar</tt> on architectures
4305 using any kernel and an i386 cpu, and <tt>baz</tt> on
4306 on any architecture using a kernel other than Linux.
4307 </p>
4308 </sect>
4309
4310 <sect id="binarydeps">
4311 <heading>Binary Dependencies - <tt>Depends</tt>,
4312 <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
4313 <tt>Pre-Depends</tt>
4314 </heading>
4315
4316 <p>
4317 Packages can declare in their control file that they have
4318 certain relationships to other packages - for example, that
4319 they may not be installed at the same time as certain other
4320 packages, and/or that they depend on the presence of others.
4321 </p>
4322
4323 <p>
4324 This is done using the <tt>Depends</tt>, <tt>Pre-Depends</tt>,
4325 <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
4326 <tt>Breaks</tt> and <tt>Conflicts</tt> control file fields.
4327 <tt>Breaks</tt> is described in <ref id="breaks">, and
4328 <tt>Conflicts</tt> is described in <ref id="conflicts">. The
4329 rest are described below.
4330 </p>
4331
4332 <p>
4333 These seven fields are used to declare a dependency
4334 relationship by one package on another. Except for
4335 <tt>Enhances</tt> and <tt>Breaks</tt>, they appear in the
4336 depending (binary) package's control file.
4337 (<tt>Enhances</tt> appears in the recommending package's
4338 control file, and <tt>Breaks</tt> appears in the version of
4339 depended-on package which causes the named package to
4340 break).
4341 </p>
4342
4343 <p>
4344 A <tt>Depends</tt> field takes effect <em>only</em> when a
4345 package is to be configured. It does not prevent a package
4346 being on the system in an unconfigured state while its
4347 dependencies are unsatisfied, and it is possible to replace
4348 a package whose dependencies are satisfied and which is
4349 properly installed with a different version whose
4350 dependencies are not and cannot be satisfied; when this is
4351 done the depending package will be left unconfigured (since
4352 attempts to configure it will give errors) and will not
4353 function properly. If it is necessary, a
4354 <tt>Pre-Depends</tt> field can be used, which has a partial
4355 effect even when a package is being unpacked, as explained
4356 in detail below. (The other three dependency fields,
4357 <tt>Recommends</tt>, <tt>Suggests</tt> and
4358 <tt>Enhances</tt>, are only used by the various front-ends
4359 to <prgn>dpkg</prgn> such as <prgn>apt-get</prgn>,
4360 <prgn>aptitude</prgn>, and <prgn>dselect</prgn>.)
4361 </p>
4362
4363 <p>
4364 For this reason packages in an installation run are usually
4365 all unpacked first and all configured later; this gives
4366 later versions of packages with dependencies on later
4367 versions of other packages the opportunity to have their
4368 dependencies satisfied.
4369 </p>
4370
4371 <p>
4372 In case of circular dependencies, since installation or
4373 removal order honoring the dependency order can't be
4374 established, dependency loops are broken at some point
4375 (based on rules below), and some packages may not be able to
4376 rely on their dependencies being present when being
4377 installed or removed, depending on which side of the break
4378 of the circular dependency loop they happen to be on. If one
4379 of the packages in the loop has no postinst script, then the
4380 cycle will be broken at that package, so as to ensure that
4381 all postinst scripts run with the dependencies properly
4382 configured if this is possible. Otherwise the breaking point
4383 is arbitrary.
4384 </p>
4385
4386 <p>
4387 The <tt>Depends</tt> field thus allows package maintainers
4388 to impose an order in which packages should be configured.
4389 </p>
4390
4391 <p>
4392 The meaning of the five dependency fields is as follows:
4393 <taglist>
4394 <tag><tt>Depends</tt></tag>
4395 <item>
4396 <p>
4397 This declares an absolute dependency. A package will
4398 not be configured unless all of the packages listed in
4399 its <tt>Depends</tt> field have been correctly
4400 configured.
4401 </p>
4402
4403 <p>
4404 The <tt>Depends</tt> field should be used if the
4405 depended-on package is required for the depending
4406 package to provide a significant amount of
4407 functionality.
4408 </p>
4409
4410 <p>
4411 The <tt>Depends</tt> field should also be used if the
4412 <prgn>postinst</prgn>, <prgn>prerm</prgn> or
4413 <prgn>postrm</prgn> scripts require the package to be
4414 present in order to run. Note, however, that the
4415 <prgn>postrm</prgn> cannot rely on any non-essential
4416 packages to be present during the <tt>purge</tt>
4417 phase.
4418 </item>
4419
4420 <tag><tt>Recommends</tt></tag>
4421 <item>
4422 <p>
4423 This declares a strong, but not absolute, dependency.
4424 </p>
4425
4426 <p>
4427 The <tt>Recommends</tt> field should list packages
4428 that would be found together with this one in all but
4429 unusual installations.
4430 </p>
4431 </item>
4432
4433 <tag><tt>Suggests</tt></tag>
4434 <item>
4435 This is used to declare that one package may be more
4436 useful with one or more others. Using this field
4437 tells the packaging system and the user that the
4438 listed packages are related to this one and can
4439 perhaps enhance its usefulness, but that installing
4440 this one without them is perfectly reasonable.
4441 </item>
4442
4443 <tag><tt>Enhances</tt></tag>
4444 <item>
4445 This field is similar to Suggests but works in the
4446 opposite direction. It is used to declare that a
4447 package can enhance the functionality of another
4448 package.
4449 </item>
4450
4451 <tag><tt>Pre-Depends</tt></tag>
4452 <item>
4453 <p>
4454 This field is like <tt>Depends</tt>, except that it
4455 also forces <prgn>dpkg</prgn> to complete installation
4456 of the packages named before even starting the
4457 installation of the package which declares the
4458 pre-dependency, as follows:
4459 </p>
4460
4461 <p>
4462 When a package declaring a pre-dependency is about to
4463 be <em>unpacked</em> the pre-dependency can be
4464 satisfied if the depended-on package is either fully
4465 configured, <em>or even if</em> the depended-on
4466 package(s) are only unpacked or in the "Half-Configured"
4467 state, provided that they have been configured
4468 correctly at some point in the past (and not removed
4469 or partially removed since). In this case, both the
4470 previously-configured and currently unpacked or
4471 "Half-Configured" versions must satisfy any version
4472 clause in the <tt>Pre-Depends</tt> field.
4473 </p>
4474
4475 <p>
4476 When the package declaring a pre-dependency is about
4477 to be <em>configured</em>, the pre-dependency will be
4478 treated as a normal <tt>Depends</tt>, that is, it will
4479 be considered satisfied only if the depended-on
4480 package has been correctly configured.
4481 </p>
4482
4483 <p>
4484 <tt>Pre-Depends</tt> should be used sparingly,
4485 preferably only by packages whose premature upgrade or
4486 installation would hamper the ability of the system to
4487 continue with any upgrade that might be in progress.
4488 </p>
4489
4490 <p>
4491 <tt>Pre-Depends</tt> are also required if the
4492 <prgn>preinst</prgn> script depends on the named
4493 package. It is best to avoid this situation if
4494 possible.
4495 </p>
4496 </item>
4497 </taglist>
4498 </p>
4499
4500 <p>
4501 When selecting which level of dependency to use you should
4502 consider how important the depended-on package is to the
4503 functionality of the one declaring the dependency. Some
4504 packages are composed of components of varying degrees of
4505 importance. Such a package should list using
4506 <tt>Depends</tt> the package(s) which are required by the
4507 more important components. The other components'
4508 requirements may be mentioned as Suggestions or
4509 Recommendations, as appropriate to the components' relative
4510 importance.
4511 </p>
4512 </sect>
4513
4514 <sect id="breaks">
4515 <heading>Packages which break other packages - <tt>Breaks</tt></heading>
4516
4517 <p>
4518 When one binary package declares that it breaks another,
4519 <prgn>dpkg</prgn> will refuse to allow the package which
4520 declares <tt>Breaks</tt> be installed unless the broken
4521 package is deconfigured first, and it will refuse to
4522 allow the broken package to be reconfigured.
4523 </p>
4524
4525 <p>
4526 A package will not be regarded as causing breakage merely
4527 because its configuration files are still installed; it must
4528 be at least "Half-Installed".
4529 </p>
4530
4531 <p>
4532 A special exception is made for packages which declare that
4533 they break their own package name or a virtual package which
4534 they provide (see below): this does not count as a real
4535 breakage.
4536 </p>
4537
4538 <p>
4539 Normally a <tt>Breaks</tt> entry will have an "earlier than"
4540 version clause; such a <tt>Breaks</tt> is introduced in the
4541 version of an (implicit or explicit) dependency which
4542 violates an assumption or reveals a bug in earlier versions
4543 of the broken package. This use of <tt>Breaks</tt> will
4544 inform higher-level package management tools that broken
4545 package must be upgraded before the new one.
4546 </p>
4547
4548 <p>
4549 If the breaking package also overwrites some files from the
4550 older package, it should use <tt>Replaces</tt> (not
4551 <tt>Conflicts</tt>) to ensure this goes smoothly.
4552 </p>
4553 </sect>
4554
4555 <sect id="conflicts">
4556 <heading>Conflicting binary packages - <tt>Conflicts</tt></heading>
4557
4558 <p>
4559 When one binary package declares a conflict with another
4560 using a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will
4561 refuse to allow them to be installed on the system at the
4562 same time.
4563 </p>
4564
4565 <p>
4566 If one package is to be installed, the other must be removed
4567 first - if the package being installed is marked as
4568 replacing (see <ref id="replaces">) the one on the system,
4569 or the one on the system is marked as deselected, or both
4570 packages are marked <tt>Essential</tt>, then
4571 <prgn>dpkg</prgn> will automatically remove the package
4572 which is causing the conflict, otherwise it will halt the
4573 installation of the new package with an error. This
4574 mechanism is specifically designed to produce an error when
4575 the installed package is <tt>Essential</tt>, but the new
4576 package is not.
4577 </p>
4578
4579 <p>
4580 A package will not cause a conflict merely because its
4581 configuration files are still installed; it must be at least
4582 "Half-Installed".
4583 </p>
4584
4585 <p>
4586 A special exception is made for packages which declare a
4587 conflict with their own package name, or with a virtual
4588 package which they provide (see below): this does not
4589 prevent their installation, and allows a package to conflict
4590 with others providing a replacement for it. You use this
4591 feature when you want the package in question to be the only
4592 package providing some feature.
4593 </p>
4594
4595 <p>
4596 A <tt>Conflicts</tt> entry should almost never have an
4597 "earlier than" version clause. This would prevent
4598 <prgn>dpkg</prgn> from upgrading or installing the package
4599 which declared such a conflict until the upgrade or removal
4600 of the conflicted-with package had been completed. Instead,
4601 <tt>Breaks</tt> may be used.
4602 </p>
4603 </sect>
4604
4605 <sect id="virtual"><heading>Virtual packages - <tt>Provides</tt>
4606 </heading>
4607
4608 <p>
4609 As well as the names of actual ("concrete") packages, the
4610 package relationship fields <tt>Depends</tt>,
4611 <tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
4612 <tt>Pre-Depends</tt>, <tt>Breaks</tt>, <tt>Conflicts</tt>,
4613 <tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
4614 <tt>Build-Conflicts</tt> and <tt>Build-Conflicts-Indep</tt>
4615 may mention "virtual packages".
4616 </p>
4617
4618 <p>
4619 A <em>virtual package</em> is one which appears in the
4620 <tt>Provides</tt> control file field of another package.
4621 The effect is as if the package(s) which provide a
4622 particular virtual package name had been listed by name
4623 everywhere the virtual package name appears. (See also <ref
4624 id="virtual_pkg">)
4625 </p>
4626
4627 <p>
4628 If there are both concrete and virtual packages of the same
4629 name, then the dependency may be satisfied (or the conflict
4630 caused) by either the concrete package with the name in
4631 question or any other concrete package which provides the
4632 virtual package with the name in question. This is so that,
4633 for example, supposing we have
4634 <example compact="compact">
4635 Package: foo
4636 Depends: bar
4637 </example> and someone else releases an enhanced version of
4638 the <tt>bar</tt> package they can say:
4639 <example compact="compact">
4640 Package: bar-plus
4641 Provides: bar
4642 </example>
4643 and the <tt>bar-plus</tt> package will now also satisfy the
4644 dependency for the <tt>foo</tt> package.
4645 </p>
4646
4647 <p>
4648 If a relationship field has a version number attached
4649 then only real packages will be considered to see whether
4650 the relationship is satisfied (or the prohibition violated,
4651 for a conflict or breakage) - it is assumed that a real
4652 package which provides the virtual package is not of the
4653 "right" version. So, a <tt>Provides</tt> field may not
4654 contain version numbers, and the version number of the
4655 concrete package which provides a particular virtual package
4656 will not be looked at when considering a dependency on or
4657 conflict with the virtual package name.
4658 </p>
4659
4660 <p>
4661 It is likely that the ability will be added in a future
4662 release of <prgn>dpkg</prgn> to specify a version number for
4663 each virtual package it provides. This feature is not yet
4664 present, however, and is expected to be used only
4665 infrequently.
4666 </p>
4667
4668 <p>
4669 If you want to specify which of a set of real packages
4670 should be the default to satisfy a particular dependency on
4671 a virtual package, you should list the real package as an
4672 alternative before the virtual one.
4673 </p>
4674 </sect>
4675
4676
4677 <sect id="replaces"><heading>Overwriting files and replacing
4678 packages - <tt>Replaces</tt></heading>
4679
4680 <p>
4681 Packages can declare in their control file that they should
4682 overwrite files in certain other packages, or completely
4683 replace other packages. The <tt>Replaces</tt> control file
4684 field has these two distinct purposes.
4685 </p>
4686
4687 <sect1><heading>Overwriting files in other packages</heading>
4688
4689 <p>
4690 Firstly, as mentioned before, it is usually an error for a
4691 package to contain files which are on the system in
4692 another package.
4693 </p>
4694
4695 <p>
4696 However, if the overwriting package declares that it
4697 <tt>Replaces</tt> the one containing the file being
4698 overwritten, then <prgn>dpkg</prgn> will replace the file
4699 from the old package with that from the new. The file
4700 will no longer be listed as "owned" by the old package.
4701 </p>
4702
4703 <p>
4704 If a package is completely replaced in this way, so that
4705 <prgn>dpkg</prgn> does not know of any files it still
4706 contains, it is considered to have "disappeared". It will
4707 be marked as not wanted on the system (selected for
4708 removal) and not installed. Any <tt>conffile</tt>s
4709 details noted for the package will be ignored, as they
4710 will have been taken over by the overwriting package. The
4711 package's <prgn>postrm</prgn> script will be run with a
4712 special argument to allow the package to do any final
4713 cleanup required. See <ref id="mscriptsinstact">.
4714 <footnote>
4715 <p>
4716 Replaces is a one way relationship -- you have to
4717 install the replacing package after the replaced
4718 package.
4719 </p>
4720 </footnote>
4721 </p>
4722
4723 <p>
4724 For this usage of <tt>Replaces</tt>, virtual packages (see
4725 <ref id="virtual">) are not considered when looking at a
4726 <tt>Replaces</tt> field - the packages declared as being
4727 replaced must be mentioned by their real names.
4728 </p>
4729
4730 <p>
4731 Furthermore, this usage of <tt>Replaces</tt> only takes
4732 effect when both packages are at least partially on the
4733 system at once, so that it can only happen if they do not
4734 conflict or if the conflict has been overridden.
4735 </p>
4736
4737 </sect1>
4738
4739 <sect1><heading>Replacing whole packages, forcing their
4740 removal</heading>
4741
4742 <p>
4743 Secondly, <tt>Replaces</tt> allows the packaging system to
4744 resolve which package should be removed when there is a
4745 conflict - see <ref id="conflicts">. This usage only
4746 takes effect when the two packages <em>do</em> conflict,
4747 so that the two usages of this field do not interfere with
4748 each other.
4749 </p>
4750
4751 <p>
4752 In this situation, the package declared as being replaced
4753 can be a virtual package, so for example, all mail
4754 transport agents (MTAs) would have the following fields in
4755 their control files:
4756 <example compact="compact">
4757 Provides: mail-transport-agent
4758 Conflicts: mail-transport-agent
4759 Replaces: mail-transport-agent
4760 </example>
4761 ensuring that only one MTA can be installed at any one
4762 time.
4763 </sect1>
4764 </sect>
4765
4766 <sect id="sourcebinarydeps">
4767 <heading>Relationships between source and binary packages -
4768 <tt>Build-Depends</tt>, <tt>Build-Depends-Indep</tt>,
4769 <tt>Build-Conflicts</tt>, <tt>Build-Conflicts-Indep</tt>
4770 </heading>
4771
4772 <p>
4773 Source packages that require certain binary packages to be
4774 installed or absent at the time of building the package
4775 can declare relationships to those binary packages.
4776 </p>
4777
4778 <p>
4779 This is done using the <tt>Build-Depends</tt>,
4780 <tt>Build-Depends-Indep</tt>, <tt>Build-Conflicts</tt> and
4781 <tt>Build-Conflicts-Indep</tt> control file fields.
4782 </p>
4783
4784 <p>
4785 Build-dependencies on "build-essential" binary packages can be
4786 omitted. Please see <ref id="pkg-relations"> for more information.
4787 </p>
4788
4789 <p>
4790 The dependencies and conflicts they define must be satisfied
4791 (as defined earlier for binary packages) in order to invoke
4792 the targets in <tt>debian/rules</tt>, as follows:<footnote>
4793 <p>
4794 If you make "build-arch" or "binary-arch", you need
4795 Build-Depends. If you make "build-indep" or
4796 "binary-indep", you need Build-Depends and
4797 Build-Depends-Indep. If you make "build" or "binary",
4798 you need both.
4799 </p>
4800 <p>
4801 There is no Build-Depends-Arch; this role is essentially
4802 met with Build-Depends. Anyone building the
4803 <tt>build-indep</tt> and binary-indep<tt></tt> targets
4804 is basically assumed to be building the whole package
4805 anyway and so installs all build dependencies. The
4806 autobuilders use <tt>dpkg-buildpackage -B</tt>, which
4807 calls <tt>build</tt> (not <tt>build-arch</tt>, since it
4808 does not yet know how to check for its existence) and
4809 <tt>binary-arch</tt>.
4810 </p>
4811 <p>
4812 The purpose of the original split, I recall, was so that
4813 the autobuilders wouldn't need to install extra packages
4814 needed only for the binary-indep targets. But without a
4815 build-arch/build-indep split, this didn't work, since
4816 most of the work is done in the build target, not in the
4817 binary target.
4818 </p>
4819 </footnote>
4820
4821 <taglist>
4822 <tag><tt>Build-Depends</tt>, <tt>Build-Conflicts</tt></tag>
4823 <item>
4824 The <tt>Build-Depends</tt> and
4825 <tt>Build-Conflicts</tt> fields must be satisfied when
4826 any of the following targets is invoked:
4827 <tt>build</tt>, <tt>clean</tt>, <tt>binary</tt>,
4828 <tt>binary-arch</tt>, <tt>build-arch</tt>,
4829 <tt>build-indep</tt> and <tt>binary-indep</tt>.
4830 </item>
4831 <tag><tt>Build-Depends-Indep</tt>,
4832 <tt>Build-Conflicts-Indep</tt></tag>
4833 <item>
4834 The <tt>Build-Depends-Indep</tt> and
4835 <tt>Build-Conflicts-Indep</tt> fields must be
4836 satisfied when any of the following targets is
4837 invoked: <tt>build</tt>, <tt>build-indep</tt>,
4838 <tt>binary</tt> and <tt>binary-indep</tt>.
4839 </item>
4840 </taglist>
4841 </p>
4842
4843 </sect>
4844
4845 </chapt>
4846
4847
4848 <chapt id="sharedlibs"><heading>Shared libraries</heading>
4849
4850 <p>
4851 Packages containing shared libraries must be constructed with
4852 a little care to make sure that the shared library is always
4853 available. This is especially important for packages whose
4854 shared libraries are vitally important, such as the C library
4855 (currently <tt>libc6</tt>).
4856 </p>
4857
4858 <p>
4859 Packages involving shared libraries should be split up into
4860 several binary packages. This section mostly deals with how
4861 this separation is to be accomplished; rules for files within
4862 the shared library packages are in <ref id="libraries"> instead.
4863 </p>
4864
4865 <sect id="sharedlibs-runtime">
4866 <heading>Run-time shared libraries</heading>
4867
4868 <p>
4869 The run-time shared library needs to be placed in a package
4870 whose name changes whenever the shared object version
4871 changes.<footnote>
4872 <p>
4873 Since it is common place to install several versions of a
4874 package that just provides shared libraries, it is a
4875 good idea that the library package should not
4876 contain any extraneous non-versioned files, unless they
4877 happen to be in versioned directories.</p>
4878 </footnote>
4879 The most common mechanism is to place it in a package
4880 called
4881 <package><var>libraryname</var><var>soversion</var></package>,
4882 where <file><var>soversion</var></file> is the version number
4883 in the soname of the shared library<footnote>
4884 The soname is the shared object name: it's the thing
4885 that has to match exactly between building an executable
4886 and running it for the dynamic linker to be able run the
4887 program. For example, if the soname of the library is
4888 <file>libfoo.so.6</file>, the library package would be
4889 called <file>libfoo6</file>.
4890 </footnote>.
4891 Alternatively, if it would be confusing to directly append
4892 <var>soversion</var> to <var>libraryname</var> (e.g. because
4893 <var>libraryname</var> itself ends in a number), you may use
4894 <package><var>libraryname</var>-<var>soversion</var></package> and
4895 <package><var>libraryname</var>-<var>soversion</var>-dev</package>
4896 instead.
4897 </p>
4898
4899 <p>
4900 If you have several shared libraries built from the same
4901 source tree you may lump them all together into a single
4902 shared library package, provided that you change all of
4903 their sonames at once (so that you don't get filename
4904 clashes if you try to install different versions of the
4905 combined shared libraries package).
4906 </p>
4907
4908 <p>
4909 The package should install the shared libraries under
4910 their normal names. For example, the <package>libgdbm3</package>
4911 package should install <file>libgdbm.so.3.0.0</file> as
4912 <file>/usr/lib/libgdbm.so.3.0.0</file>. The files should not be
4913 renamed or re-linked by any <prgn>prerm</prgn> or
4914 <prgn>postrm</prgn> scripts; <prgn>dpkg</prgn> will take care
4915 of renaming things safely without affecting running programs,
4916 and attempts to interfere with this are likely to lead to
4917 problems.
4918 </p>
4919
4920 <p>
4921 Shared libraries should not be installed executable, since
4922 the dynamic linker does not require this and trying to
4923 execute a shared library usually results in a core dump.
4924 </p>
4925
4926 <p>
4927 The run-time library package should include the symbolic link that
4928 <prgn>ldconfig</prgn> would create for the shared libraries.
4929 For example, the <package>libgdbm3</package> package should include
4930 a symbolic link from <file>/usr/lib/libgdbm.so.3</file> to
4931 <file>libgdbm.so.3.0.0</file>. This is needed so that the dynamic
4932 linker (for example <prgn>ld.so</prgn> or
4933 <prgn>ld-linux.so.*</prgn>) can find the library between the
4934 time that <prgn>dpkg</prgn> installs it and the time that
4935 <prgn>ldconfig</prgn> is run in the <prgn>postinst</prgn>
4936 script.<footnote>
4937 The package management system requires the library to be
4938 placed before the symbolic link pointing to it in the
4939 <file>.deb</file> file. This is so that when
4940 <prgn>dpkg</prgn> comes to install the symlink
4941 (overwriting the previous symlink pointing at an older
4942 version of the library), the new shared library is already
4943 in place. In the past, this was achieved by creating the
4944 library in the temporary packaging directory before
4945 creating the symlink. Unfortunately, this was not always
4946 effective, since the building of the tar file in the
4947 <file>.deb</file> depended on the behavior of the underlying
4948 file system. Some file systems (such as reiserfs) reorder
4949 the files so that the order of creation is forgotten.
4950 Since version 1.7.0, <prgn>dpkg</prgn>
4951 reorders the files itself as necessary when building a
4952 package. Thus it is no longer important to concern
4953 oneself with the order of file creation.
4954 </footnote>
4955 </p>
4956
4957 <sect1 id="ldconfig">
4958 <heading><tt>ldconfig</tt></heading>
4959
4960 <p>
4961 Any package installing shared libraries in one of the default
4962 library directories of the dynamic linker (which are currently
4963 <file>/usr/lib</file> and <file>/lib</file>) or a directory that is
4964 listed in <file>/etc/ld.so.conf</file><footnote>
4965 These are currently
4966 <list compact="compact">
4967 <item>/usr/local/lib</item>
4968 <item>/usr/lib/libc5-compat</item>
4969 <item>/lib/libc5-compat</item>
4970 </list>
4971 </footnote>
4972 must use <prgn>ldconfig</prgn> to update the shared library
4973 system.
4974 </p>
4975
4976 <p>
4977 The package maintainer scripts must only call
4978 <prgn>ldconfig</prgn> under these circumstances:
4979 <list compact="compact">
4980 <item>When the <prgn>postinst</prgn> script is run with a
4981 first argument of <tt>configure</tt>, the script must call
4982 <prgn>ldconfig</prgn>, and may optionally invoke
4983 <prgn>ldconfig</prgn> at other times.
4984 </item>
4985 <item>When the <prgn>postrm</prgn> script is run with a
4986 first argument of <tt>remove</tt>, the script should call
4987 <prgn>ldconfig</prgn>.
4988 </item>
4989 </list>
4990 <footnote>
4991 <p>
4992 During install or upgrade, the preinst is called before
4993 the new files are installed, so calling "ldconfig" is
4994 pointless. The preinst of an existing package can also be
4995 called if an upgrade fails. However, this happens during
4996 the critical time when a shared libs may exist on-disk
4997 under a temporary name. Thus, it is dangerous and
4998 forbidden by current policy to call "ldconfig" at this
4999 time.
5000 </p>
5001
5002 <p>
5003 When a package is installed or upgraded, "postinst
5004 configure" runs after the new files are safely on-disk.
5005 Since it is perfectly safe to invoke ldconfig
5006 unconditionally in a postinst, it is OK for a package to
5007 simply put ldconfig in its postinst without checking the
5008 argument. The postinst can also be called to recover from
5009 a failed upgrade. This happens before any new files are
5010 unpacked, so there is no reason to call "ldconfig" at this
5011 point.
5012 </p>
5013
5014 <p>
5015 For a package that is being removed, prerm is
5016 called with all the files intact, so calling ldconfig is
5017 useless. The other calls to "prerm" happen in the case of
5018 upgrade at a time when all the files of the old package
5019 are on-disk, so again calling "ldconfig" is pointless.
5020 </p>
5021
5022 <p>
5023 postrm, on the other hand, is called with the "remove"
5024 argument just after the files are removed, so this is
5025 the proper time to call "ldconfig" to notify the system
5026 of the fact that the shared libraries from the package
5027 are removed. The postrm can be called at several other
5028 times. At the time of "postrm purge", "postrm
5029 abort-install", or "postrm abort-upgrade", calling
5030 "ldconfig" is useless because the shared lib files are
5031 not on-disk. However, when "postrm" is invoked with
5032 arguments "upgrade", "failed-upgrade", or "disappear", a
5033 shared lib may exist on-disk under a temporary filename.
5034 </p>
5035 </footnote>
5036 </p>
5037 </sect1>
5038
5039 </sect>
5040
5041 <sect id="sharedlibs-support-files">
5042 <heading>Shared library support files</heading>
5043
5044 <p>
5045 If your package contains files whose names do not change with
5046 each change in the library shared object version, you must not
5047 put them in the shared library package. Otherwise, several
5048 versions of the shared library cannot be installed at the same
5049 time without filename clashes, making upgrades and transitions
5050 unnecessarily difficult.
5051 </p>
5052
5053 <p>
5054 It is recommended that supporting files and run-time support
5055 programs that do not need to be invoked manually by users, but
5056 are nevertheless required for the package to function, be placed
5057 (if they are binary) in a subdirectory of <file>/usr/lib</file>,
5058 preferably under <file>/usr/lib/</file><var>package-name</var>.
5059 If the program or file is architecture independent, the
5060 recommendation is for it to be placed in a subdirectory of
5061 <file>/usr/share</file> instead, preferably under
5062 <file>/usr/share/</file><var>package-name</var>. Following the
5063 <var>package-name</var> naming convention ensures that the file
5064 names change when the shared object version changes.
5065 </p>
5066
5067 <p>
5068 Run-time support programs that use the shared library but are
5069 not required for the library to function or files used by the
5070 shared library that can be used by any version of the shared
5071 library package should instead be put in a separate package.
5072 This package might typically be named
5073 <package><var>libraryname</var>-tools</package>; note the
5074 absence of the <var>soversion</var> in the package name.
5075 </p>
5076
5077 <p>
5078 Files and support programs only useful when compiling software
5079 against the library should be included in the development
5080 package for the library.<footnote>
5081 For example, a <file><var>package-name</var>-config</file>
5082 script or <package>pkg-config</package> configuration files.
5083 </footnote>
5084 </p>
5085 </sect>
5086
5087 <sect id="sharedlibs-static">
5088 <heading>Static libraries</heading>
5089
5090 <p>
5091 The static library (<file><var>libraryname.a</var></file>)
5092 is usually provided in addition to the shared version.
5093 It is placed into the development package (see below).
5094 </p>
5095
5096 <p>
5097 In some cases, it is acceptable for a library to be
5098 available in static form only; these cases include:
5099 <list>
5100 <item>libraries for languages whose shared library support
5101 is immature or unstable</item>
5102 <item>libraries whose interfaces are in flux or under
5103 development (commonly the case when the library's
5104 major version number is zero, or where the ABI breaks
5105 across patchlevels)</item>
5106 <item>libraries which are explicitly intended to be
5107 available only in static form by their upstream
5108 author(s)</item>
5109 </list>
5110 </p>
5111
5112 <sect id="sharedlibs-dev">
5113 <heading>Development files</heading>
5114
5115 <p>
5116 The development files associated to a shared library need to be
5117 placed in a package called
5118 <package><var>libraryname</var><var>soversion</var>-dev</package>,
5119 or if you prefer only to support one development version at a
5120 time, <package><var>libraryname</var>-dev</package>.
5121 </p>
5122
5123 <p>
5124 In case several development versions of a library exist, you may
5125 need to use <prgn>dpkg</prgn>'s Conflicts mechanism (see
5126 <ref id="conflicts">) to ensure that the user only installs one
5127 development version at a time (as different development versions are
5128 likely to have the same header files in them, which would cause a
5129 filename clash if both were installed).
5130 </p>
5131
5132 <p>
5133 The development package should contain a symlink for the associated
5134 shared library without a version number. For example, the
5135 <package>libgdbm-dev</package> package should include a symlink
5136 from <file>/usr/lib/libgdbm.so</file> to
5137 <file>libgdbm.so.3.0.0</file>. This symlink is needed by the linker
5138 (<prgn>ld</prgn>) when compiling packages, as it will only look for
5139 <file>libgdbm.so</file> when compiling dynamically.
5140 </p>
5141 </sect>
5142
5143 <sect id="sharedlibs-intradeps">
5144 <heading>Dependencies between the packages of the same library</heading>
5145
5146 <p>
5147 Typically the development version should have an exact
5148 version dependency on the runtime library, to make sure that
5149 compilation and linking happens correctly. The
5150 <tt>${binary:Version}</tt> substitution variable can be
5151 useful for this purpose.
5152 <footnote>
5153 Previously, <tt>${Source-Version}</tt> was used, but its name
5154 was confusing and it has been deprecated since dpkg 1.13.19.
5155 </footnote>
5156 </p>
5157 </sect>
5158
5159 <sect id="sharedlibs-shlibdeps">
5160 <heading>Dependencies between the library and other packages -
5161 the <tt>shlibs</tt> system</heading>
5162
5163 <p>
5164 If a package contains a binary or library which links to a
5165 shared library, we must ensure that when the package is
5166 installed on the system, all of the libraries needed are
5167 also installed. This requirement led to the creation of the
5168 <tt>shlibs</tt> system, which is very simple in its design:
5169 any package which <em>provides</em> a shared library also
5170 provides information on the package dependencies required to
5171 ensure the presence of this library, and any package which
5172 <em>uses</em> a shared library uses this information to
5173 determine the dependencies it requires. The files which
5174 contain the mapping from shared libraries to the necessary
5175 dependency information are called <file>shlibs</file> files.
5176 </p>
5177
5178 <p>
5179 Thus, when a package is built which contains any shared
5180 libraries, it must provide a <file>shlibs</file> file for other
5181 packages to use, and when a package is built which contains
5182 any shared libraries or compiled binaries, it must run
5183 <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>
5184 on these to determine the libraries used and hence the
5185 dependencies needed by this package.<footnote>
5186 <p>
5187 In the past, the shared libraries linked to were
5188 determined by calling <prgn>ldd</prgn>, but now
5189 <prgn>objdump</prgn> is used to do this. The only
5190 change this makes to package building is that
5191 <prgn>dpkg-shlibdeps</prgn> must also be run on shared
5192 libraries, whereas in the past this was unnecessary.
5193 The rest of this footnote explains the advantage that
5194 this method gives.
5195 </p>
5196
5197 <p>
5198 We say that a binary <tt>foo</tt> <em>directly</em> uses
5199 a library <tt>libbar</tt> if it is explicitly linked
5200 with that library (that is, it uses the flag
5201 <tt>-lbar</tt> during the linking stage). Other
5202 libraries that are needed by <tt>libbar</tt> are linked
5203 <em>indirectly</em> to <tt>foo</tt>, and the dynamic
5204 linker will load them automatically when it loads
5205 <tt>libbar</tt>. A package should depend on
5206 the libraries it directly uses, and the dependencies for
5207 those libraries should automatically pull in the other
5208 libraries.
5209 </p>
5210
5211 <p>
5212 Unfortunately, the <prgn>ldd</prgn> program shows both
5213 the directly and indirectly used libraries, meaning that
5214 the dependencies determined included both direct and
5215 indirect dependencies. The use of <prgn>objdump</prgn>
5216 avoids this problem by determining only the directly
5217 used libraries.
5218 </p>
5219
5220 <p>
5221 A good example of where this helps is the following. We
5222 could update <tt>libimlib</tt> with a new version that
5223 supports a new graphics format called dgf (but retaining
5224 the same major version number). If we used the old
5225 <prgn>ldd</prgn> method, every package that uses
5226 <tt>libimlib</tt> would need to be recompiled so it
5227 would also depend on <tt>libdgf</tt> or it wouldn't run
5228 due to missing symbols. However with the new system,
5229 packages using <tt>libimlib</tt> can rely on
5230 <tt>libimlib</tt> itself having the dependency on
5231 <tt>libdgf</tt> and so they would not need rebuilding.
5232 </p>
5233 </footnote>
5234 </p>
5235
5236 <p>
5237 In the following sections, we will first describe where the
5238 various <tt>shlibs</tt> files are to be found, then how to
5239 use <prgn>dpkg-shlibdeps</prgn>, and finally the <tt>shlibs</tt>
5240 file format and how to create them if your package contains a
5241 shared library.
5242 </p>
5243
5244 <sect1>
5245 <heading>The <tt>shlibs</tt> files present on the system</heading>
5246
5247 <p>
5248 There are several places where <tt>shlibs</tt> files are
5249 found. The following list gives them in the order in which
5250 they are read by
5251 <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>.
5252 (The first one which gives the required information is used.)
5253 </p>
5254
5255 <p>
5256 <list>
5257 <item>
5258 <p><file>debian/shlibs.local</file></p>
5259
5260 <p>
5261 This lists overrides for this package. Its use is
5262 described below (see <ref id="shlibslocal">).
5263 </p>
5264 </item>
5265
5266 <item>
5267 <p><file>/etc/dpkg/shlibs.override</file></p>
5268
5269 <p>
5270 This lists global overrides. This list is normally
5271 empty. It is maintained by the local system
5272 administrator.
5273 </p>
5274 </item>
5275
5276 <item>
5277 <p><file>DEBIAN/shlibs</file> files in the "build directory"</p>
5278
5279 <p>
5280 When packages are being built, any
5281 <file>debian/shlibs</file> files are copied into the
5282 control file area of the temporary build directory and
5283 given the name <file>shlibs</file>. These files give
5284 details of any shared libraries included in the
5285 package.<footnote>
5286 An example may help here. Let us say that the
5287 source package <tt>foo</tt> generates two binary
5288 packages, <tt>libfoo2</tt> and
5289 <tt>foo-runtime</tt>. When building the binary
5290 packages, the two packages are created in the
5291 directories <file>debian/libfoo2</file> and
5292 <file>debian/foo-runtime</file> respectively.
5293 (<file>debian/tmp</file> could be used instead of one
5294 of these.) Since <tt>libfoo2</tt> provides the
5295 <tt>libfoo</tt> shared library, it will require a
5296 <tt>shlibs</tt> file, which will be installed in
5297 <file>debian/libfoo2/DEBIAN/shlibs</file>, eventually
5298 to become
5299 <file>/var/lib/dpkg/info/libfoo2.shlibs</file>. Then
5300 when <prgn>dpkg-shlibdeps</prgn> is run on the
5301 executable
5302 <file>debian/foo-runtime/usr/bin/foo-prog</file>, it
5303 will examine the
5304 <file>debian/libfoo2/DEBIAN/shlibs</file> file to
5305 determine whether <tt>foo-prog</tt>'s library
5306 dependencies are satisfied by any of the libraries
5307 provided by <tt>libfoo2</tt>. For this reason,
5308 <prgn>dpkg-shlibdeps</prgn> must only be run once
5309 all of the individual binary packages'
5310 <tt>shlibs</tt> files have been installed into the
5311 build directory.
5312 </footnote>
5313 </p>
5314 </item>
5315
5316 <item>
5317 <p><file>/var/lib/dpkg/info/*.shlibs</file></p>
5318
5319 <p>
5320 These are the <file>shlibs</file> files corresponding to
5321 all of the packages installed on the system, and are
5322 maintained by the relevant package maintainers.
5323 </p>
5324 </item>
5325
5326 <item>
5327 <p><file>/etc/dpkg/shlibs.default</file></p>
5328
5329 <p>
5330 This file lists any shared libraries whose packages
5331 have failed to provide correct <file>shlibs</file> files.
5332 It was used when the <file>shlibs</file> setup was first
5333 introduced, but it is now normally empty. It is
5334 maintained by the <tt>dpkg</tt> maintainer.
5335 </p>
5336 </item>
5337 </list>
5338 </p>
5339 </sect1>
5340
5341 <sect1>
5342 <heading>How to use <prgn>dpkg-shlibdeps</prgn> and the
5343 <file>shlibs</file> files</heading>
5344
5345 <p>
5346 Put a call to
5347 <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>
5348 into your <file>debian/rules</file> file. If your package
5349 contains only compiled binaries and libraries (but no scripts),
5350 you can use a command such as:
5351 <example compact="compact">
5352 dpkg-shlibdeps debian/tmp/usr/bin/* debian/tmp/usr/sbin/* \
5353 debian/tmp/usr/lib/*
5354 </example>
5355 Otherwise, you will need to explicitly list the compiled
5356 binaries and libraries.<footnote>
5357 If you are using <tt>debhelper</tt>, the
5358 <prgn>dh_shlibdeps</prgn> program will do this work for
5359 you. It will also correctly handle multi-binary
5360 packages.
5361 </footnote>
5362 </p>
5363
5364 <p>
5365 This command puts the dependency information into the
5366 <file>debian/substvars</file> file, which is then used by
5367 <prgn>dpkg-gencontrol</prgn>. You will need to place a
5368 <tt>${shlibs:Depends}</tt> variable in the <tt>Depends</tt>
5369 field in the control file for this to work.
5370 </p>
5371
5372 <p>
5373 If <prgn>dpkg-shlibdeps</prgn> doesn't complain, you're
5374 done. If it does complain you might need to create your own
5375 <file>debian/shlibs.local</file> file, as explained below (see
5376 <ref id="shlibslocal">).
5377 </p>
5378
5379 <p>
5380 If you have multiple binary packages, you will need to call
5381 <prgn>dpkg-shlibdeps</prgn> on each one which contains
5382 compiled libraries or binaries. In such a case, you will
5383 need to use the <tt>-T</tt> option to the <tt>dpkg</tt>
5384 utilities to specify a different <file>substvars</file> file.
5385 </p>
5386
5387 <p>
5388 If you are creating a udeb for use in the Debian Installer,
5389 you will need to specify that <prgn>dpkg-shlibdeps</prgn>
5390 should use the dependency line of type <tt>udeb</tt> by
5391 adding the <tt>-tudeb</tt> option<footnote>
5392 <prgn>dh_shlibdeps</prgn> from the <tt>debhelper</tt> suite
5393 will automatically add this option if it knows it is
5394 processing a udeb.
5395 </footnote>. If there is no dependency line of type <tt>udeb</tt>
5396 in the <file>shlibs</file> file, <prgn>dpkg-shlibdeps</prgn> will
5397 fall back to the regular dependency line.
5398 </p>
5399
5400 <p>
5401 For more details on dpkg-shlibdeps, please see
5402 <ref id="pkg-dpkg-shlibdeps"> and
5403 <manref name="dpkg-shlibdeps" section="1">.
5404 </p>
5405 </sect1>
5406
5407 <sect1 id="shlibs">
5408 <heading>The <file>shlibs</file> File Format</heading>
5409
5410 <p>
5411 Each <file>shlibs</file> file has the same format. Lines
5412 beginning with <tt>#</tt> are considered to be comments and
5413 are ignored. Each line is of the form:
5414 <example compact="compact">
5415 [<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
5416 </example>
5417 </p>
5418
5419 <p>
5420 We will explain this by reference to the example of the
5421 <tt>zlib1g</tt> package, which (at the time of writing)
5422 installs the shared library <file>/usr/lib/libz.so.1.1.3</file>.
5423 </p>
5424
5425 <p>
5426 <var>type</var> is an optional element that indicates the type
5427 of package for which the line is valid. The only type currently
5428 in use is <tt>udeb</tt>. The colon and space after the type are
5429 required.
5430 </p>
5431
5432 <p>
5433 <var>library-name</var> is the name of the shared library,
5434 in this case <tt>libz</tt>. (This must match the name part
5435 of the soname, see below.)
5436 </p>
5437
5438 <p>
5439 <var>soname-version</var> is the version part of the soname of
5440 the library. The soname is the thing that must exactly match
5441 for the library to be recognized by the dynamic linker, and is
5442 usually of the form
5443 <tt><var>name</var>.so.<var>major-version</var></tt>, in our
5444 example, <tt>libz.so.1</tt>.<footnote>
5445 This can be determined using the command
5446 <example compact="compact">
5447 objdump -p /usr/lib/libz.so.1.1.3 | grep SONAME
5448 </example>
5449 </footnote>
5450 The version part is the part which comes after
5451 <tt>.so.</tt>, so in our case, it is <tt>1</tt>.
5452 </p>
5453
5454 <p>
5455 <var>dependencies</var> has the same syntax as a dependency
5456 field in a binary package control file. It should give
5457 details of which packages are required to satisfy a binary
5458 built against the version of the library contained in the
5459 package. See <ref id="depsyntax"> for details.
5460 </p>
5461
5462 <p>
5463 In our example, if the first version of the <tt>zlib1g</tt>
5464 package which contained a minor number of at least
5465 <tt>1.3</tt> was <var>1:1.1.3-1</var>, then the
5466 <tt>shlibs</tt> entry for this library could say:
5467 <example compact="compact">
5468 libz 1 zlib1g (>= 1:1.1.3)
5469 </example>
5470 The version-specific dependency is to avoid warnings from
5471 the dynamic linker about using older shared libraries with
5472 newer binaries.
5473 </p>
5474
5475 <p>
5476 As zlib1g also provides a udeb containing the shared library,
5477 there would also be a second line:
5478 <example compact="compact">
5479 udeb: libz 1 zlib1g-udeb (>= 1:1.1.3)
5480 </example>
5481 </p>
5482 </sect1>
5483
5484 <sect1>
5485 <heading>Providing a <file>shlibs</file> file</heading>
5486
5487 <p>
5488 If your package provides a shared library, you need to create
5489 a <file>shlibs</file> file following the format described above.
5490 It is usual to call this file <file>debian/shlibs</file> (but if
5491 you have multiple binary packages, you might want to call it
5492 <file>debian/shlibs.<var>package</var></file> instead). Then
5493 let <file>debian/rules</file> install it in the control area:
5494 <example compact="compact">
5495 install -m644 debian/shlibs debian/tmp/DEBIAN
5496 </example>
5497 or, in the case of a multi-binary package:
5498 <example compact="compact">
5499 install -m644 debian/shlibs.<var>package</var> debian/<var>package</var>/DEBIAN/shlibs
5500 </example>
5501 An alternative way of doing this is to create the
5502 <file>shlibs</file> file in the control area directly from
5503 <file>debian/rules</file> without using a <file>debian/shlibs</file>
5504 file at all,<footnote>
5505 This is what <prgn>dh_makeshlibs</prgn> in the
5506 <tt>debhelper</tt> suite does. If your package also has a udeb
5507 that provides a shared library, <prgn>dh_makeshlibs</prgn> can
5508 automatically generate the <tt>udeb:</tt> lines if you specify
5509 the name of the udeb with the <tt>--add-udeb</tt> option.
5510 </footnote>
5511 since the <file>debian/shlibs</file> file itself is ignored by
5512 <prgn>dpkg-shlibdeps</prgn>.
5513 </p>
5514
5515 <p>
5516 As <prgn>dpkg-shlibdeps</prgn> reads the
5517 <file>DEBIAN/shlibs</file> files in all of the binary packages
5518 being built from this source package, all of the
5519 <file>DEBIAN/shlibs</file> files should be installed before
5520 <prgn>dpkg-shlibdeps</prgn> is called on any of the binary
5521 packages.
5522 </p>
5523 </sect1>
5524
5525 <sect1 id="shlibslocal">
5526 <heading>Writing the <file>debian/shlibs.local</file> file</heading>
5527
5528 <p>
5529 This file is intended only as a <em>temporary</em> fix if
5530 your binaries or libraries depend on a library whose package
5531 does not yet provide a correct <file>shlibs</file> file.
5532 </p>
5533
5534 <p>
5535 We will assume that you are trying to package a binary
5536 <tt>foo</tt>. When you try running
5537 <prgn>dpkg-shlibdeps</prgn> you get the following error
5538 message (<tt>-O</tt> displays the dependency information on
5539 <tt>stdout</tt> instead of writing it to
5540 <tt>debian/substvars</tt>, and the lines have been wrapped
5541 for ease of reading):
5542 <example compact="compact">
5543 $ dpkg-shlibdeps -O debian/tmp/usr/bin/foo
5544 dpkg-shlibdeps: warning: unable to find dependency
5545 information for shared library libbar (soname 1,
5546 path /usr/lib/libbar.so.1, dependency field Depends)
5547 shlibs:Depends=libc6 (>= 2.2.2-2)
5548 </example>
5549 You can then run <prgn>ldd</prgn> on the binary to find the
5550 full location of the library concerned:
5551 <example compact="compact">
5552 $ ldd foo
5553 libbar.so.1 => /usr/lib/libbar.so.1 (0x4001e000)
5554 libc.so.6 => /lib/libc.so.6 (0x40032000)
5555 /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
5556 </example>
5557 So the <prgn>foo</prgn> binary depends on the
5558 <prgn>libbar</prgn> shared library, but no package seems to
5559 provide a <file>*.shlibs</file> file handling
5560 <file>libbar.so.1</file> in <file>/var/lib/dpkg/info/</file>. Let's
5561 determine the package responsible:
5562 <example compact="compact">
5563 $ dpkg -S /usr/lib/libbar.so.1
5564 bar1: /usr/lib/libbar.so.1
5565 $ dpkg -s bar1 | grep Version
5566 Version: 1.0-1
5567 </example>
5568 This tells us that the <tt>bar1</tt> package, version 1.0-1,
5569 is the one we are using. Now we can file a bug against the
5570 <tt>bar1</tt> package and create our own
5571 <file>debian/shlibs.local</file> to locally fix the problem.
5572 Including the following line into your
5573 <file>debian/shlibs.local</file> file:
5574 <example compact="compact">
5575 libbar 1 bar1 (>= 1.0-1)
5576 </example>
5577 should allow the package build to work.
5578 </p>
5579
5580 <p>
5581 As soon as the maintainer of <tt>bar1</tt> provides a
5582 correct <file>shlibs</file> file, you should remove this line
5583 from your <file>debian/shlibs.local</file> file. (You should
5584 probably also then have a versioned <tt>Build-Depends</tt>
5585 on <tt>bar1</tt> to help ensure that others do not have the
5586 same problem building your package.)
5587 </p>
5588 </sect1>
5589
5590 </sect>
5591
5592 </chapt>
5593
5594
5595 <chapt id="opersys"><heading>The Operating System</heading>
5596
5597 <sect>
5598 <heading>File system hierarchy</heading>
5599
5600
5601 <sect1 id="fhs">
5602 <heading>File System Structure</heading>
5603
5604 <p>
5605 The location of all installed files and directories must
5606 comply with the Filesystem Hierarchy Standard (FHS),
5607 version 2.3, with the exceptions noted below, and except
5608 where doing so would violate other terms of Debian
5609 Policy. The following exceptions to the FHS apply:
5610
5611 <enumlist>
5612 <item>
5613 <p>
5614 The optional rules related to user specific
5615 configuration files for applications are stored in
5616 the user's home directory are relaxed. It is
5617 recommended that such files start with the
5618 '<tt>.</tt>' character (a "dot file"), and if an
5619 application needs to create more than one dot file
5620 then the preferred placement is in a subdirectory
5621 with a name starting with a '.' character, (a "dot
5622 directory"). In this case it is recommended the
5623 configuration files not start with the '.'
5624 character.
5625 </p>
5626 </item>
5627 <item>
5628 <p>
5629 The requirement for amd64 to use <file>/lib64</file>
5630 for 64 bit binaries is removed.
5631 </p>
5632 </item>
5633 <item>
5634 <p>
5635 The requirement for object files, internal binaries, and
5636 libraries, including <file>libc.so.*</file>, to be located
5637 directly under <file>/lib{,32}</file> and
5638 <file>/usr/lib{,32}</file> is amended, permitting files
5639 to instead be installed to
5640 <file>/lib/<var>triplet</var></file> and
5641 <file>/usr/lib/<var>triplet</var></file>, where
5642 <tt><var>triplet</var></tt> is the value returned by
5643 <tt>dpkg-architecture -qDEB_HOST_GNU_TYPE</tt> for the
5644 architecture of the package. Packages may <em>not</em>
5645 install files to any <var>triplet</var> path other
5646 than the one matching the architecture of that package;
5647 for instance, an <tt>Architecture: amd64</tt> package
5648 containing 32-bit x86 libraries may not install these
5649 libraries to <file>/usr/lib/i486-linux-gnu</file>.
5650 <footnote>
5651 This is necessary in order to reserve the directories for
5652 use in cross-installation of library packages from other
5653 architectures, as part of the planned deployment of
5654 <tt>multiarch</tt>.
5655 </footnote>
5656 </p>
5657 <p>
5658 Applications may also use a single subdirectory under
5659 <file>/usr/lib/<var>triplet</var></file>.
5660 </p>
5661 <p>
5662 The execution time linker/loader, ld*, must still be made
5663 available in the existing location under /lib or /lib64
5664 since this is part of the ELF ABI for the architecture.
5665 </p>
5666 </item>
5667 <item>
5668 <p>
5669 The requirement that
5670 <file>/usr/local/share/man</file> be "synonymous"
5671 with <file>/usr/local/man</file> is relaxed to a
5672 recommendation</p>
5673 </item>
5674 <item>
5675 <p>
5676 The requirement that windowmanagers with a single
5677 configuration file call it <file>system.*wmrc</file>
5678 is removed, as is the restriction that the window
5679 manager subdirectory be named identically to the
5680 window manager name itself.
5681 </p>
5682 </item>
5683 <item>
5684 <p>
5685 The requirement that boot manager configuration
5686 files live in <file>/etc</file>, or at least are
5687 symlinked there, is relaxed to a recommendation.
5688 </p>
5689 </item>
5690 <item>
5691 <p>
5692 The following directories in the root filesystem are
5693 additionally allowed: <file>/sys</file> and
5694 <file>/selinux</file>. <footnote>These directories
5695 are used as mount points to mount virtual filesystems
5696 to get access to kernel information.</footnote>
5697 </p>
5698 </item>
5699 </enumlist>
5700
5701 </p>
5702 <p>
5703 The version of this document referred here can be
5704 found in the <tt>debian-policy</tt> package or on <url
5705 id="http://www.debian.org/doc/packaging-manuals/fhs/"
5706 name="FHS (Debian copy)"> alongside this manual (or, if
5707 you have the <package>debian-policy</package> installed,
5708 you can try <url
5709 id="file:///usr/share/doc/debian-policy/fhs/" name="FHS
5710 (local copy)">). The
5711 latest version, which may be a more recent version, may
5712 be found on
5713 <url id="http://www.pathname.com/fhs/" name="FHS (upstream)">.
5714 Specific questions about following the standard may be
5715 asked on the <tt>debian-devel</tt> mailing list, or
5716 referred to the FHS mailing list (see the
5717 <url id="http://www.pathname.com/fhs/" name="FHS web site"> for
5718 more information).
5719 </p>
5720 </sect1>
5721
5722 <sect1>
5723 <heading>Site-specific programs</heading>
5724
5725 <p>
5726 As mandated by the FHS, packages must not place any
5727 files in <file>/usr/local</file>, either by putting them in
5728 the file system archive to be unpacked by <prgn>dpkg</prgn>
5729 or by manipulating them in their maintainer scripts.
5730 </p>
5731
5732 <p>
5733 However, the package may create empty directories below
5734 <file>/usr/local</file> so that the system administrator knows
5735 where to place site-specific files. These are not
5736 directories <em>in</em> <file>/usr/local</file>, but are
5737 children of directories in <file>/usr/local</file>. These
5738 directories (<file>/usr/local/*/dir/</file>)
5739 should be removed on package removal if they are
5740 empty.
5741 </p>
5742
5743 <p>
5744 Note that this applies only to
5745 directories <em>below</em> <file>/usr/local</file>,
5746 not <em>in</em> <file>/usr/local</file>. Packages must
5747 not create sub-directories in the
5748 directory <file>/usr/local</file> itself, except those
5749 listed in FHS, section 4.5. However, you may create
5750 directories below them as you wish. You must not remove
5751 any of the directories listed in 4.5, even if you created
5752 them.
5753 </p>
5754
5755 <p>
5756 Since <file>/usr/local</file> can be mounted read-only from a
5757 remote server, these directories must be created and
5758 removed by the <prgn>postinst</prgn> and <prgn>prerm</prgn>
5759 maintainer scripts and not be included in the
5760 <file>.deb</file> archive. These scripts must not fail if
5761 either of these operations fail.
5762 </p>
5763
5764 <p>
5765 For example, the <tt>emacsen-common</tt> package could
5766 contain something like
5767 <example compact="compact">
5768 if [ ! -e /usr/local/share/emacs ]
5769 then
5770 if mkdir /usr/local/share/emacs 2>/dev/null
5771 then
5772 chown root:staff /usr/local/share/emacs
5773 chmod 2775 /usr/local/share/emacs
5774 fi
5775 fi
5776 </example>
5777 in its <prgn>postinst</prgn> script, and
5778 <example compact="compact">
5779 rmdir /usr/local/share/emacs/site-lisp 2>/dev/null || true
5780 rmdir /usr/local/share/emacs 2>/dev/null || true
5781 </example>
5782 in the <prgn>prerm</prgn> script. (Note that this form is
5783 used to ensure that if the script is interrupted, the
5784 directory <file>/usr/local/share/emacs</file> will still be
5785 removed.)
5786 </p>
5787
5788 <p>
5789 If you do create a directory in <file>/usr/local</file> for
5790 local additions to a package, you should ensure that
5791 settings in <file>/usr/local</file> take precedence over the
5792 equivalents in <file>/usr</file>.
5793 </p>
5794
5795 <p>
5796 However, because <file>/usr/local</file> and its contents are
5797 for exclusive use of the local administrator, a package
5798 must not rely on the presence or absence of files or
5799 directories in <file>/usr/local</file> for normal operation.
5800 </p>
5801
5802 <p>
5803 The <file>/usr/local</file> directory itself and all the
5804 subdirectories created by the package should (by default) have
5805 permissions 2775 (group-writable and set-group-id) and be
5806 owned by <tt>root:staff</tt>.
5807 </p>
5808 </sect1>
5809
5810 <sect1>
5811 <heading>The system-wide mail directory</heading>
5812 <p>
5813 The system-wide mail directory
5814 is <file>/var/mail</file>. This directory is part of the
5815 base system and should not be owned by any particular mail
5816 agents. The use of the old
5817 location <file>/var/spool/mail</file> is deprecated, even
5818 though the spool may still be physically located there.
5819 </p>
5820 </sect1>
5821 </sect>
5822
5823 <sect>
5824 <heading>Users and groups</heading>
5825
5826 <sect1>
5827 <heading>Introduction</heading>
5828 <p>
5829 The Debian system can be configured to use either plain or
5830 shadow passwords.
5831 </p>
5832
5833 <p>
5834 Some user ids (UIDs) and group ids (GIDs) are reserved
5835 globally for use by certain packages. Because some
5836 packages need to include files which are owned by these
5837 users or groups, or need the ids compiled into binaries,
5838 these ids must be used on any Debian system only for the
5839 purpose for which they are allocated. This is a serious
5840 restriction, and we should avoid getting in the way of
5841 local administration policies. In particular, many sites
5842 allocate users and/or local system groups starting at 100.
5843 </p>
5844
5845 <p>
5846 Apart from this we should have dynamically allocated ids,
5847 which should by default be arranged in some sensible
5848 order, but the behavior should be configurable.
5849 </p>
5850
5851 <p>
5852 Packages other than <tt>base-passwd</tt> must not modify
5853 <file>/etc/passwd</file>, <file>/etc/shadow</file>,
5854 <file>/etc/group</file> or <file>/etc/gshadow</file>.
5855 </p>
5856 </sect1>
5857
5858 <sect1>
5859 <heading>UID and GID classes</heading>
5860 <p>
5861 The UID and GID numbers are divided into classes as
5862 follows:
5863 <taglist>
5864 <tag>0-99:</tag>
5865 <item>
5866 <p>
5867 Globally allocated by the Debian project, the same
5868 on every Debian system. These ids will appear in
5869 the <file>passwd</file> and <file>group</file> files of all
5870 Debian systems, new ids in this range being added
5871 automatically as the <tt>base-passwd</tt> package is
5872 updated.
5873 </p>
5874
5875 <p>
5876 Packages which need a single statically allocated
5877 uid or gid should use one of these; their
5878 maintainers should ask the <tt>base-passwd</tt>
5879 maintainer for ids.
5880 </p>
5881 </item>
5882
5883 <tag>100-999:</tag>
5884 <item>
5885 <p>
5886 Dynamically allocated system users and groups.
5887 Packages which need a user or group, but can have
5888 this user or group allocated dynamically and
5889 differently on each system, should use <tt>adduser
5890 --system</tt> to create the group and/or user.
5891 <prgn>adduser</prgn> will check for the existence of
5892 the user or group, and if necessary choose an unused
5893 id based on the ranges specified in
5894 <file>adduser.conf</file>.
5895 </p>
5896 </item>
5897
5898 <tag>1000-29999:</tag>
5899 <item>
5900 <p>
5901 Dynamically allocated user accounts. By default
5902 <prgn>adduser</prgn> will choose UIDs and GIDs for
5903 user accounts in this range, though
5904 <file>adduser.conf</file> may be used to modify this
5905 behavior.
5906 </p>
5907 </item>
5908
5909 <tag>30000-59999:</tag>
5910 <item>
5911 <p>Reserved.</p>
5912 </item>
5913
5914 <tag>60000-64999:</tag>
5915 <item>
5916 <p>
5917 Globally allocated by the Debian project, but only
5918 created on demand. The ids are allocated centrally
5919 and statically, but the actual accounts are only
5920 created on users' systems on demand.
5921 </p>
5922
5923 <p>
5924 These ids are for packages which are obscure or
5925 which require many statically-allocated ids. These
5926 packages should check for and create the accounts in
5927 <file>/etc/passwd</file> or <file>/etc/group</file> (using
5928 <prgn>adduser</prgn> if it has this facility) if
5929 necessary. Packages which are likely to require
5930 further allocations should have a "hole" left after
5931 them in the allocation, to give them room to
5932 grow.
5933 </p>
5934 </item>
5935
5936 <tag>65000-65533:</tag>
5937 <item>
5938 <p>Reserved.</p>
5939 </item>
5940
5941 <tag>65534:</tag>
5942 <item>
5943 <p>
5944 User <tt>nobody</tt>. The corresponding gid refers
5945 to the group <tt>nogroup</tt>.
5946 </p>
5947 </item>
5948
5949 <tag>65535:</tag>
5950 <item>
5951 <p>
5952 <tt>(uid_t)(-1) == (gid_t)(-1)</tt> <em>must
5953 not</em> be used, because it is the error return
5954 sentinel value.
5955 </p>
5956 </item>
5957 </taglist>
5958 </p>
5959 </sect1>
5960 </sect>
5961
5962 <sect id="sysvinit">
5963 <heading>System run levels and <file>init.d</file> scripts</heading>
5964
5965 <sect1 id="/etc/init.d">
5966 <heading>Introduction</heading>
5967
5968 <p>
5969 The <file>/etc/init.d</file> directory contains the scripts
5970 executed by <prgn>init</prgn> at boot time and when the
5971 init state (or "runlevel") is changed (see <manref
5972 name="init" section="8">).
5973 </p>
5974
5975 <p>
5976 There are at least two different, yet functionally
5977 equivalent, ways of handling these scripts. For the sake
5978 of simplicity, this document describes only the symbolic
5979 link method. However, it must not be assumed by maintainer
5980 scripts that this method is being used, and any automated
5981 manipulation of the various runlevel behaviors by
5982 maintainer scripts must be performed using
5983 <prgn>update-rc.d</prgn> as described below and not by
5984 manually installing or removing symlinks. For information
5985 on the implementation details of the other method,
5986 implemented in the <tt>file-rc</tt> package, please refer
5987 to the documentation of that package.
5988 </p>
5989
5990 <p>
5991 These scripts are referenced by symbolic links in the
5992 <file>/etc/rc<var>n</var>.d</file> directories. When changing
5993 runlevels, <prgn>init</prgn> looks in the directory
5994 <file>/etc/rc<var>n</var>.d</file> for the scripts it should
5995 execute, where <tt><var>n</var></tt> is the runlevel that
5996 is being changed to, or <tt>S</tt> for the boot-up
5997 scripts.
5998 </p>
5999
6000 <p>
6001 The names of the links all have the form
6002 <file>S<var>mm</var><var>script</var></file> or
6003 <file>K<var>mm</var><var>script</var></file> where
6004 <var>mm</var> is a two-digit number and <var>script</var>
6005 is the name of the script (this should be the same as the
6006 name of the actual script in <file>/etc/init.d</file>).
6007 </p>
6008
6009 <p>
6010 When <prgn>init</prgn> changes runlevel first the targets
6011 of the links whose names start with a <tt>K</tt> are
6012 executed, each with the single argument <tt>stop</tt>,
6013 followed by the scripts prefixed with an <tt>S</tt>, each
6014 with the single argument <tt>start</tt>. (The links are
6015 those in the <file>/etc/rc<var>n</var>.d</file> directory
6016 corresponding to the new runlevel.) The <tt>K</tt> links
6017 are responsible for killing services and the <tt>S</tt>
6018 link for starting services upon entering the runlevel.
6019 </p>
6020
6021 <p>
6022 For example, if we are changing from runlevel 2 to
6023 runlevel 3, init will first execute all of the <tt>K</tt>
6024 prefixed scripts it finds in <file>/etc/rc3.d</file>, and then
6025 all of the <tt>S</tt> prefixed scripts in that directory.
6026 The links starting with <tt>K</tt> will cause the
6027 referred-to file to be executed with an argument of
6028 <tt>stop</tt>, and the <tt>S</tt> links with an argument
6029 of <tt>start</tt>.
6030 </p>
6031
6032 <p>
6033 The two-digit number <var>mm</var> is used to determine
6034 the order in which to run the scripts: low-numbered links
6035 have their scripts run first. For example, the
6036 <tt>K20</tt> scripts will be executed before the
6037 <tt>K30</tt> scripts. This is used when a certain service
6038 must be started before another. For example, the name
6039 server <prgn>bind</prgn> might need to be started before
6040 the news server <prgn>inn</prgn> so that <prgn>inn</prgn>
6041 can set up its access lists. In this case, the script
6042 that starts <prgn>bind</prgn> would have a lower number
6043 than the script that starts <prgn>inn</prgn> so that it
6044 runs first:
6045 <example compact="compact">
6046 /etc/rc2.d/S17bind
6047 /etc/rc2.d/S70inn
6048 </example>
6049 </p>
6050
6051 <p>
6052 The two runlevels 0 (halt) and 6 (reboot) are slightly
6053 different. In these runlevels, the links with an
6054 <tt>S</tt> prefix are still called after those with a
6055 <tt>K</tt> prefix, but they too are called with the single
6056 argument <tt>stop</tt>.
6057 </p>
6058 </sect1>
6059
6060 <sect1>
6061 <heading>Writing the scripts</heading>
6062
6063 <p>
6064 Packages that include daemons for system services should
6065 place scripts in <file>/etc/init.d</file> to start or stop
6066 services at boot time or during a change of runlevel.
6067 These scripts should be named
6068 <file>/etc/init.d/<var>package</var></file>, and they should
6069 accept one argument, saying what to do:
6070
6071 <taglist>
6072 <tag><tt>start</tt></tag>
6073 <item>start the service,</item>
6074
6075 <tag><tt>stop</tt></tag>
6076 <item>stop the service,</item>
6077
6078 <tag><tt>restart</tt></tag>
6079 <item>stop and restart the service if it's already running,
6080 otherwise start the service</item>
6081
6082 <tag><tt>reload</tt></tag>
6083 <item><p>cause the configuration of the service to be
6084 reloaded without actually stopping and restarting
6085 the service,</item>
6086
6087 <tag><tt>force-reload</tt></tag>
6088 <item>cause the configuration to be reloaded if the
6089 service supports this, otherwise restart the
6090 service.</item>
6091 </taglist>
6092
6093 The <tt>start</tt>, <tt>stop</tt>, <tt>restart</tt>, and
6094 <tt>force-reload</tt> options should be supported by all
6095 scripts in <file>/etc/init.d</file>, the <tt>reload</tt>
6096 option is optional.
6097 </p>
6098
6099 <p>
6100 The <file>init.d</file> scripts must ensure that they will
6101 behave sensibly (i.e., returning success and not starting
6102 multiple copies of a service) if invoked with <tt>start</tt>
6103 when the service is already running, or with <tt>stop</tt>
6104 when it isn't, and that they don't kill unfortunately-named
6105 user processes. The best way to achieve this is usually to
6106 use <prgn>start-stop-daemon</prgn> with the <tt>--oknodo</tt>
6107 option.
6108 </p>
6109
6110 <p>
6111 If a service reloads its configuration automatically (as
6112 in the case of <prgn>cron</prgn>, for example), the
6113 <tt>reload</tt> option of the <file>init.d</file> script
6114 should behave as if the configuration has been reloaded
6115 successfully.
6116 </p>
6117
6118 <p>
6119 The <file>/etc/init.d</file> scripts must be treated as
6120 configuration files, either (if they are present in the
6121 package, that is, in the .deb file) by marking them as
6122 <tt>conffile</tt>s, or, (if they do not exist in the .deb)
6123 by managing them correctly in the maintainer scripts (see
6124 <ref id="config-files">). This is important since we want
6125 to give the local system administrator the chance to adapt
6126 the scripts to the local system, e.g., to disable a
6127 service without de-installing the package, or to specify
6128 some special command line options when starting a service,
6129 while making sure their changes aren't lost during the next
6130 package upgrade.
6131 </p>
6132
6133 <p>
6134 These scripts should not fail obscurely when the
6135 configuration files remain but the package has been
6136 removed, as configuration files remain on the system after
6137 the package has been removed. Only when <prgn>dpkg</prgn>
6138 is executed with the <tt>--purge</tt> option will
6139 configuration files be removed. In particular, as the
6140 <file>/etc/init.d/<var>package</var></file> script itself is
6141 usually a <tt>conffile</tt>, it will remain on the system
6142 if the package is removed but not purged. Therefore, you
6143 should include a <tt>test</tt> statement at the top of the
6144 script, like this:
6145 <example compact="compact">
6146 test -f <var>program-executed-later-in-script</var> || exit 0
6147 </example>
6148 </p>
6149
6150 <p>
6151 Often there are some variables in the <file>init.d</file>
6152 scripts whose values control the behavior of the scripts,
6153 and which a system administrator is likely to want to
6154 change. As the scripts themselves are frequently
6155 <tt>conffile</tt>s, modifying them requires that the
6156 administrator merge in their changes each time the package
6157 is upgraded and the <tt>conffile</tt> changes. To ease
6158 the burden on the system administrator, such configurable
6159 values should not be placed directly in the script.
6160 Instead, they should be placed in a file in
6161 <file>/etc/default</file>, which typically will have the same
6162 base name as the <file>init.d</file> script. This extra file
6163 should be sourced by the script when the script runs. It
6164 must contain only variable settings and comments in SUSv3
6165 <prgn>sh</prgn> format. It may either be a
6166 <tt>conffile</tt> or a configuration file maintained by
6167 the package maintainer scripts. See <ref id="config-files">
6168 for more details.
6169 </p>
6170
6171 <p>
6172 To ensure that vital configurable values are always
6173 available, the <file>init.d</file> script should set default
6174 values for each of the shell variables it uses, either
6175 before sourcing the <file>/etc/default/</file> file or
6176 afterwards using something like the <tt>:
6177 ${VAR:=default}</tt> syntax. Also, the <file>init.d</file>
6178 script must behave sensibly and not fail if the
6179 <file>/etc/default</file> file is deleted.
6180 </p>
6181
6182 <p>
6183 <file>/var/run</file> and <file>/var/lock</file> may be mounted
6184 as temporary filesystems<footnote>
6185 For example, using the <tt>RAMRUN</tt> and <tt>RAMLOCK</tt>
6186 options in <file>/etc/default/rcS</file>.
6187 </footnote>, so the <file>init.d</file> scripts must handle this
6188 correctly. This will typically amount to creating any required
6189 subdirectories dynamically when the <file>init.d</file> script
6190 is run, rather than including them in the package and relying on
6191 <prgn>dpkg</prgn> to create them.
6192 </p>
6193 </sect1>
6194
6195 <sect1>
6196 <heading>Interfacing with the initscript system</heading>
6197
6198 <p>
6199 Maintainers should use the abstraction layer provided by
6200 the <prgn>update-rc.d</prgn> and <prgn>invoke-rc.d</prgn>
6201 programs to deal with initscripts in their packages'
6202 scripts such as <prgn>postinst</prgn>, <prgn>prerm</prgn>
6203 and <prgn>postrm</prgn>.
6204 </p>
6205
6206 <p>
6207 Directly managing the /etc/rc?.d links and directly
6208 invoking the <file>/etc/init.d/</file> initscripts should
6209 be done only by packages providing the initscript
6210 subsystem (such as <prgn>sysv-rc</prgn> and
6211 <prgn>file-rc</prgn>).
6212 </p>
6213
6214 <sect2>
6215 <heading>Managing the links</heading>
6216
6217 <p>
6218 The program <prgn>update-rc.d</prgn> is provided for
6219 package maintainers to arrange for the proper creation and
6220 removal of <file>/etc/rc<var>n</var>.d</file> symbolic links,
6221 or their functional equivalent if another method is being
6222 used. This may be used by maintainers in their packages'
6223 <prgn>postinst</prgn> and <prgn>postrm</prgn> scripts.
6224 </p>
6225
6226 <p>
6227 You must not include any <file>/etc/rc<var>n</var>.d</file>
6228 symbolic links in the actual archive or manually create or
6229 remove the symbolic links in maintainer scripts; you must
6230 use the <prgn>update-rc.d</prgn> program instead. (The
6231 former will fail if an alternative method of maintaining
6232 runlevel information is being used.) You must not include
6233 the <file>/etc/rc<var>n</var>.d</file> directories themselves
6234 in the archive either. (Only the <tt>sysvinit</tt>
6235 package may do so.)
6236 </p>
6237
6238 <p>
6239 By default <prgn>update-rc.d</prgn> will start services in
6240 each of the multi-user state runlevels (2, 3, 4, and 5)
6241 and stop them in the halt runlevel (0), the single-user
6242 runlevel (1) and the reboot runlevel (6). The system
6243 administrator will have the opportunity to customize
6244 runlevels by simply adding, moving, or removing the
6245 symbolic links in <file>/etc/rc<var>n</var>.d</file> if
6246 symbolic links are being used, or by modifying
6247 <file>/etc/runlevel.conf</file> if the <tt>file-rc</tt> method
6248 is being used.
6249 </p>
6250
6251 <p>
6252 To get the default behavior for your package, put in your
6253 <prgn>postinst</prgn> script
6254 <example compact="compact">
6255 update-rc.d <var>package</var> defaults
6256 </example>
6257 and in your <prgn>postrm</prgn>
6258 <example compact="compact">
6259 if [ "$1" = purge ]; then
6260 update-rc.d <var>package</var> remove
6261 fi
6262 </example>. Note that if your package changes runlevels
6263 or priority, you may have to remove and recreate the links,
6264 since otherwise the old links may persist. Refer to the
6265 documentation of <prgn>update-rc.d</prgn>.
6266 </p>
6267
6268 <p>
6269 This will use a default sequence number of 20. If it does
6270 not matter when or in which order the <file>init.d</file>
6271 script is run, use this default. If it does, then you
6272 should talk to the maintainer of the <prgn>sysvinit</prgn>
6273 package or post to <tt>debian-devel</tt>, and they will
6274 help you choose a number.
6275 </p>
6276
6277 <p>
6278 For more information about using <tt>update-rc.d</tt>,
6279 please consult its man page <manref name="update-rc.d"
6280 section="8">.
6281 </p>
6282 </sect2>
6283
6284 <sect2>
6285 <heading>Running initscripts</heading>
6286 <p>
6287 The program <prgn>invoke-rc.d</prgn> is provided to make
6288 it easier for package maintainers to properly invoke an
6289 initscript, obeying runlevel and other locally-defined
6290 constraints that might limit a package's right to start,
6291 stop and otherwise manage services. This program may be
6292 used by maintainers in their packages' scripts.
6293 </p>
6294
6295 <p>
6296 The package maintainer scripts must use
6297 <prgn>invoke-rc.d</prgn> to invoke the
6298 <file>/etc/init.d/*</file> initscripts, instead of
6299 calling them directly.
6300 </p>
6301
6302 <p>
6303 By default, <prgn>invoke-rc.d</prgn> will pass any
6304 action requests (start, stop, reload, restart...) to the
6305 <file>/etc/init.d</file> script, filtering out requests
6306 to start or restart a service out of its intended
6307 runlevels.
6308 </p>
6309
6310 <p>
6311 Most packages will simply need to change:
6312 <example compact="compact">/etc/init.d/&lt;package&gt;
6313 &lt;action&gt;</example> in their <prgn>postinst</prgn>
6314 and <prgn>prerm</prgn> scripts to:
6315 <example compact="compact">
6316 if which invoke-rc.d >/dev/null 2>&1; then
6317 invoke-rc.d <var>package</var> &lt;action&gt;
6318 else
6319 /etc/init.d/<var>package</var> &lt;action&gt;
6320 fi
6321 </example>
6322 </p>
6323
6324 <p>
6325 A package should register its initscript services using
6326 <prgn>update-rc.d</prgn> before it tries to invoke them
6327 using <prgn>invoke-rc.d</prgn>. Invocation of
6328 unregistered services may fail.
6329 </p>
6330
6331 <p>
6332 For more information about using
6333 <prgn>invoke-rc.d</prgn>, please consult its man page
6334 <manref name="invoke-rc.d" section="8">.
6335 </p>
6336 </sect2>
6337 </sect1>
6338
6339 <sect1>
6340 <heading>Boot-time initialization</heading>
6341
6342 <p>
6343 There used to be another directory, <file>/etc/rc.boot</file>,
6344 which contained scripts which were run once per machine
6345 boot. This has been deprecated in favour of links from
6346 <file>/etc/rcS.d</file> to files in <file>/etc/init.d</file> as
6347 described in <ref id="/etc/init.d">. Packages must not
6348 place files in <file>/etc/rc.boot</file>.
6349 </p>
6350 </sect1>
6351
6352 <sect1>
6353 <heading>Example</heading>
6354
6355 <p>
6356 An example on which you can base your
6357 <file>/etc/init.d</file> scripts is found in
6358 <file>/etc/init.d/skeleton</file>.
6359 </p>
6360
6361 </sect1>
6362 </sect>
6363
6364 <sect>
6365 <heading>Console messages from <file>init.d</file> scripts</heading>
6366
6367 <p>
6368 This section describes the formats to be used for messages
6369 written to standard output by the <file>/etc/init.d</file>
6370 scripts. The intent is to improve the consistency of
6371 Debian's startup and shutdown look and feel. For this
6372 reason, please look very carefully at the details. We want
6373 the messages to have the same format in terms of wording,
6374 spaces, punctuation and case of letters.
6375 </p>
6376
6377 <p>
6378 Here is a list of overall rules that should be used for
6379 messages generated by <file>/etc/init.d</file> scripts.
6380 </p>
6381
6382 <p>
6383 <list>
6384 <item>
6385 The message should fit in one line (fewer than 80
6386 characters), start with a capital letter and end with
6387 a period (<tt>.</tt>) and line feed (<tt>"\n"</tt>).
6388 </item>
6389
6390 <item>
6391 If the script is performing some time consuming task in
6392 the background (not merely starting or stopping a
6393 program, for instance), an ellipsis (three dots:
6394 <tt>...</tt>) should be output to the screen, with no
6395 leading or tailing whitespace or line feeds.
6396 </item>
6397
6398 <item>
6399 The messages should appear as if the computer is telling
6400 the user what it is doing (politely :-), but should not
6401 mention "it" directly. For example, instead of:
6402 <example compact="compact">
6403 I'm starting network daemons: nfsd mountd.
6404 </example>
6405 the message should say
6406 <example compact="compact">
6407 Starting network daemons: nfsd mountd.
6408 </example>
6409 </item>
6410 </list>
6411 </p>
6412
6413 <p>
6414 <tt>init.d</tt> script should use the following standard
6415 message formats for the situations enumerated below.
6416 </p>
6417
6418 <p>
6419 <list>
6420 <item>
6421 <p>When daemons are started</p>
6422
6423 <p>
6424 If the script starts one or more daemons, the output
6425 should look like this (a single line, no leading
6426 spaces):
6427 <example compact="compact">
6428 Starting <var>description</var>: <var>daemon-1</var> ... <var>daemon-n</var>.
6429 </example>
6430 The <var>description</var> should describe the
6431 subsystem the daemon or set of daemons are part of,
6432 while <var>daemon-1</var> up to <var>daemon-n</var>
6433 denote each daemon's name (typically the file name of
6434 the program).
6435 </p>
6436
6437 <p>
6438 For example, the output of <file>/etc/init.d/lpd</file>
6439 would look like:
6440 <example compact="compact">
6441 Starting printer spooler: lpd.
6442 </example>
6443 </p>
6444
6445 <p>
6446 This can be achieved by saying
6447 <example compact="compact">
6448 echo -n "Starting printer spooler: lpd"
6449 start-stop-daemon --start --quiet --exec /usr/sbin/lpd
6450 echo "."
6451 </example>
6452 in the script. If there are more than one daemon to
6453 start, the output should look like this:
6454 <example compact="compact">
6455 echo -n "Starting remote file system services:"
6456 echo -n " nfsd"; start-stop-daemon --start --quiet nfsd
6457 echo -n " mountd"; start-stop-daemon --start --quiet mountd
6458 echo -n " ugidd"; start-stop-daemon --start --quiet ugidd
6459 echo "."
6460 </example>
6461 This makes it possible for the user to see what is
6462 happening and when the final daemon has been started.
6463 Care should be taken in the placement of white spaces:
6464 in the example above the system administrators can
6465 easily comment out a line if they don't want to start
6466 a specific daemon, while the displayed message still
6467 looks good.
6468 </p>
6469 </item>
6470
6471 <item>
6472 <p>When a system parameter is being set</p>
6473
6474 <p>
6475 If you have to set up different system parameters
6476 during the system boot, you should use this format:
6477 <example compact="compact">
6478 Setting <var>parameter</var> to "<var>value</var>".
6479 </example>
6480 </p>
6481
6482 <p>
6483 You can use a statement such as the following to get
6484 the quotes right:
6485 <example compact="compact">
6486 echo "Setting DNS domainname to \"$domainname\"."
6487 </example>
6488 </p>
6489
6490 <p>
6491 Note that the same symbol (<tt>"</tt>) <!-- " --> is used
6492 for the left and right quotation marks. A grave accent
6493 (<tt>`</tt>) is not a quote character; neither is an
6494 apostrophe (<tt>'</tt>).
6495 </p>
6496 </item>
6497
6498 <item>
6499 <p>When a daemon is stopped or restarted</p>
6500
6501 <p>
6502 When you stop or restart a daemon, you should issue a
6503 message identical to the startup message, except that
6504 <tt>Starting</tt> is replaced with <tt>Stopping</tt>
6505 or <tt>Restarting</tt> respectively.
6506 </p>
6507
6508 <p>
6509 For example, stopping the printer daemon will look like
6510 this:
6511 <example compact="compact">
6512 Stopping printer spooler: lpd.
6513 </example>
6514 </p>
6515 </item>
6516
6517 <item>
6518 <p>When something is executed</p>
6519
6520 <p>
6521 There are several examples where you have to run a
6522 program at system startup or shutdown to perform a
6523 specific task, for example, setting the system's clock
6524 using <prgn>netdate</prgn> or killing all processes
6525 when the system shuts down. Your message should look
6526 like this:
6527 <example compact="compact">
6528 Doing something very useful...done.
6529 </example>
6530 You should print the <tt>done.</tt> immediately after
6531 the job has been completed, so that the user is
6532 informed why they have to wait. You can get this
6533 behavior by saying
6534 <example compact="compact">
6535 echo -n "Doing something very useful..."
6536 do_something
6537 echo "done."
6538 </example>
6539 in your script.
6540 </p>
6541 </item>
6542
6543 <item>
6544 <p>When the configuration is reloaded</p>
6545
6546 <p>
6547 When a daemon is forced to reload its configuration
6548 files you should use the following format:
6549 <example compact="compact">
6550 Reloading <var>description</var> configuration...done.
6551 </example>
6552 where <var>description</var> is the same as in the
6553 daemon starting message.
6554 </p>
6555 </item>
6556 </list>
6557 </p>
6558 </sect>
6559
6560 <sect>
6561 <heading>Cron jobs</heading>
6562
6563 <p>
6564 Packages must not modify the configuration file
6565 <file>/etc/crontab</file>, and they must not modify the files in
6566 <file>/var/spool/cron/crontabs</file>.</p>
6567
6568 <p>
6569 If a package wants to install a job that has to be executed
6570 via cron, it should place a file with the name of the
6571 package in one or more of the following directories:
6572 <example compact="compact">
6573 /etc/cron.hourly
6574 /etc/cron.daily
6575 /etc/cron.weekly
6576 /etc/cron.monthly
6577 </example>
6578 As these directory names imply, the files within them are
6579 executed on an hourly, daily, weekly, or monthly basis,
6580 respectively. The exact times are listed in
6581 <file>/etc/crontab</file>.</p>
6582
6583 <p>
6584 All files installed in any of these directories must be
6585 scripts (e.g., shell scripts or Perl scripts) so that they
6586 can easily be modified by the local system administrator.
6587 In addition, they must be treated as configuration files.
6588 </p>
6589
6590 <p>
6591 If a certain job has to be executed at some other frequency or
6592 at a specific time, the package should install a file
6593 <file>/etc/cron.d/<var>package</var></file>. This file uses the
6594 same syntax as <file>/etc/crontab</file> and is processed by
6595 <prgn>cron</prgn> automatically. The file must also be
6596 treated as a configuration file. (Note that entries in the
6597 <file>/etc/cron.d</file> directory are not handled by
6598 <prgn>anacron</prgn>. Thus, you should only use this
6599 directory for jobs which may be skipped if the system is not
6600 running.)</p>
6601 <p>
6602 Unlike <file>crontab</file> files described in the IEEE Std
6603 1003.1-2008 (POSIX.1) available from
6604 <url id="http://www.opengroup.org/onlinepubs/9699919799/"
6605 name="The Open Group">, the files in
6606 <file>/etc/cron.d</file> and the file
6607 <file>/etc/crontab</file> have seven fields; namely:
6608 <enumlist>
6609 <item>Minute [0,59]</item>
6610 <item>Hour [0,23]</item>
6611 <item>Day of the month [1,31]</item>
6612 <item>Month of the year [1,12]</item>
6613 <item>Day of the week ([0,6] with 0=Sunday)</item>
6614 <item>Username</item>
6615 <item>Command to be run</item>
6616 </enumlist>
6617 Ranges of numbers are allowed. Ranges are two numbers
6618 separated with a hyphen. The specified range is inclusive.
6619 Lists are allowed. A list is a set of numbers (or ranges)
6620 separated by commas. Step values can be used in conjunction
6621 with ranges.
6622 </p>
6623
6624 <p>
6625 The scripts or <tt>crontab</tt> entries in these directories should
6626 check if all necessary programs are installed before they
6627 try to execute them. Otherwise, problems will arise when a
6628 package was removed but not purged since configuration files
6629 are kept on the system in this situation.
6630 </p>
6631
6632 <p>
6633 Any <tt>cron</tt> daemon must provide
6634 <file>/usr/bin/crontab</file> and support normal
6635 <tt>crontab</tt> entries as specified in POSIX. The daemon
6636 must also support names for days and months, ranges, and
6637 step values. It has to support <file>/etc/crontab</file>,
6638 and correctly execute the scripts in
6639 <file>/etc/cron.d</file>. The daemon must also correctly
6640 execute scripts in
6641 <file>/etc/cron.{hourly,daily,weekly,monthly}</file>.
6642 </p>
6643 </sect>
6644
6645 <sect id="menus">
6646 <heading>Menus</heading>
6647
6648 <p>
6649 The Debian <tt>menu</tt> package provides a standard
6650 interface between packages providing applications and
6651 <em>menu programs</em> (either X window managers or
6652 text-based menu programs such as <prgn>pdmenu</prgn>).
6653 </p>
6654
6655 <p>
6656 All packages that provide applications that need not be
6657 passed any special command line arguments for normal
6658 operation should register a menu entry for those
6659 applications, so that users of the <tt>menu</tt> package
6660 will automatically get menu entries in their window
6661 managers, as well in shells like <tt>pdmenu</tt>.
6662 </p>
6663
6664 <p>
6665 Menu entries should follow the current menu policy.
6666 </p>
6667
6668 <p>
6669 The menu policy can be found in the <tt>menu-policy</tt>
6670 files in the <tt>debian-policy</tt> package.
6671 It is also available from the Debian web mirrors at
6672 <tt><url name="/doc/packaging-manuals/menu-policy/"
6673 id="http://www.debian.org/doc/packaging-manuals/menu-policy/"></tt>.
6674 </p>
6675
6676 <p>
6677 Please also refer to the <em>Debian Menu System</em>
6678 documentation that comes with the <package>menu</package>
6679 package for information about how to register your
6680 applications.
6681 </p>
6682 </sect>
6683
6684 <sect id="mime">
6685 <heading>Multimedia handlers</heading>
6686
6687 <p>
6688 MIME (Multipurpose Internet Mail Extensions, RFCs 2045-2049)
6689 is a mechanism for encoding files and data streams and
6690 providing meta-information about them, in particular their
6691 type (e.g. audio or video) and format (e.g. PNG, HTML,
6692 MP3).
6693 </p>
6694
6695 <p>
6696 Registration of MIME type handlers allows programs like mail
6697 user agents and web browsers to invoke these handlers to
6698 view, edit or display MIME types they don't support directly.
6699 </p>
6700
6701 <p>
6702 Packages which provide the ability to view/show/play,
6703 compose, edit or print MIME types should register themselves
6704 as such following the current MIME support policy.
6705 </p>
6706
6707 <p>
6708 The MIME support policy can be found in the <tt>mime-policy</tt>
6709 files in the <tt>debian-policy</tt> package.
6710 It is also available from the Debian web mirrors at
6711 <tt><url name="/doc/packaging-manuals/mime-policy/"
6712 id="http://www.debian.org/doc/packaging-manuals/mime-policy/"></tt>.
6713 </p>
6714
6715 </sect>
6716
6717 <sect>
6718 <heading>Keyboard configuration</heading>
6719
6720 <p>
6721 To achieve a consistent keyboard configuration so that all
6722 applications interpret a keyboard event the same way, all
6723 programs in the Debian distribution must be configured to
6724 comply with the following guidelines.
6725 </p>
6726
6727 <p>
6728 The following keys must have the specified interpretations:
6729
6730 <taglist>
6731 <tag><tt>&lt;--</tt></tag>
6732 <item>delete the character to the left of the cursor</item>
6733
6734 <tag><tt>Delete</tt></tag>
6735 <item>delete the character to the right of the cursor</item>
6736
6737 <tag><tt>Control+H</tt></tag>
6738 <item>emacs: the help prefix</item>
6739 </taglist>
6740
6741 The interpretation of any keyboard events should be
6742 independent of the terminal that is used, be it a virtual
6743 console, an X terminal emulator, an rlogin/telnet session,
6744 etc.
6745 </p>
6746
6747 <p>
6748 The following list explains how the different programs
6749 should be set up to achieve this:
6750 </p>
6751
6752 <p>
6753 <list>
6754 <item>
6755 <tt>&lt;--</tt> generates <tt>KB_BackSpace</tt> in X.
6756 </item>
6757
6758 <item>
6759 <tt>Delete</tt> generates <tt>KB_Delete</tt> in X.
6760 </item>
6761
6762 <item>
6763 X translations are set up to make
6764 <tt>KB_Backspace</tt> generate ASCII DEL, and to make
6765 <tt>KB_Delete</tt> generate <tt>ESC [ 3 ~</tt> (this
6766 is the vt220 escape code for the "delete character"
6767 key). This must be done by loading the X resources
6768 using <prgn>xrdb</prgn> on all local X displays, not
6769 using the application defaults, so that the
6770 translation resources used correspond to the
6771 <prgn>xmodmap</prgn> settings.
6772 </item>
6773
6774 <item>
6775 The Linux console is configured to make
6776 <tt>&lt;--</tt> generate DEL, and <tt>Delete</tt>
6777 generate <tt>ESC [ 3 ~</tt>.
6778 </item>
6779
6780 <item>
6781 X applications are configured so that <tt>&lt;</tt>
6782 deletes left, and <tt>Delete</tt> deletes right. Motif
6783 applications already work like this.
6784 </item>
6785
6786 <item>
6787 Terminals should have <tt>stty erase ^?</tt> .
6788 </item>
6789
6790 <item>
6791 The <tt>xterm</tt> terminfo entry should have <tt>ESC
6792 [ 3 ~</tt> for <tt>kdch1</tt>, just as for
6793 <tt>TERM=linux</tt> and <tt>TERM=vt220</tt>.
6794 </item>
6795
6796 <item>
6797 Emacs is programmed to map <tt>KB_Backspace</tt> or
6798 the <tt>stty erase</tt> character to
6799 <tt>delete-backward-char</tt>, and <tt>KB_Delete</tt>
6800 or <tt>kdch1</tt> to <tt>delete-forward-char</tt>, and
6801 <tt>^H</tt> to <tt>help</tt> as always.
6802 </item>
6803
6804 <item>
6805 Other applications use the <tt>stty erase</tt>
6806 character and <tt>kdch1</tt> for the two delete keys,
6807 with ASCII DEL being "delete previous character" and
6808 <tt>kdch1</tt> being "delete character under
6809 cursor".
6810 </item>
6811
6812 </list>
6813 </p>
6814
6815 <p>
6816 This will solve the problem except for the following
6817 cases:
6818 </p>
6819
6820 <p>
6821 <list>
6822 <item>
6823 Some terminals have a <tt>&lt;--</tt> key that cannot
6824 be made to produce anything except <tt>^H</tt>. On
6825 these terminals Emacs help will be unavailable on
6826 <tt>^H</tt> (assuming that the <tt>stty erase</tt>
6827 character takes precedence in Emacs, and has been set
6828 correctly). <tt>M-x help</tt> or <tt>F1</tt> (if
6829 available) can be used instead.
6830 </item>
6831
6832 <item>
6833 Some operating systems use <tt>^H</tt> for <tt>stty
6834 erase</tt>. However, modern telnet versions and all
6835 rlogin versions propagate <tt>stty</tt> settings, and
6836 almost all UNIX versions honour <tt>stty erase</tt>.
6837 Where the <tt>stty</tt> settings are not propagated
6838 correctly, things can be made to work by using
6839 <tt>stty</tt> manually.
6840 </item>
6841
6842 <item>
6843 Some systems (including previous Debian versions) use
6844 <prgn>xmodmap</prgn> to arrange for both
6845 <tt>&lt;--</tt> and <tt>Delete</tt> to generate
6846 <tt>KB_Delete</tt>. We can change the behavior of
6847 their X clients using the same X resources that we use
6848 to do it for our own clients, or configure our clients
6849 using their resources when things are the other way
6850 around. On displays configured like this
6851 <tt>Delete</tt> will not work, but <tt>&lt;--</tt>
6852 will.
6853 </item>
6854
6855 <item>
6856 Some operating systems have different <tt>kdch1</tt>
6857 settings in their <tt>terminfo</tt> database for
6858 <tt>xterm</tt> and others. On these systems the
6859 <tt>Delete</tt> key will not work correctly when you
6860 log in from a system conforming to our policy, but
6861 <tt>&lt;--</tt> will.
6862 </item>
6863 </list>
6864 </p>
6865 </sect>
6866
6867 <sect>
6868 <heading>Environment variables</heading>
6869
6870 <p>
6871 A program must not depend on environment variables to get
6872 reasonable defaults. (That's because these environment
6873 variables would have to be set in a system-wide
6874 configuration file like <file>/etc/profile</file>, which is not
6875 supported by all shells.)
6876 </p>
6877
6878 <p>
6879 If a program usually depends on environment variables for its
6880 configuration, the program should be changed to fall back to
6881 a reasonable default configuration if these environment
6882 variables are not present. If this cannot be done easily
6883 (e.g., if the source code of a non-free program is not
6884 available), the program must be replaced by a small
6885 "wrapper" shell script which sets the environment variables
6886 if they are not already defined, and calls the original program.
6887 </p>
6888
6889 <p>
6890 Here is an example of a wrapper script for this purpose:
6891
6892 <example compact="compact">
6893 #!/bin/sh
6894 BAR=${BAR:-/var/lib/fubar}
6895 export BAR
6896 exec /usr/lib/foo/foo "$@"
6897 </example>
6898 </p>
6899
6900 <p>
6901 Furthermore, as <file>/etc/profile</file> is a configuration
6902 file of the <prgn>base-files</prgn> package, other packages must
6903 not put any environment variables or other commands into that
6904 file.
6905 </p>
6906 </sect>
6907
6908 <sect id="doc-base">
6909 <heading>Registering Documents using doc-base</heading>
6910
6911 <p>
6912 The <package>doc-base</package> package implements a
6913 flexible mechanism for handling and presenting
6914 documentation. The recommended practice is for every Debian
6915 package that provides online documentation (other than just
6916 manual pages) to register these documents with
6917 <package>doc-base</package> by installing a
6918 <package>doc-base</package> control file via the
6919 <prgn/install-docs/ script at installation time and
6920 de-register the manuals again when the package is removed.
6921 </p>
6922 <p>
6923 Please refer to the documentation that comes with the
6924 <package>doc-base</package> package for information and
6925 details.
6926 </p>
6927 </sect>
6928
6929 </chapt>
6930
6931
6932 <chapt id="files">
6933 <heading>Files</heading>
6934
6935 <sect>
6936 <heading>Binaries</heading>
6937
6938 <p>
6939 Two different packages must not install programs with
6940 different functionality but with the same filenames. (The
6941 case of two programs having the same functionality but
6942 different implementations is handled via "alternatives" or
6943 the "Conflicts" mechanism. See <ref id="maintscripts"> and
6944 <ref id="conflicts"> respectively.) If this case happens,
6945 one of the programs must be renamed. The maintainers should
6946 report this to the <tt>debian-devel</tt> mailing list and
6947 try to find a consensus about which program will have to be
6948 renamed. If a consensus cannot be reached, <em>both</em>
6949 programs must be renamed.
6950 </p>
6951
6952 <p>
6953 By default, when a package is being built, any binaries
6954 created should include debugging information, as well as
6955 being compiled with optimization. You should also turn on
6956 as many reasonable compilation warnings as possible; this
6957 makes life easier for porters, who can then look at build
6958 logs for possible problems. For the C programming language,
6959 this means the following compilation parameters should be
6960 used:
6961 <example compact="compact">
6962 CC = gcc
6963 CFLAGS = -O2 -g -Wall # sane warning options vary between programs
6964 LDFLAGS = # none
6965 INSTALL = install -s # (or use strip on the files in debian/tmp)
6966 </example>
6967 </p>
6968
6969 <p>
6970 Note that by default all installed binaries should be stripped,
6971 either by using the <tt>-s</tt> flag to
6972 <prgn>install</prgn>, or by calling <prgn>strip</prgn> on
6973 the binaries after they have been copied into
6974 <file>debian/tmp</file> but before the tree is made into a
6975 package.
6976 </p>
6977
6978 <p>
6979 Although binaries in the build tree should be compiled with
6980 debugging information by default, it can often be difficult to
6981 debug programs if they are also subjected to compiler
6982 optimization. For this reason, it is recommended to support the
6983 standardized environment variable <tt>DEB_BUILD_OPTIONS</tt>
6984 (see <ref id="debianrules-options">). This variable can contain
6985 several flags to change how a package is compiled and built.
6986 </p>
6987
6988 <p>
6989 It is up to the package maintainer to decide what
6990 compilation options are best for the package. Certain
6991 binaries (such as computationally-intensive programs) will
6992 function better with certain flags (<tt>-O3</tt>, for
6993 example); feel free to use them. Please use good judgment
6994 here. Don't use flags for the sake of it; only use them
6995 if there is good reason to do so. Feel free to override
6996 the upstream author's ideas about which compilation
6997 options are best: they are often inappropriate for our
6998 environment.
6999 </p>
7000 </sect>
7001
7002
7003 <sect id="libraries">
7004 <heading>Libraries</heading>
7005
7006 <p>
7007 If the package is <strong>architecture: any</strong>, then
7008 the shared library compilation and linking flags must have
7009 <tt>-fPIC</tt>, or the package shall not build on some of
7010 the supported architectures<footnote>
7011 <p>
7012 If you are using GCC, <tt>-fPIC</tt> produces code with
7013 relocatable position independent code, which is required for
7014 most architectures to create a shared library, with i386 and
7015 perhaps some others where non position independent code is
7016 permitted in a shared library.
7017 </p>
7018 <p>
7019 Position independent code may have a performance penalty,
7020 especially on <tt>i386</tt>. However, in most cases the
7021 speed penalty must be measured against the memory wasted on
7022 the few architectures where non position independent code is
7023 even possible.
7024 </p>
7025 </footnote>. Any exception to this rule must be discussed on
7026 the mailing list <em>debian-devel@lists.debian.org</em>, and
7027 a rough consensus obtained. The reasons for not compiling
7028 with <tt>-fPIC</tt> flag must be recorded in the file
7029 <tt>README.Debian</tt>, and care must be taken to either
7030 restrict the architecture or arrange for <tt>-fPIC</tt> to
7031 be used on architectures where it is required.<footnote>
7032 <p>
7033 Some of the reasons why this might be required is if the
7034 library contains hand crafted assembly code that is not
7035 relocatable, the speed penalty is excessive for compute
7036 intensive libs, and similar reasons.
7037 </p>
7038 </footnote>
7039 </p>
7040 <p>
7041 As to the static libraries, the common case is not to have
7042 relocatable code, since there is no benefit, unless in specific
7043 cases; therefore the static version must not be compiled
7044 with the <tt>-fPIC</tt> flag. Any exception to this rule
7045 should be discussed on the mailing list
7046 <em>debian-devel@lists.debian.org</em>, and the reasons for
7047 compiling with the <tt>-fPIC</tt> flag must be recorded in
7048 the file <tt>README.Debian</tt>. <footnote>
7049 <p>
7050 Some of the reasons for linking static libraries with
7051 the <tt>-fPIC</tt> flag are if, for example, one needs a
7052 Perl API for a library that is under rapid development,
7053 and has an unstable API, so shared libraries are
7054 pointless at this phase of the library's development. In
7055 that case, since Perl needs a library with relocatable
7056 code, it may make sense to create a static library with
7057 relocatable code. Another reason cited is if you are
7058 distilling various libraries into a common shared
7059 library, like <tt>mklibs</tt> does in the Debian
7060 installer project.
7061 </p>
7062 </footnote>
7063 </p>
7064 <p>
7065 In other words, if both a shared and a static library is
7066 being built, each source unit (<tt>*.c</tt>, for example,
7067 for C files) will need to be compiled twice, for the normal
7068 case.
7069 </p>
7070 <p>
7071 You must specify the gcc option <tt>-D_REENTRANT</tt>
7072 when building a library (either static or shared) to make
7073 the library compatible with LinuxThreads.
7074 </p>
7075
7076 <p>
7077 Although not enforced by the build tools, shared libraries
7078 must be linked against all libraries that they use symbols from
7079 in the same way that binaries are. This ensures the correct
7080 functioning of the <qref id="sharedlibs-shlibdeps">shlibs</qref>
7081 system and guarantees that all libraries can be safely opened
7082 with <tt>dlopen()</tt>. Packagers may wish to use the gcc
7083 option <tt>-Wl,-z,defs</tt> when building a shared library.
7084 Since this option enforces symbol resolution at build time,
7085 a missing library reference will be caught early as a fatal
7086 build error.
7087 </p>
7088
7089 <p>
7090 All installed shared libraries should be stripped with
7091 <example compact="compact">
7092 strip --strip-unneeded <var>your-lib</var>
7093 </example>
7094 (The option <tt>--strip-unneeded</tt> makes
7095 <prgn>strip</prgn> remove only the symbols which aren't
7096 needed for relocation processing.) Shared libraries can
7097 function perfectly well when stripped, since the symbols for
7098 dynamic linking are in a separate part of the ELF object
7099 file.<footnote>
7100 You might also want to use the options
7101 <tt>--remove-section=.comment</tt> and
7102 <tt>--remove-section=.note</tt> on both shared libraries
7103 and executables, and <tt>--strip-debug</tt> on static
7104 libraries.
7105 </footnote>
7106 </p>
7107
7108 <p>
7109 Note that under some circumstances it may be useful to
7110 install a shared library unstripped, for example when
7111 building a separate package to support debugging.
7112 </p>
7113
7114 <p>
7115 Shared object files (often <file>.so</file> files) that are not
7116 public libraries, that is, they are not meant to be linked
7117 to by third party executables (binaries of other packages),
7118 should be installed in subdirectories of the
7119 <file>/usr/lib</file> directory. Such files are exempt from the
7120 rules that govern ordinary shared libraries, except that
7121 they must not be installed executable and should be
7122 stripped.<footnote>
7123 A common example are the so-called "plug-ins",
7124 internal shared objects that are dynamically loaded by
7125 programs using <manref name="dlopen" section="3">.
7126 </footnote>
7127 </p>
7128
7129 <p>
7130 An ever increasing number of packages are using
7131 <prgn>libtool</prgn> to do their linking. The latest GNU
7132 libtools (>= 1.3a) can take advantage of the metadata in the
7133 installed <prgn>libtool</prgn> archive files (<file>*.la</file>
7134 files). The main advantage of <prgn>libtool</prgn>'s
7135 <file>.la</file> files is that it allows <prgn>libtool</prgn> to
7136 store and subsequently access metadata with respect to the
7137 libraries it builds. <prgn>libtool</prgn> will search for
7138 those files, which contain a lot of useful information about
7139 a library (such as library dependency information for static
7140 linking). Also, they're <em>essential</em> for programs
7141 using <tt>libltdl</tt>.<footnote>
7142 Although <prgn>libtool</prgn> is fully capable of
7143 linking against shared libraries which don't have
7144 <tt>.la</tt> files, as it is a mere shell script it can
7145 add considerably to the build time of a
7146 <prgn>libtool</prgn>-using package if that shell script
7147 has to derive all this information from first principles
7148 for each library every time it is linked. With the
7149 advent of <prgn>libtool</prgn> version 1.4 (and to a
7150 lesser extent <prgn>libtool</prgn> version 1.3), the
7151 <file>.la</file> files also store information about
7152 inter-library dependencies which cannot necessarily be
7153 derived after the <file>.la</file> file is deleted.
7154 </footnote>
7155 </p>
7156
7157 <p>
7158 Packages that use <prgn>libtool</prgn> to create shared
7159 libraries should include the <file>.la</file> files in the
7160 <tt>-dev</tt> package, unless the package relies on
7161 <tt>libtool</tt>'s <tt>libltdl</tt> library, in which case
7162 the <tt>.la</tt> files must go in the run-time library
7163 package.
7164 </p>
7165
7166 <p>
7167 You must make sure that you use only released versions of
7168 shared libraries to build your packages; otherwise other
7169 users will not be able to run your binaries
7170 properly. Producing source packages that depend on
7171 unreleased compilers is also usually a bad
7172 idea.
7173 </p>
7174 </sect>
7175
7176
7177 <sect>
7178 <heading>Shared libraries</heading>
7179 <p>
7180 This section has moved to <ref id="sharedlibs">.
7181 </p>
7182 </sect>
7183
7184
7185 <sect id="scripts">
7186 <heading>Scripts</heading>
7187
7188 <p>
7189 All command scripts, including the package maintainer
7190 scripts inside the package and used by <prgn>dpkg</prgn>,
7191 should have a <tt>#!</tt> line naming the shell to be used
7192 to interpret them.
7193 </p>
7194
7195 <p>
7196 In the case of Perl scripts this should be
7197 <tt>#!/usr/bin/perl</tt>.
7198 </p>
7199
7200 <p>
7201 When scripts are installed into a directory in the system
7202 PATH, the script name should not include an extension such
7203 as <tt>.sh</tt> or <tt>.pl</tt> that denotes the scripting
7204 language currently used to implement it.
7205 </p>
7206 <p>
7207 Shell scripts (<prgn>sh</prgn> and <prgn>bash</prgn>)
7208 should almost certainly start with <tt>set -e</tt> so that
7209 errors are detected. Every script should use
7210 <tt>set -e</tt> or check the exit status of <em>every</em>
7211 command.
7212 </p>
7213
7214 <p>
7215 Scripts may assume that <file>/bin/sh</file> implements the
7216 SUSv3 Shell Command Language<footnote>
7217 Single UNIX Specification, version 3, which is also IEEE
7218 1003.1-2004 (POSIX), and is available on the World Wide Web
7219 from <url id="http://www.unix.org/version3/online.html"
7220 name="The Open Group"> after free
7221 registration.</footnote>
7222 plus the following additional features not mandated by
7223 SUSv3:<footnote>
7224 These features are in widespread use in the Linux community
7225 and are implemented in all of bash, dash, and ksh, the most
7226 common shells users may wish to use as <file>/bin/sh</file>.
7227 </footnote>
7228 <list>
7229 <item><tt>echo -n</tt>, if implemented as a shell built-in,
7230 must not generate a newline.</item>
7231 <item><tt>test</tt>, if implemented as a shell built-in, must
7232 support <tt>-a</tt> and <tt>-o</tt> as binary logical
7233 operators.</item>
7234 <item><tt>local</tt> to create a scoped variable must be
7235 supported, including listing multiple variables in a single
7236 local command and assigning a value to a variable at the
7237 same time as localizing it. <tt>local</tt> may or
7238 may not preserve the variable value from an outer scope if
7239 no assignment is present. Uses such as:
7240 <example compact>
7241 fname () {
7242 local a b c=delta d
7243 # ... use a, b, c, d ...
7244 }
7245 </example>
7246 must be supported and must set the value of <tt>c</tt> to
7247 <tt>delta</tt>.
7248 </item>
7249 </list>
7250 If a shell script requires non-SUSv3 features from the shell
7251 interpreter other than those listed above, the appropriate shell
7252 must be specified in the first line of the script (e.g.,
7253 <tt>#!/bin/bash</tt>) and the package must depend on the package
7254 providing the shell (unless the shell package is marked
7255 "Essential", as in the case of <prgn>bash</prgn>).
7256 </p>
7257
7258 <p>
7259 You may wish to restrict your script to SUSv3 features plus the
7260 above set when possible so that it may use <file>/bin/sh</file>
7261 as its interpreter. If your script works with <prgn>dash</prgn>
7262 (originally called <prgn>ash</prgn>), it probably complies with
7263 the above requirements, but if you are in doubt, use
7264 <file>/bin/bash</file>.
7265 </p>
7266
7267 <p>
7268 Perl scripts should check for errors when making any
7269 system calls, including <tt>open</tt>, <tt>print</tt>,
7270 <tt>close</tt>, <tt>rename</tt> and <tt>system</tt>.
7271 </p>
7272
7273 <p>
7274 <prgn>csh</prgn> and <prgn>tcsh</prgn> should be avoided as
7275 scripting languages. See <em>Csh Programming Considered
7276 Harmful</em>, one of the <tt>comp.unix.*</tt> FAQs, which
7277 can be found at <url id="http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/">.
7278 If an upstream package comes with <prgn>csh</prgn> scripts
7279 then you must make sure that they start with
7280 <tt>#!/bin/csh</tt> and make your package depend on the
7281 <prgn>c-shell</prgn> virtual package.
7282 </p>
7283
7284 <p>
7285 Any scripts which create files in world-writeable
7286 directories (e.g., in <file>/tmp</file>) must use a
7287 mechanism which will fail atomically if a file with the same
7288 name already exists.
7289 </p>
7290
7291 <p>
7292 The Debian base system provides the <prgn>tempfile</prgn>
7293 and <prgn>mktemp</prgn> utilities for use by scripts for
7294 this purpose.
7295 </p>
7296 </sect>
7297
7298
7299 <sect>
7300 <heading>Symbolic links</heading>
7301
7302 <p>
7303 In general, symbolic links within a top-level directory
7304 should be relative, and symbolic links pointing from one
7305 top-level directory into another should be absolute. (A
7306 top-level directory is a sub-directory of the root
7307 directory <file>/</file>.)
7308 </p>
7309
7310 <p>
7311 In addition, symbolic links should be specified as short as
7312 possible, i.e., link targets like <file>foo/../bar</file> are
7313 deprecated.
7314 </p>
7315
7316 <p>
7317 Note that when creating a relative link using
7318 <prgn>ln</prgn> it is not necessary for the target of the
7319 link to exist relative to the working directory you're
7320 running <prgn>ln</prgn> from, nor is it necessary to change
7321 directory to the directory where the link is to be made.
7322 Simply include the string that should appear as the target
7323 of the link (this will be a pathname relative to the
7324 directory in which the link resides) as the first argument
7325 to <prgn>ln</prgn>.
7326 </p>
7327
7328 <p>
7329 For example, in your <prgn>Makefile</prgn> or
7330 <file>debian/rules</file>, you can do things like:
7331 <example compact="compact">
7332 ln -fs gcc $(prefix)/bin/cc
7333 ln -fs gcc debian/tmp/usr/bin/cc
7334 ln -fs ../sbin/sendmail $(prefix)/bin/runq
7335 ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
7336 </example>
7337 </p>
7338
7339 <p>
7340 A symbolic link pointing to a compressed file should always
7341 have the same file extension as the referenced file. (For
7342 example, if a file <file>foo.gz</file> is referenced by a
7343 symbolic link, the filename of the link has to end with
7344 "<file>.gz</file>" too, as in <file>bar.gz</file>.)
7345 </p>
7346 </sect>
7347
7348 <sect>
7349 <heading>Device files</heading>
7350
7351 <p>
7352 Packages must not include device files or named pipes in the
7353 package file tree.
7354 </p>
7355
7356 <p>
7357 If a package needs any special device files that are not
7358 included in the base system, it must call
7359 <prgn>MAKEDEV</prgn> in the <prgn>postinst</prgn> script,
7360 after notifying the user<footnote>
7361 This notification could be done via a (low-priority)
7362 debconf message, or an echo (printf) statement.
7363 </footnote>.
7364 </p>
7365
7366 <p>
7367 Packages must not remove any device files in the
7368 <prgn>postrm</prgn> or any other script. This is left to the
7369 system administrator.
7370 </p>
7371
7372 <p>
7373 Debian uses the serial devices
7374 <file>/dev/ttyS*</file>. Programs using the old
7375 <file>/dev/cu*</file> devices should be changed to use
7376 <file>/dev/ttyS*</file>.
7377 </p>
7378
7379 <p>
7380 Named pipes needed by the package must be created in
7381 the <prgn>postinst</prgn> script<footnote>
7382 It's better to use <prgn>mkfifo</prgn> rather
7383 than <prgn>mknod</prgn> to create named pipes so that
7384 automated checks for packages incorrectly creating device
7385 files with <prgn>mknod</prgn> won't have false positives.
7386 </footnote> and removed in
7387 the <prgn>prerm</prgn> or <prgn>postrm</prgn> script as
7388 appropriate.
7389 </p>
7390 </sect>
7391
7392 <sect id="config-files">
7393 <heading>Configuration files</heading>
7394
7395 <sect1>
7396 <heading>Definitions</heading>
7397
7398 <p>
7399 <taglist>
7400 <tag>configuration file</tag>
7401 <item>
7402 A file that affects the operation of a program, or
7403 provides site- or host-specific information, or
7404 otherwise customizes the behavior of a program.
7405 Typically, configuration files are intended to be
7406 modified by the system administrator (if needed or
7407 desired) to conform to local policy or to provide
7408 more useful site-specific behavior.
7409 </item>
7410
7411 <tag><tt>conffile</tt></tag>
7412 <item>
7413 A file listed in a package's <tt>conffiles</tt>
7414 file, and is treated specially by <prgn>dpkg</prgn>
7415 (see <ref id="configdetails">).
7416 </item>
7417 </taglist>
7418 </p>
7419
7420 <p>
7421 The distinction between these two is important; they are
7422 not interchangeable concepts. Almost all
7423 <tt>conffile</tt>s are configuration files, but many
7424 configuration files are not <tt>conffiles</tt>.
7425 </p>
7426
7427 <p>
7428 As noted elsewhere, <file>/etc/init.d</file> scripts,
7429 <file>/etc/default</file> files, scripts installed in
7430 <file>/etc/cron.{hourly,daily,weekly,monthly}</file>, and cron
7431 configuration installed in <file>/etc/cron.d</file> must be
7432 treated as configuration files. In general, any script that
7433 embeds configuration information is de-facto a configuration
7434 file and should be treated as such.
7435 </p>
7436 </sect1>
7437
7438 <sect1>
7439 <heading>Location</heading>
7440
7441 <p>
7442 Any configuration files created or used by your package
7443 must reside in <file>/etc</file>. If there are several,
7444 consider creating a subdirectory of <file>/etc</file>
7445 named after your package.
7446 </p>
7447
7448 <p>
7449 If your package creates or uses configuration files
7450 outside of <file>/etc</file>, and it is not feasible to modify
7451 the package to use <file>/etc</file> directly, put the files
7452 in <file>/etc</file> and create symbolic links to those files
7453 from the location that the package requires.
7454 </p>
7455 </sect1>
7456
7457 <sect1>
7458 <heading>Behavior</heading>
7459
7460 <p>
7461 Configuration file handling must conform to the following
7462 behavior:
7463 <list compact="compact">
7464 <item>
7465 local changes must be preserved during a package
7466 upgrade, and
7467 </item>
7468 <item>
7469 configuration files must be preserved when the
7470 package is removed, and only deleted when the
7471 package is purged.
7472 </item>
7473 </list>
7474 </p>
7475
7476 <p>
7477 The easy way to achieve this behavior is to make the
7478 configuration file a <tt>conffile</tt>. This is
7479 appropriate only if it is possible to distribute a default
7480 version that will work for most installations, although
7481 some system administrators may choose to modify it. This
7482 implies that the default version will be part of the
7483 package distribution, and must not be modified by the
7484 maintainer scripts during installation (or at any other
7485 time).
7486 </p>
7487
7488 <p>
7489 In order to ensure that local changes are preserved
7490 correctly, no package may contain or make hard links to
7491 conffiles.<footnote>
7492 Rationale: There are two problems with hard links.
7493 The first is that some editors break the link while
7494 editing one of the files, so that the two files may
7495 unwittingly become unlinked and different. The second
7496 is that <prgn>dpkg</prgn> might break the hard link
7497 while upgrading <tt>conffile</tt>s.
7498 </footnote>
7499 </p>
7500
7501 <p>
7502 The other way to do it is via the maintainer scripts. In
7503 this case, the configuration file must not be listed as a
7504 <tt>conffile</tt> and must not be part of the package
7505 distribution. If the existence of a file is required for
7506 the package to be sensibly configured it is the
7507 responsibility of the package maintainer to provide
7508 maintainer scripts which correctly create, update and
7509 maintain the file and remove it on purge. (See <ref
7510 id="maintainerscripts"> for more information.) These
7511 scripts must be idempotent (i.e., must work correctly if
7512 <prgn>dpkg</prgn> needs to re-run them due to errors
7513 during installation or removal), must cope with all the
7514 variety of ways <prgn>dpkg</prgn> can call maintainer
7515 scripts, must not overwrite or otherwise mangle the user's
7516 configuration without asking, must not ask unnecessary
7517 questions (particularly during upgrades), and must
7518 otherwise be good citizens.
7519 </p>
7520
7521 <p>
7522 The scripts are not required to configure every possible
7523 option for the package, but only those necessary to get
7524 the package running on a given system. Ideally the
7525 sysadmin should not have to do any configuration other
7526 than that done (semi-)automatically by the
7527 <prgn>postinst</prgn> script.
7528 </p>
7529
7530 <p>
7531 A common practice is to create a script called
7532 <file><var>package</var>-configure</file> and have the
7533 package's <prgn>postinst</prgn> call it if and only if the
7534 configuration file does not already exist. In certain
7535 cases it is useful for there to be an example or template
7536 file which the maintainer scripts use. Such files should
7537 be in <file>/usr/share/<var>package</var></file> or
7538 <file>/usr/lib/<var>package</var></file> (depending on whether
7539 they are architecture-independent or not). There should
7540 be symbolic links to them from
7541 <file>/usr/share/doc/<var>package</var>/examples</file> if
7542 they are examples, and should be perfectly ordinary
7543 <prgn>dpkg</prgn>-handled files (<em>not</em>
7544 configuration files).
7545 </p>
7546
7547 <p>
7548 These two styles of configuration file handling must
7549 not be mixed, for that way lies madness:
7550 <prgn>dpkg</prgn> will ask about overwriting the file
7551 every time the package is upgraded.
7552 </p>
7553 </sect1>
7554
7555 <sect1>
7556 <heading>Sharing configuration files</heading>
7557
7558 <p>
7559 Packages which specify the same file as a
7560 <tt>conffile</tt> must be tagged as <em>conflicting</em>
7561 with each other. (This is an instance of the general rule
7562 about not sharing files. Note that neither alternatives
7563 nor diversions are likely to be appropriate in this case;
7564 in particular, <prgn>dpkg</prgn> does not handle diverted
7565 <tt>conffile</tt>s well.)
7566 </p>
7567
7568 <p>
7569 The maintainer scripts must not alter a <tt>conffile</tt>
7570 of <em>any</em> package, including the one the scripts
7571 belong to.
7572 </p>
7573
7574 <p>
7575 If two or more packages use the same configuration file
7576 and it is reasonable for both to be installed at the same
7577 time, one of these packages must be defined as
7578 <em>owner</em> of the configuration file, i.e., it will be
7579 the package which handles that file as a configuration
7580 file. Other packages that use the configuration file must
7581 depend on the owning package if they require the
7582 configuration file to operate. If the other package will
7583 use the configuration file if present, but is capable of
7584 operating without it, no dependency need be declared.
7585 </p>
7586
7587 <p>
7588 If it is desirable for two or more related packages to
7589 share a configuration file <em>and</em> for all of the
7590 related packages to be able to modify that configuration
7591 file, then the following should be done:
7592 <enumlist compact="compact">
7593 <item>
7594 One of the related packages (the "owning" package)
7595 will manage the configuration file with maintainer
7596 scripts as described in the previous section.
7597 </item>
7598 <item>
7599 The owning package should also provide a program
7600 that the other packages may use to modify the
7601 configuration file.
7602 </item>
7603 <item>
7604 The related packages must use the provided program
7605 to make any desired modifications to the
7606 configuration file. They should either depend on
7607 the core package to guarantee that the configuration
7608 modifier program is available or accept gracefully
7609 that they cannot modify the configuration file if it
7610 is not. (This is in addition to the fact that the
7611 configuration file may not even be present in the
7612 latter scenario.)
7613 </item>
7614 </enumlist>
7615 </p>
7616
7617 <p>
7618 Sometimes it's appropriate to create a new package which
7619 provides the basic infrastructure for the other packages
7620 and which manages the shared configuration files. (The
7621 <tt>sgml-base</tt> package is a good example.)
7622 </p>
7623 </sect1>
7624
7625 <sect1>
7626 <heading>User configuration files ("dotfiles")</heading>
7627
7628 <p>
7629 The files in <file>/etc/skel</file> will automatically be
7630 copied into new user accounts by <prgn>adduser</prgn>.
7631 No other program should reference the files in
7632 <file>/etc/skel</file>.
7633 </p>
7634
7635 <p>
7636 Therefore, if a program needs a dotfile to exist in
7637 advance in <file>$HOME</file> to work sensibly, that dotfile
7638 should be installed in <file>/etc/skel</file> and treated as a
7639 configuration file.
7640 </p>
7641
7642 <p>
7643 However, programs that require dotfiles in order to
7644 operate sensibly are a bad thing, unless they do create
7645 the dotfiles themselves automatically.
7646 </p>
7647
7648 <p>
7649 Furthermore, programs should be configured by the Debian
7650 default installation to behave as closely to the upstream
7651 default behavior as possible.
7652 </p>
7653
7654 <p>
7655 Therefore, if a program in a Debian package needs to be
7656 configured in some way in order to operate sensibly, that
7657 should be done using a site-wide configuration file placed
7658 in <file>/etc</file>. Only if the program doesn't support a
7659 site-wide default configuration and the package maintainer
7660 doesn't have time to add it may a default per-user file be
7661 placed in <file>/etc/skel</file>.
7662 </p>
7663
7664 <p>
7665 <file>/etc/skel</file> should be as empty as we can make it.
7666 This is particularly true because there is no easy (or
7667 necessarily desirable) mechanism for ensuring that the
7668 appropriate dotfiles are copied into the accounts of
7669 existing users when a package is installed.
7670 </p>
7671 </sect1>
7672 </sect>
7673
7674 <sect>
7675 <heading>Log files</heading>
7676 <p>
7677 Log files should usually be named
7678 <file>/var/log/<var>package</var>.log</file>. If you have many
7679 log files, or need a separate directory for permission
7680 reasons (<file>/var/log</file> is writable only by
7681 <file>root</file>), you should usually create a directory named
7682 <file>/var/log/<var>package</var></file> and place your log
7683 files there.
7684 </p>
7685
7686 <p>
7687 Log files must be rotated occasionally so that they don't
7688 grow indefinitely; the best way to do this is to drop a log
7689 rotation configuration file into the directory
7690 <file>/etc/logrotate.d</file> and use the facilities provided by
7691 logrotate.<footnote>
7692 <p>
7693 The traditional approach to log files has been to set up
7694 <em>ad hoc</em> log rotation schemes using simple shell
7695 scripts and cron. While this approach is highly
7696 customizable, it requires quite a lot of sysadmin work.
7697 Even though the original Debian system helped a little
7698 by automatically installing a system which can be used
7699 as a template, this was deemed not enough.
7700 </p>
7701
7702 <p>
7703 The use of <prgn>logrotate</prgn>, a program developed
7704 by Red Hat, is better, as it centralizes log management.
7705 It has both a configuration file
7706 (<file>/etc/logrotate.conf</file>) and a directory where
7707 packages can drop their individual log rotation
7708 configurations (<file>/etc/logrotate.d</file>).
7709 </p>
7710 </footnote>
7711 Here is a good example for a logrotate config
7712 file (for more information see <manref name="logrotate"
7713 section="8">):
7714 <example compact="compact">
7715 /var/log/foo/*.log {
7716 rotate 12
7717 weekly
7718 compress
7719 postrotate
7720 /etc/init.d/foo force-reload
7721 endscript
7722 }
7723 </example>
7724 This rotates all files under <file>/var/log/foo</file>, saves 12
7725 compressed generations, and forces the daemon to reload its
7726 configuration information after the log rotation.
7727 </p>
7728
7729 <p>
7730 Log files should be removed when the package is
7731 purged (but not when it is only removed). This should be
7732 done by the <prgn>postrm</prgn> script when it is called
7733 with the argument <tt>purge</tt> (see <ref
7734 id="removedetails">).
7735 </p>
7736 </sect>
7737
7738 <sect>
7739 <heading>Permissions and owners</heading>
7740
7741 <p>
7742 The rules in this section are guidelines for general use.
7743 If necessary you may deviate from the details below.
7744 However, if you do so you must make sure that what is done
7745 is secure and you should try to be as consistent as possible
7746 with the rest of the system. You should probably also
7747 discuss it on <prgn>debian-devel</prgn> first.
7748 </p>
7749
7750 <p>
7751 Files should be owned by <tt>root:root</tt>, and made
7752 writable only by the owner and universally readable (and
7753 executable, if appropriate), that is mode 644 or 755.
7754 </p>
7755
7756 <p>
7757 Directories should be mode 755 or (for group-writability)
7758 mode 2775. The ownership of the directory should be
7759 consistent with its mode: if a directory is mode 2775, it
7760 should be owned by the group that needs write access to
7761 it.<footnote>
7762 <p>
7763 When a package is upgraded, and the owner or permissions
7764 of a file included in the package has changed, dpkg
7765 arranges for the ownership and permissions to be
7766 correctly set upon installation. However, this does not
7767 extend to directories; the permissions and ownership of
7768 directories already on the system does not change on
7769 install or upgrade of packages. This makes sense, since
7770 otherwise common directories like <tt>/usr</tt> would
7771 always be in flux. To correctly change permissions of a
7772 directory the package owns, explicit action is required,
7773 usually in the <tt>postinst</tt> script. Care must be
7774 taken to handle downgrades as well, in that case.
7775 </p>
7776 </footnote>
7777 </p>
7778
7779
7780 <p>
7781 Setuid and setgid executables should be mode 4755 or 2755
7782 respectively, and owned by the appropriate user or group.
7783 They should not be made unreadable (modes like 4711 or
7784 2711 or even 4111); doing so achieves no extra security,
7785 because anyone can find the binary in the freely available
7786 Debian package; it is merely inconvenient. For the same
7787 reason you should not restrict read or execute permissions
7788 on non-set-id executables.
7789 </p>
7790
7791 <p>
7792 Some setuid programs need to be restricted to particular
7793 sets of users, using file permissions. In this case they
7794 should be owned by the uid to which they are set-id, and by
7795 the group which should be allowed to execute them. They
7796 should have mode 4754; again there is no point in making
7797 them unreadable to those users who must not be allowed to
7798 execute them.
7799 </p>
7800
7801 <p>
7802 It is possible to arrange that the system administrator can
7803 reconfigure the package to correspond to their local
7804 security policy by changing the permissions on a binary:
7805 they can do this by using <prgn>dpkg-statoverride</prgn>, as
7806 described below.<footnote>
7807 Ordinary files installed by <prgn>dpkg</prgn> (as
7808 opposed to <tt>conffile</tt>s and other similar objects)
7809 normally have their permissions reset to the distributed
7810 permissions when the package is reinstalled. However,
7811 the use of <prgn>dpkg-statoverride</prgn> overrides this
7812 default behavior. If you use this method, you should
7813 remember to describe <prgn>dpkg-statoverride</prgn> in
7814 the package documentation; being a relatively new
7815 addition to Debian, it is probably not yet well-known.
7816 </footnote>
7817 Another method you should consider is to create a group for
7818 people allowed to use the program(s) and make any setuid
7819 executables executable only by that group.
7820 </p>
7821
7822 <p>
7823 If you need to create a new user or group for your package
7824 there are two possibilities. Firstly, you may need to
7825 make some files in the binary package be owned by this
7826 user or group, or you may need to compile the user or
7827 group id (rather than just the name) into the binary
7828 (though this latter should be avoided if possible, as in
7829 this case you need a statically allocated id).</p>
7830
7831 <p>
7832 If you need a statically allocated id, you must ask for a
7833 user or group id from the <tt>base-passwd</tt> maintainer,
7834 and must not release the package until you have been
7835 allocated one. Once you have been allocated one you must
7836 either make the package depend on a version of the
7837 <tt>base-passwd</tt> package with the id present in
7838 <file>/etc/passwd</file> or <file>/etc/group</file>, or arrange for
7839 your package to create the user or group itself with the
7840 correct id (using <tt>adduser</tt>) in its
7841 <prgn>preinst</prgn> or <prgn>postinst</prgn>. (Doing it in
7842 the <prgn>postinst</prgn> is to be preferred if it is
7843 possible, otherwise a pre-dependency will be needed on the
7844 <tt>adduser</tt> package.)
7845 </p>
7846
7847 <p>
7848 On the other hand, the program might be able to determine
7849 the uid or gid from the user or group name at runtime, so
7850 that a dynamically allocated id can be used. In this case
7851 you should choose an appropriate user or group name,
7852 discussing this on <prgn>debian-devel</prgn> and checking
7853 with the <package/base-passwd/ maintainer that it is unique and that
7854 they do not wish you to use a statically allocated id
7855 instead. When this has been checked you must arrange for
7856 your package to create the user or group if necessary using
7857 <prgn>adduser</prgn> in the <prgn>preinst</prgn> or
7858 <prgn>postinst</prgn> script (again, the latter is to be
7859 preferred if it is possible).
7860 </p>
7861
7862 <p>
7863 Note that changing the numeric value of an id associated
7864 with a name is very difficult, and involves searching the
7865 file system for all appropriate files. You need to think
7866 carefully whether a static or dynamic id is required, since
7867 changing your mind later will cause problems.
7868 </p>
7869
7870 <sect1><heading>The use of <prgn>dpkg-statoverride</prgn></heading>
7871 <p>
7872 This section is not intended as policy, but as a
7873 description of the use of <prgn>dpkg-statoverride</prgn>.
7874 </p>
7875
7876 <p>
7877 If a system administrator wishes to have a file (or
7878 directory or other such thing) installed with owner and
7879 permissions different from those in the distributed Debian
7880 package, they can use the <prgn>dpkg-statoverride</prgn>
7881 program to instruct <prgn>dpkg</prgn> to use the different
7882 settings every time the file is installed. Thus the
7883 package maintainer should distribute the files with their
7884 normal permissions, and leave it for the system
7885 administrator to make any desired changes. For example, a
7886 daemon which is normally required to be setuid root, but
7887 in certain situations could be used without being setuid,
7888 should be installed setuid in the <tt>.deb</tt>. Then the
7889 local system administrator can change this if they wish.
7890 If there are two standard ways of doing it, the package
7891 maintainer can use <tt>debconf</tt> to find out the
7892 preference, and call <prgn>dpkg-statoverride</prgn> in the
7893 maintainer script if necessary to accommodate the system
7894 administrator's choice. Care must be taken during
7895 upgrades to not override an existing setting.
7896 </p>
7897
7898 <p>
7899 Given the above, <prgn>dpkg-statoverride</prgn> is
7900 essentially a tool for system administrators and would not
7901 normally be needed in the maintainer scripts. There is
7902 one type of situation, though, where calls to
7903 <prgn>dpkg-statoverride</prgn> would be needed in the
7904 maintainer scripts, and that involves packages which use
7905 dynamically allocated user or group ids. In such a
7906 situation, something like the following idiom can be very
7907 helpful in the package's <prgn>postinst</prgn>, where
7908 <tt>sysuser</tt> is a dynamically allocated id:
7909 <example>
7910 for i in /usr/bin/foo /usr/sbin/bar
7911 do
7912 # only do something when no setting exists
7913 if ! dpkg-statoverride --list $i >/dev/null 2>&1
7914 then
7915 #include: debconf processing, question about foo and bar
7916 if [ "$RET" = "true" ] ; then
7917 dpkg-statoverride --update --add sysuser root 4755 $i
7918 fi
7919 fi
7920 done
7921 </example>
7922 The corresponding code to remove the override when the package
7923 is purged would be:
7924 <example>
7925 for i in /usr/bin/foo /usr/sbin/bar
7926 do
7927 if dpkg-statoverride --list $i >/dev/null 2>&1
7928 then
7929 dpkg-statoverride --remove $i
7930 fi
7931 done
7932 </example>
7933 </p>
7934 </sect1>
7935 </sect>
7936 </chapt>
7937
7938
7939 <chapt id="customized-programs">
7940 <heading>Customized programs</heading>
7941
7942 <sect id="arch-spec">
7943 <heading>Architecture specification strings</heading>
7944
7945 <p>
7946 If a program needs to specify an <em>architecture specification
7947 string</em> in some place, it should select one of the
7948 strings provided by <tt>dpkg-architecture -L</tt>. The
7949 strings are in the format
7950 <tt><var>os</var>-<var>arch</var></tt>, though the OS part
7951 is sometimes elided, as when the OS is Linux.<footnote>
7952 <p>Currently, the strings are:
7953 i386 ia64 alpha amd64 armeb arm hppa m32r m68k mips
7954 mipsel powerpc ppc64 s390 s390x sh3 sh3eb sh4 sh4eb
7955 sparc darwin-i386 darwin-ia64 darwin-alpha darwin-amd64
7956 darwin-armeb darwin-arm darwin-hppa darwin-m32r
7957 darwin-m68k darwin-mips darwin-mipsel darwin-powerpc
7958 darwin-ppc64 darwin-s390 darwin-s390x darwin-sh3
7959 darwin-sh3eb darwin-sh4 darwin-sh4eb darwin-sparc
7960 freebsd-i386 freebsd-ia64 freebsd-alpha freebsd-amd64
7961 freebsd-armeb freebsd-arm freebsd-hppa freebsd-m32r
7962 freebsd-m68k freebsd-mips freebsd-mipsel freebsd-powerpc
7963 freebsd-ppc64 freebsd-s390 freebsd-s390x freebsd-sh3
7964 freebsd-sh3eb freebsd-sh4 freebsd-sh4eb freebsd-sparc
7965 kfreebsd-i386 kfreebsd-ia64 kfreebsd-alpha
7966 kfreebsd-amd64 kfreebsd-armeb kfreebsd-arm kfreebsd-hppa
7967 kfreebsd-m32r kfreebsd-m68k kfreebsd-mips
7968 kfreebsd-mipsel kfreebsd-powerpc kfreebsd-ppc64
7969 kfreebsd-s390 kfreebsd-s390x kfreebsd-sh3 kfreebsd-sh3eb
7970 kfreebsd-sh4 kfreebsd-sh4eb kfreebsd-sparc knetbsd-i386
7971 knetbsd-ia64 knetbsd-alpha knetbsd-amd64 knetbsd-armeb
7972 knetbsd-arm knetbsd-hppa knetbsd-m32r knetbsd-m68k
7973 knetbsd-mips knetbsd-mipsel knetbsd-powerpc
7974 knetbsd-ppc64 knetbsd-s390 knetbsd-s390x knetbsd-sh3
7975 knetbsd-sh3eb knetbsd-sh4 knetbsd-sh4eb knetbsd-sparc
7976 netbsd-i386 netbsd-ia64 netbsd-alpha netbsd-amd64
7977 netbsd-armeb netbsd-arm netbsd-hppa netbsd-m32r
7978 netbsd-m68k netbsd-mips netbsd-mipsel netbsd-powerpc
7979 netbsd-ppc64 netbsd-s390 netbsd-s390x netbsd-sh3
7980 netbsd-sh3eb netbsd-sh4 netbsd-sh4eb netbsd-sparc
7981 openbsd-i386 openbsd-ia64 openbsd-alpha openbsd-amd64
7982 openbsd-armeb openbsd-arm openbsd-hppa openbsd-m32r
7983 openbsd-m68k openbsd-mips openbsd-mipsel openbsd-powerpc
7984 openbsd-ppc64 openbsd-s390 openbsd-s390x openbsd-sh3
7985 openbsd-sh3eb openbsd-sh4 openbsd-sh4eb openbsd-sparc
7986 hurd-i386 hurd-ia64 hurd-alpha hurd-amd64 hurd-armeb
7987 hurd-arm hurd-hppa hurd-m32r hurd-m68k hurd-mips
7988 hurd-mipsel hurd-powerpc hurd-ppc64 hurd-s390 hurd-s390x
7989 hurd-sh3 hurd-sh3eb hurd-sh4 hurd-sh4eb hurd-sparc
7990 </p>
7991 </footnote>
7992 </p>
7993
7994 <p>
7995 Note that we don't want to use
7996 <tt><var>arch</var>-debian-linux</tt> to apply to the rule
7997 <tt><var>architecture</var>-<var>vendor</var>-<var>os</var></tt>
7998 since this would make our programs incompatible with other
7999 Linux distributions. We also don't use something like
8000 <tt><var>arch</var>-unknown-linux</tt>, since the
8001 <tt>unknown</tt> does not look very good.
8002 </p>
8003 </sect>
8004
8005 <sect id="arch-wildcard-spec">
8006 <heading>Architecture Wildcards</heading>
8007
8008 <p>
8009 A package may specify an architecture wildcard. Architecture
8010 wildcards are in the format <tt><var>os</var></tt>-any and
8011 any-<tt><var>cpu</var></tt>. <footnote>
8012 Internally, the package system normalizes the GNU triplets and
8013 the Debian arches into Debian arch triplets (which are kind of
8014 inverted GNU triplets), with the first component of the
8015 triplet representing the libc in use. When matching two
8016 Debian arch triplets, whenever an <var>any</var> is found it
8017 matches with anything on the other side, like in:
8018 <example>
8019 gnu-linux-i386 is matched by gnu-linux-any
8020 gnu-kfreebsd-amd64 is matched by any-any-amd64
8021 </example>
8022 And, for example, <var>any</var> is normalized to
8023 <var>any-any-any</var>.
8024 </footnote>
8025 </p>
8026 </sect>
8027
8028 <sect>
8029 <heading>Daemons</heading>
8030
8031 <p>
8032 The configuration files <file>/etc/services</file>,
8033 <file>/etc/protocols</file>, and <file>/etc/rpc</file> are managed
8034 by the <prgn>netbase</prgn> package and must not be modified
8035 by other packages.
8036 </p>
8037
8038 <p>
8039 If a package requires a new entry in one of these files, the
8040 maintainer should get in contact with the
8041 <prgn>netbase</prgn> maintainer, who will add the entries
8042 and release a new version of the <prgn>netbase</prgn>
8043 package.
8044 </p>
8045
8046 <p>
8047 The configuration file <file>/etc/inetd.conf</file> must not be
8048 modified by the package's scripts except via the
8049 <prgn>update-inetd</prgn> script or the
8050 <file>DebianNet.pm</file> Perl module. See their documentation
8051 for details on how to add entries.
8052 </p>
8053
8054 <p>
8055 If a package wants to install an example entry into
8056 <file>/etc/inetd.conf</file>, the entry must be preceded with
8057 exactly one hash character (<tt>#</tt>). Such lines are
8058 treated as "commented out by user" by the
8059 <prgn>update-inetd</prgn> script and are not changed or
8060 activated during package updates.
8061 </p>
8062 </sect>
8063
8064 <sect>
8065 <heading>Using pseudo-ttys and modifying wtmp, utmp and
8066 lastlog</heading>
8067
8068 <p>
8069 Some programs need to create pseudo-ttys. This should be done
8070 using Unix98 ptys if the C library supports it. The resulting
8071 program must not be installed setuid root, unless that
8072 is required for other functionality.
8073 </p>
8074
8075 <p>
8076 The files <file>/var/run/utmp</file>, <file>/var/log/wtmp</file> and
8077 <file>/var/log/lastlog</file> must be installed writable by
8078 group <tt>utmp</tt>. Programs which need to modify those
8079 files must be installed setgid <tt>utmp</tt>.
8080 </p>
8081 </sect>
8082
8083 <sect>
8084 <heading>Editors and pagers</heading>
8085
8086 <p>
8087 Some programs have the ability to launch an editor or pager
8088 program to edit or display a text document. Since there are
8089 lots of different editors and pagers available in the Debian
8090 distribution, the system administrator and each user should
8091 have the possibility to choose their preferred editor and
8092 pager.
8093 </p>
8094
8095 <p>
8096 In addition, every program should choose a good default
8097 editor/pager if none is selected by the user or system
8098 administrator.
8099 </p>
8100
8101 <p>
8102 Thus, every program that launches an editor or pager must
8103 use the EDITOR or PAGER environment variable to determine
8104 the editor or pager the user wishes to use. If these
8105 variables are not set, the programs <file>/usr/bin/editor</file>
8106 and <file>/usr/bin/pager</file> should be used, respectively.
8107 </p>
8108
8109 <p>
8110 These two files are managed through the <prgn>dpkg</prgn>
8111 "alternatives" mechanism. Thus every package providing an
8112 editor or pager must call the
8113 <prgn>update-alternatives</prgn> script to register these
8114 programs.
8115 </p>
8116
8117 <p>
8118 If it is very hard to adapt a program to make use of the
8119 EDITOR or PAGER variables, that program may be configured to
8120 use <file>/usr/bin/sensible-editor</file> and
8121 <file>/usr/bin/sensible-pager</file> as the editor or pager
8122 program respectively. These are two scripts provided in the
8123 <package>sensible-utils</package> package that check the EDITOR
8124 and PAGER variables and launch the appropriate program, and fall
8125 back to <file>/usr/bin/editor</file>
8126 and <file>/usr/bin/pager</file> if the variable is not set.
8127 </p>
8128
8129 <p>
8130 A program may also use the VISUAL environment variable to
8131 determine the user's choice of editor. If it exists, it
8132 should take precedence over EDITOR. This is in fact what
8133 <file>/usr/bin/sensible-editor</file> does.
8134 </p>
8135
8136 <p>
8137 It is not required for a package to depend on
8138 <tt>editor</tt> and <tt>pager</tt>, nor is it required for a
8139 package to provide such virtual packages.<footnote>
8140 The Debian base system already provides an editor and a
8141 pager program.
8142 </footnote>
8143 </p>
8144 </sect>
8145
8146 <sect id="web-appl">
8147 <heading>Web servers and applications</heading>
8148
8149 <p>
8150 This section describes the locations and URLs that should
8151 be used by all web servers and web applications in the
8152 Debian system.
8153 </p>
8154
8155 <p>
8156 <enumlist>
8157 <item>
8158 Cgi-bin executable files are installed in the
8159 directory
8160 <example compact="compact">
8161 /usr/lib/cgi-bin/<var>cgi-bin-name</var>
8162 </example>
8163 and should be referred to as
8164 <example compact="compact">
8165 http://localhost/cgi-bin/<var>cgi-bin-name</var>
8166 </example>
8167
8168 </item>
8169
8170 <item>
8171 <p>Access to HTML documents</p>
8172
8173 <p>
8174 HTML documents for a package are stored in
8175 <file>/usr/share/doc/<var>package</var></file>
8176 and can be referred to as
8177 <example compact="compact">
8178 http://localhost/doc/<var>package</var>/<var>filename</var>
8179 </example>
8180 </p>
8181
8182 <p>
8183 The web server should restrict access to the document
8184 tree so that only clients on the same host can read
8185 the documents. If the web server does not support such
8186 access controls, then it should not provide access at
8187 all, or ask about providing access during installation.
8188 </p>
8189 </item>
8190
8191 <item>
8192 <p>Access to images</p>
8193 <p>
8194 It is recommended that images for a package be stored
8195 in <tt>/usr/share/images/<var>package</var></tt> and
8196 may be referred to through an alias <tt>/images/</tt>
8197 as
8198 <example>
8199 http://localhost/images/&lt;package&gt;/&lt;filename&gt;
8200 </example>
8201
8202 </p>
8203 </item>
8204
8205 <item>
8206 <p>Web Document Root</p>
8207
8208 <p>
8209 Web Applications should try to avoid storing files in
8210 the Web Document Root. Instead they should use the
8211 /usr/share/doc/<var>package</var> directory for
8212 documents and register the Web Application via the
8213 <package>doc-base</package> package. If access to the
8214 web document root is unavoidable then use
8215 <example compact="compact">
8216 /var/www
8217 </example>
8218 as the Document Root. This might be just a symbolic
8219 link to the location where the system administrator
8220 has put the real document root.
8221 </p>
8222 </item>
8223 <item><p>Providing httpd and/or httpd-cgi</p>
8224 <p>
8225 All web servers should provide the virtual package
8226 <tt>httpd</tt>. If a web server has CGI support it should
8227 provide <tt>httpd-cgi</tt> additionally.
8228 </p>
8229 <p>
8230 All web applications which do not contain CGI scripts should
8231 depend on <tt>httpd</tt>, all those web applications which
8232 <tt>do</tt> contain CGI scripts, should depend on
8233 <tt>httpd-cgi</tt>.
8234 </p>
8235 </item>
8236 </enumlist>
8237 </p>
8238 </sect>
8239
8240 <sect id="mail-transport-agents">
8241 <heading>Mail transport, delivery and user agents</heading>
8242
8243 <p>
8244 Debian packages which process electronic mail, whether mail
8245 user agents (MUAs) or mail transport agents (MTAs), must
8246 ensure that they are compatible with the configuration
8247 decisions below. Failure to do this may result in lost
8248 mail, broken <tt>From:</tt> lines, and other serious brain
8249 damage!
8250 </p>
8251
8252 <p>
8253 The mail spool is <file>/var/mail</file> and the interface to
8254 send a mail message is <file>/usr/sbin/sendmail</file> (as per
8255 the FHS). On older systems, the mail spool may be
8256 physically located in <file>/var/spool/mail</file>, but all
8257 access to the mail spool should be via the
8258 <file>/var/mail</file> symlink. The mail spool is part of the
8259 base system and not part of the MTA package.
8260 </p>
8261
8262 <p>
8263 All Debian MUAs, MTAs, MDAs and other mailbox accessing
8264 programs (such as IMAP daemons) must lock the mailbox in an
8265 NFS-safe way. This means that <tt>fcntl()</tt> locking must
8266 be combined with dot locking. To avoid deadlocks, a program
8267 should use <tt>fcntl()</tt> first and dot locking after
8268 this, or alternatively implement the two locking methods in
8269 a non blocking way<footnote>
8270 If it is not possible to establish both locks, the
8271 system shouldn't wait for the second lock to be
8272 established, but remove the first lock, wait a (random)
8273 time, and start over locking again.
8274 </footnote>. Using the functions <tt>maillock</tt> and
8275 <tt>mailunlock</tt> provided by the
8276 <tt>liblockfile*</tt><footnote>
8277 You will need to depend on <tt>liblockfile1 (&gt;&gt;1.01)</tt>
8278 to use these functions.
8279 </footnote> packages is the recommended way to realize this.
8280 </p>
8281
8282 <p>
8283 Mailboxes are generally either mode 600 and owned by
8284 <var>user</var> or mode 660 and owned by
8285 <tt><var>user</var>:mail</tt><footnote>
8286 There are two traditional permission schemes for mail spools:
8287 mode 600 with all mail delivery done by processes running as
8288 the destination user, or mode 660 and owned by group mail with
8289 mail delivery done by a process running as a system user in
8290 group mail. Historically, Debian required mode 660 mail
8291 spools to enable the latter model, but that model has become
8292 increasingly uncommon and the principle of least privilege
8293 indicates that mail systems that use the first model should
8294 use permissions of 600. If delivery to programs is permitted,
8295 it's easier to keep the mail system secure if the delivery
8296 agent runs as the destination user. Debian Policy therefore
8297 permits either scheme.
8298 </footnote>. The local system administrator may choose a
8299 different permission scheme; packages should not make
8300 assumptions about the permission and ownership of mailboxes
8301 unless required (such as when creating a new mailbox). A MUA
8302 may remove a mailbox (unless it has nonstandard permissions) in
8303 which case the MTA or another MUA must recreate it if needed.
8304 </p>
8305
8306 <p>
8307 The mail spool is 2775 <tt>root:mail</tt>, and MUAs should
8308 be setgid mail to do the locking mentioned above (and
8309 must obviously avoid accessing other users' mailboxes
8310 using this privilege).</p>
8311
8312 <p>
8313 <file>/etc/aliases</file> is the source file for the system mail
8314 aliases (e.g., postmaster, usenet, etc.), it is the one
8315 which the sysadmin and <prgn>postinst</prgn> scripts may
8316 edit. After <file>/etc/aliases</file> is edited the program or
8317 human editing it must call <prgn>newaliases</prgn>. All MTA
8318 packages must come with a <prgn>newaliases</prgn> program,
8319 even if it does nothing, but older MTA packages did not do
8320 this so programs should not fail if <prgn>newaliases</prgn>
8321 cannot be found. Note that because of this, all MTA
8322 packages must have <tt>Provides</tt>, <tt>Conflicts</tt> and
8323 <tt>Replaces: mail-transport-agent</tt> control file
8324 fields.
8325 </p>
8326
8327 <p>
8328 The convention of writing <tt>forward to
8329 <var>address</var></tt> in the mailbox itself is not
8330 supported. Use a <tt>.forward</tt> file instead.</p>
8331
8332 <p>
8333 The <prgn>rmail</prgn> program used by UUCP
8334 for incoming mail should be <file>/usr/sbin/rmail</file>.
8335 Likewise, <prgn>rsmtp</prgn>, for receiving
8336 batch-SMTP-over-UUCP, should be <file>/usr/sbin/rsmtp</file> if it
8337 is supported.</p>
8338
8339 <p>
8340 If your package needs to know what hostname to use on (for
8341 example) outgoing news and mail messages which are generated
8342 locally, you should use the file <file>/etc/mailname</file>. It
8343 will contain the portion after the username and <tt>@</tt>
8344 (at) sign for email addresses of users on the machine
8345 (followed by a newline).
8346 </p>
8347
8348 <p>
8349 Such a package should check for the existence of this file
8350 when it is being configured. If it exists, it should be
8351 used without comment, although an MTA's configuration script
8352 may wish to prompt the user even if it finds that this file
8353 exists. If the file does not exist, the package should
8354 prompt the user for the value (preferably using
8355 <prgn>debconf</prgn>) and store it in <file>/etc/mailname</file>
8356 as well as using it in the package's configuration. The
8357 prompt should make it clear that the name will not just be
8358 used by that package. For example, in this situation the
8359 <tt>inn</tt> package could say something like:
8360 <example compact="compact">
8361 Please enter the "mail name" of your system. This is the
8362 hostname portion of the address to be shown on outgoing
8363 news and mail messages. The default is
8364 <var>syshostname</var>, your system's host name. Mail
8365 name ["<var>syshostname</var>"]:
8366 </example>
8367 where <var>syshostname</var> is the output of <tt>hostname
8368 --fqdn</tt>.
8369 </p>
8370 </sect>
8371
8372 <sect>
8373 <heading>News system configuration</heading>
8374
8375 <p>
8376 All the configuration files related to the NNTP (news)
8377 servers and clients should be located under
8378 <file>/etc/news</file>.</p>
8379
8380 <p>
8381 There are some configuration issues that apply to a number
8382 of news clients and server packages on the machine. These
8383 are:
8384
8385 <taglist>
8386 <tag><file>/etc/news/organization</file></tag>
8387 <item>
8388 A string which should appear as the
8389 organization header for all messages posted
8390 by NNTP clients on the machine
8391 </item>
8392
8393 <tag><file>/etc/news/server</file></tag>
8394 <item>
8395 Contains the FQDN of the upstream NNTP
8396 server, or localhost if the local machine is
8397 an NNTP server.
8398 </item>
8399 </taglist>
8400
8401 Other global files may be added as required for cross-package news
8402 configuration.
8403 </p>
8404 </sect>
8405
8406
8407 <sect>
8408 <heading>Programs for the X Window System</heading>
8409
8410 <sect1>
8411 <heading>Providing X support and package priorities</heading>
8412
8413 <p>
8414 Programs that can be configured with support for the X
8415 Window System must be configured to do so and must declare
8416 any package dependencies necessary to satisfy their
8417 runtime requirements when using the X Window System. If
8418 such a package is of higher priority than the X packages
8419 on which it depends, it is required that either the
8420 X-specific components be split into a separate package, or
8421 that an alternative version of the package, which includes
8422 X support, be provided, or that the package's priority be
8423 lowered.
8424 </p>
8425 </sect1>
8426
8427 <sect1>
8428 <heading>Packages providing an X server</heading>
8429
8430 <p>
8431 Packages that provide an X server that, directly or
8432 indirectly, communicates with real input and display
8433 hardware should declare in their control data that they
8434 provide the virtual package <tt>xserver</tt>.<footnote>
8435 This implements current practice, and provides an
8436 actual policy for usage of the <tt>xserver</tt>
8437 virtual package which appears in the virtual packages
8438 list. In a nutshell, X servers that interface
8439 directly with the display and input hardware or via
8440 another subsystem (e.g., GGI) should provide
8441 <tt>xserver</tt>. Things like <tt>Xvfb</tt>,
8442 <tt>Xnest</tt>, and <tt>Xprt</tt> should not.
8443 </footnote>
8444 </p>
8445 </sect1>
8446
8447 <sect1>
8448 <heading>Packages providing a terminal emulator</heading>
8449
8450 <p>
8451 Packages that provide a terminal emulator for the X Window
8452 System which meet the criteria listed below should declare
8453 in their control data that they provide the virtual
8454 package <tt>x-terminal-emulator</tt>. They should also
8455 register themselves as an alternative for
8456 <file>/usr/bin/x-terminal-emulator</file>, with a priority of
8457 20.
8458 </p>
8459
8460 <p>
8461 To be an <tt>x-terminal-emulator</tt>, a program must:
8462 <list compact="compact">
8463 <item>
8464 Be able to emulate a DEC VT100 terminal, or a
8465 compatible terminal.
8466 </item>
8467
8468 <item>
8469 Support the command-line option <tt>-e
8470 <var>command</var></tt>, which creates a new
8471 terminal window<footnote>
8472 "New terminal window" does not necessarily mean
8473 a new top-level X window directly parented by
8474 the window manager; it could, if the terminal
8475 emulator application were so coded, be a new
8476 "view" in a multiple-document interface (MDI).
8477 </footnote>
8478 and runs the specified <var>command</var>,
8479 interpreting the entirety of the rest of the command
8480 line as a command to pass straight to exec, in the
8481 manner that <tt>xterm</tt> does.
8482 </item>
8483
8484 <item>
8485 Support the command-line option <tt>-T
8486 <var>title</var></tt>, which creates a new terminal
8487 window with the window title <var>title</var>.
8488 </item>
8489 </list>
8490 </p>
8491 </sect1>
8492
8493 <sect1>
8494 <heading>Packages providing a window manager</heading>
8495
8496 <p>
8497 Packages that provide a window manager should declare in
8498 their control data that they provide the virtual package
8499 <tt>x-window-manager</tt>. They should also register
8500 themselves as an alternative for
8501 <file>/usr/bin/x-window-manager</file>, with a priority
8502 calculated as follows:
8503 <list compact="compact">
8504 <item>
8505 Start with a priority of 20.
8506 </item>
8507
8508 <item>
8509 If the window manager supports the Debian menu
8510 system, add 20 points if this support is available
8511 in the package's default configuration (i.e., no
8512 configuration files belonging to the system or user
8513 have to be edited to activate the feature); if
8514 configuration files must be modified, add only 10
8515 points.
8516 </p>
8517 </item>
8518
8519 <item>
8520 If the window manager complies with <url
8521 id="http://www.freedesktop.org/Standards/wm-spec"
8522 name="The Window Manager Specification Project">,
8523 written by the <url id="http://www.freedesktop.org/"
8524 name="Free Desktop Group">, add 40 points.
8525 </item>
8526
8527 <item>
8528 If the window manager permits the X session to be
8529 restarted using a <em>different</em> window manager
8530 (without killing the X server) in its default
8531 configuration, add 10 points; otherwise add none.
8532 </item>
8533 </list>
8534 </p>
8535 </sect1>
8536
8537 <sect1>
8538 <heading>Packages providing fonts</heading>
8539
8540 <p>
8541 Packages that provide fonts for the X Window
8542 System<footnote>
8543 For the purposes of Debian Policy, a "font for the X
8544 Window System" is one which is accessed via X protocol
8545 requests. Fonts for the Linux console, for PostScript
8546 renderer, or any other purpose, do not fit this
8547 definition. Any tool which makes such fonts available
8548 to the X Window System, however, must abide by this
8549 font policy.
8550 </footnote>
8551 must do a number of things to ensure that they are both
8552 available without modification of the X or font server
8553 configuration, and that they do not corrupt files used by
8554 other font packages to register information about
8555 themselves.
8556 <enumlist>
8557 <item>
8558 Fonts of any type supported by the X Window System
8559 must be in a separate binary package from any
8560 executables, libraries, or documentation (except
8561 that specific to the fonts shipped, such as their
8562 license information). If one or more of the fonts
8563 so packaged are necessary for proper operation of
8564 the package with which they are associated the font
8565 package may be Recommended; if the fonts merely
8566 provide an enhancement, a Suggests relationship may
8567 be used. Packages must not Depend on font
8568 packages.<footnote>
8569 This is because the X server may retrieve fonts
8570 from the local file system or over the network
8571 from an X font server; the Debian package system
8572 is empowered to deal only with the local
8573 file system.
8574 </footnote>
8575 </item>
8576
8577 <item>
8578 BDF fonts must be converted to PCF fonts with the
8579 <prgn>bdftopcf</prgn> utility (available in the
8580 <tt>xfonts-utils</tt> package, <prgn>gzip</prgn>ped, and
8581 placed in a directory that corresponds to their
8582 resolution:
8583 <list compact="compact">
8584 <item>
8585 100 dpi fonts must be placed in
8586 <file>/usr/share/fonts/X11/100dpi/</file>.
8587 </item>
8588
8589 <item>
8590 75 dpi fonts must be placed in
8591 <file>/usr/share/fonts/X11/75dpi/</file>.
8592 </item>
8593
8594 <item>
8595 Character-cell fonts, cursor fonts, and other
8596 low-resolution fonts must be placed in
8597 <file>/usr/share/fonts/X11/misc/</file>.
8598 </item>
8599 </list>
8600 </item>
8601
8602 <item>
8603 Type 1 fonts must be placed in
8604 <file>/usr/share/fonts/X11/Type1/</file>. If font
8605 metric files are available, they must be placed here
8606 as well.
8607 </item>
8608
8609 <item>
8610 Subdirectories of <file>/usr/share/fonts/X11/</file>
8611 other than those listed above must be neither
8612 created nor used. (The <file>PEX</file>, <file>CID</file>,
8613 <file>Speedo</file>, and <file>cyrillic</file> directories
8614 are excepted for historical reasons, but installation of
8615 files into these directories remains discouraged.)
8616 </item>
8617
8618 <item>
8619 Font packages may, instead of placing files directly
8620 in the X font directories listed above, provide
8621 symbolic links in that font directory pointing to
8622 the files' actual location in the filesystem. Such
8623 a location must comply with the FHS.
8624 </item>
8625
8626 <item>
8627 Font packages should not contain both 75dpi and
8628 100dpi versions of a font. If both are available,
8629 they should be provided in separate binary packages
8630 with <tt>-75dpi</tt> or <tt>-100dpi</tt> appended to
8631 the names of the packages containing the
8632 corresponding fonts.
8633 </item>
8634
8635 <item>
8636 Fonts destined for the <file>misc</file> subdirectory
8637 should not be included in the same package as 75dpi
8638 or 100dpi fonts; instead, they should be provided in
8639 a separate package with <tt>-misc</tt> appended to
8640 its name.
8641 </item>
8642
8643 <item>
8644 Font packages must not provide the files
8645 <file>fonts.dir</file>, <file>fonts.alias</file>, or
8646 <file>fonts.scale</file> in a font directory:
8647 <list>
8648 <item>
8649 <file>fonts.dir</file> files must not be provided at all.
8650 </item>
8651
8652 <item>
8653 <file>fonts.alias</file> and <file>fonts.scale</file>
8654 files, if needed, should be provided in the
8655 directory
8656 <file>/etc/X11/fonts/<var>fontdir</var>/<var>package</var>.<var>extension</var></file>,
8657 where <var>fontdir</var> is the name of the
8658 subdirectory of
8659 <file>/usr/share/fonts/X11/</file> where the
8660 package's corresponding fonts are stored
8661 (e.g., <tt>75dpi</tt> or <tt>misc</tt>),
8662 <var>package</var> is the name of the package
8663 that provides these fonts, and
8664 <var>extension</var> is either <tt>scale</tt>
8665 or <tt>alias</tt>, whichever corresponds to
8666 the file contents.
8667 </item>
8668 </list>
8669 </item>
8670
8671 <item>
8672 Font packages must declare a dependency on
8673 <tt>xfonts-utils</tt> in their control
8674 data.
8675 </item>
8676
8677 <item>
8678 Font packages that provide one or more
8679 <file>fonts.scale</file> files as described above must
8680 invoke <prgn>update-fonts-scale</prgn> on each
8681 directory into which they installed fonts
8682 <em>before</em> invoking
8683 <prgn>update-fonts-dir</prgn> on that directory.
8684 This invocation must occur in both the
8685 <prgn>postinst</prgn> (for all arguments) and
8686 <prgn>postrm</prgn> (for all arguments except
8687 <tt>upgrade</tt>) scripts.
8688 </item>
8689
8690 <item>
8691 Font packages that provide one or more
8692 <file>fonts.alias</file> files as described above must
8693 invoke <prgn>update-fonts-alias</prgn> on each
8694 directory into which they installed fonts. This
8695 invocation must occur in both the
8696 <prgn>postinst</prgn> (for all arguments) and
8697 <prgn>postrm</prgn> (for all arguments except
8698 <tt>upgrade</tt>) scripts.
8699 </item>
8700
8701 <item>
8702 Font packages must invoke
8703 <prgn>update-fonts-dir</prgn> on each directory into
8704 which they installed fonts. This invocation must
8705 occur in both the <prgn>postinst</prgn> (for all
8706 arguments) and <prgn>postrm</prgn> (for all
8707 arguments except <tt>upgrade</tt>) scripts.
8708 </item>
8709
8710 <item>
8711 Font packages must not provide alias names for the
8712 fonts they include which collide with alias names
8713 already in use by fonts already packaged.
8714 </item>
8715
8716 <item>
8717 Font packages must not provide fonts with the same
8718 XLFD registry name as another font already packaged.
8719 </item>
8720 </enumlist>
8721 </p>
8722 </sect1>
8723
8724 <sect1 id="appdefaults">
8725 <heading>Application defaults files</heading>
8726
8727 <p>
8728 Application defaults files must be installed in the
8729 directory <file>/etc/X11/app-defaults/</file> (use of a
8730 localized subdirectory of <file>/etc/X11/</file> as described
8731 in the <em>X Toolkit Intrinsics - C Language
8732 Interface</em> manual is also permitted). They must be
8733 registered as <tt>conffile</tt>s or handled as
8734 configuration files.
8735 </p>
8736
8737 <p>
8738 Customization of programs' X resources may also be
8739 supported with the provision of a file with the same name
8740 as that of the package placed in
8741 the <file>/etc/X11/Xresources/</file> directory, which
8742 must be registered as a <tt>conffile</tt> or handled as a
8743 configuration file.<footnote>
8744 Note that this mechanism is not the same as using
8745 app-defaults; app-defaults are tied to the client
8746 binary on the local file system, whereas X resources
8747 are stored in the X server and affect all connecting
8748 clients.
8749 </footnote>
8750 </p>
8751 </sect1>
8752
8753 <sect1>
8754 <heading>Installation directory issues</heading>
8755
8756 <p>
8757 Historically, packages using the X Window System used a
8758 separate set of installation directories from other packages.
8759 This practice has been discontinued and packages using the X
8760 Window System should now generally be installed in the same
8761 directories as any other package. Specifically, packages must
8762 not install files under the <file>/usr/X11R6/</file> directory
8763 and the <file>/usr/X11R6/</file> directory hierarchy should be
8764 regarded as obsolete.
8765 </p>
8766
8767 <p>
8768 Include files previously installed under
8769 <file>/usr/X11R6/include/X11/</file> should be installed into
8770 <file>/usr/include/X11/</file>. For files previously
8771 installed into subdirectories of
8772 <file>/usr/X11R6/lib/X11/</file>, package maintainers should
8773 determine if subdirectories of <file>/usr/lib/</file> and
8774 <file>/usr/share/</file> can be used. If not, a subdirectory
8775 of <file>/usr/lib/X11/</file> should be used.
8776 </p>
8777
8778 <p>
8779 Configuration files for window, display, or session managers
8780 or other applications that are tightly integrated with the X
8781 Window System may be placed in a subdirectory
8782 of <file>/etc/X11/</file> corresponding to the package name.
8783 Other X Window System applications should use
8784 the <file>/etc/</file> directory unless otherwise mandated by
8785 policy (such as for <ref id="appdefaults">).
8786 </p>
8787 </sect1>
8788
8789 <sect1>
8790 <heading>The OSF/Motif and OpenMotif libraries</heading>
8791
8792 <p>
8793 <em>Programs that require the non-DFSG-compliant OSF/Motif or
8794 OpenMotif libraries</em><footnote>
8795 OSF/Motif and OpenMotif are collectively referred to as
8796 "Motif" in this policy document.
8797 </footnote>
8798 should be compiled against and tested with LessTif (a free
8799 re-implementation of Motif) instead. If the maintainer
8800 judges that the program or programs do not work
8801 sufficiently well with LessTif to be distributed and
8802 supported, but do so when compiled against Motif, then two
8803 versions of the package should be created; one linked
8804 statically against Motif and with <tt>-smotif</tt>
8805 appended to the package name, and one linked dynamically
8806 against Motif and with <tt>-dmotif</tt> appended to the
8807 package name.
8808 </p>
8809
8810 <p>
8811 Both Motif-linked versions are dependent
8812 upon non-DFSG-compliant software and thus cannot be
8813 uploaded to the <em>main</em> distribution; if the
8814 software is itself DFSG-compliant it may be uploaded to
8815 the <em>contrib</em> distribution. While known existing
8816 versions of Motif permit unlimited redistribution of
8817 binaries linked against the library (whether statically or
8818 dynamically), it is the package maintainer's
8819 responsibility to determine whether this is permitted by
8820 the license of the copy of Motif in their possession.
8821 </p>
8822 </sect1>
8823 </sect>
8824
8825 <sect id="perl">
8826 <heading>Perl programs and modules</heading>
8827
8828 <p>
8829 Perl programs and modules should follow the current Perl policy.
8830 </p>
8831
8832 <p>
8833 The Perl policy can be found in the <tt>perl-policy</tt>
8834 files in the <tt>debian-policy</tt> package.
8835 It is also available from the Debian web mirrors at
8836 <tt><url name="/doc/packaging-manuals/perl-policy/"
8837 id="http://www.debian.org/doc/packaging-manuals/perl-policy/"></tt>.
8838 </p>
8839 </sect>
8840
8841 <sect id="emacs">
8842 <heading>Emacs lisp programs</heading>
8843
8844 <p>
8845 Please refer to the "Debian Emacs Policy" for details of how to
8846 package emacs lisp programs.
8847 </p>
8848
8849 <p>
8850 The Emacs policy is available in
8851 <file>debian-emacs-policy.gz</file> of the
8852 <package>emacsen-common</package> package.
8853 It is also available from the Debian web mirrors at
8854 <tt><url name="/doc/packaging-manuals/debian-emacs-policy"
8855 id="http://www.debian.org/doc/packaging-manuals/debian-emacs-policy"></tt>.
8856 </p>
8857 </sect>
8858
8859 <sect>
8860 <heading>Games</heading>
8861
8862 <p>
8863 The permissions on <file>/var/games</file> are mode 755, owner
8864 <tt>root</tt> and group <tt>root</tt>.
8865 </p>
8866
8867 <p>
8868 Each game decides on its own security policy.</p>
8869
8870 <p>
8871 Games which require protected, privileged access to
8872 high-score files, saved games, etc., may be made
8873 set-<em>group</em>-id (mode 2755) and owned by
8874 <tt>root:games</tt>, and use files and directories with
8875 appropriate permissions (770 <tt>root:games</tt>, for
8876 example). They must not be made
8877 set-<em>user</em>-id, as this causes security problems. (If
8878 an attacker can subvert any set-user-id game they can
8879 overwrite the executable of any other, causing other players
8880 of these games to run a Trojan horse program. With a
8881 set-group-id game the attacker only gets access to less
8882 important game data, and if they can get at the other
8883 players' accounts at all it will take considerably more
8884 effort.)</p>
8885
8886 <p>
8887 Some packages, for example some fortune cookie programs, are
8888 configured by the upstream authors to install with their
8889 data files or other static information made unreadable so
8890 that they can only be accessed through set-id programs
8891 provided. You should not do this in a Debian package: anyone can
8892 download the <file>.deb</file> file and read the data from it,
8893 so there is no point making the files unreadable. Not
8894 making the files unreadable also means that you don't have
8895 to make so many programs set-id, which reduces the risk of a
8896 security hole.</p>
8897
8898 <p>
8899 As described in the FHS, binaries of games should be
8900 installed in the directory <file>/usr/games</file>. This also
8901 applies to games that use the X Window System. Manual pages
8902 for games (X and non-X games) should be installed in
8903 <file>/usr/share/man/man6</file>.</p>
8904 </sect>
8905 </chapt>
8906
8907
8908 <chapt id="docs">
8909 <heading>Documentation</heading>
8910
8911 <sect>
8912 <heading>Manual pages</heading>
8913
8914 <p>
8915 You should install manual pages in <prgn>nroff</prgn> source
8916 form, in appropriate places under <file>/usr/share/man</file>.
8917 You should only use sections 1 to 9 (see the FHS for more
8918 details). You must not install a pre-formatted "cat page".
8919 </p>
8920
8921 <p>
8922 Each program, utility, and function should have an
8923 associated manual page included in the same package. It is
8924 suggested that all configuration files also have a manual
8925 page included as well. Manual pages for protocols and other
8926 auxiliary things are optional.
8927 </p>
8928
8929 <p>
8930 If no manual page is available, this is considered as a bug
8931 and should be reported to the Debian Bug Tracking System (the
8932 maintainer of the package is allowed to write this bug report
8933 themselves, if they so desire). Do not close the bug report
8934 until a proper man page is available.<footnote>
8935 It is not very hard to write a man page. See the
8936 <url id="http://www.schweikhardt.net/man_page_howto.html"
8937 name="Man-Page-HOWTO">,
8938 <manref name="man" section="7">, the examples
8939 created by <prgn>debmake</prgn> or <prgn>dh_make</prgn>,
8940 the helper programs <prgn>help2man</prgn>, or the
8941 directory <file>/usr/share/doc/man-db/examples</file>.
8942 </footnote>
8943 </p>
8944
8945 <p>
8946 You may forward a complaint about a missing man page to the
8947 upstream authors, and mark the bug as forwarded in the
8948 Debian bug tracking system. Even though the GNU Project do
8949 not in general consider the lack of a man page to be a bug,
8950 we do; if they tell you that they don't consider it a bug
8951 you should leave the bug in our bug tracking system open
8952 anyway.
8953 </p>
8954
8955 <p>
8956 Manual pages should be installed compressed using <tt>gzip -9</tt>.
8957 </p>
8958
8959 <p>
8960 If one man page needs to be accessible via several names it
8961 is better to use a symbolic link than the <file>.so</file>
8962 feature, but there is no need to fiddle with the relevant
8963 parts of the upstream source to change from <file>.so</file> to
8964 symlinks: don't do it unless it's easy. You should not
8965 create hard links in the manual page directories, nor put
8966 absolute filenames in <file>.so</file> directives. The filename
8967 in a <file>.so</file> in a man page should be relative to the
8968 base of the man page tree (usually
8969 <file>/usr/share/man</file>). If you do not create any links
8970 (whether symlinks, hard links, or <tt>.so</tt> directives)
8971 in the file system to the alternate names of the man page,
8972 then you should not rely on <prgn>man</prgn> finding your
8973 man page under those names based solely on the information in
8974 the man page's header.<footnote>
8975 Supporting this in <prgn>man</prgn> often requires
8976 unreasonable processing time to find a manual page or to
8977 report that none exists, and moves knowledge into man's
8978 database that would be better left in the file system.
8979 This support is therefore deprecated and will cease to
8980 be present in the future.
8981 </footnote>
8982 </p>
8983
8984 <p>
8985 Manual pages in locale-specific subdirectories of
8986 <file>/usr/share/man</file> should use either UTF-8 or the usual
8987 legacy encoding for that language (normally the one corresponding
8988 to the shortest relevant locale name in
8989 <file>/usr/share/i18n/SUPPORTED</file>). For example, pages under
8990 <file>/usr/share/man/fr</file> should use either UTF-8 or
8991 ISO-8859-1.<footnote>
8992 <prgn>man</prgn> will automatically detect whether UTF-8 is in
8993 use. In future, all manual pages will be required to use
8994 UTF-8.
8995 </footnote>
8996 </p>
8997
8998 <p>
8999 A country name (the <tt>DE</tt> in <tt>de_DE</tt>) should not be
9000 included in the subdirectory name unless it indicates a
9001 significant difference in the language, as this excludes
9002 speakers of the language in other countries.<footnote>
9003 At the time of writing, Chinese and Portuguese are the main
9004 languages with such differences, so <file>pt_BR</file>,
9005 <file>zh_CN</file>, and <file>zh_TW</file> are all allowed.
9006 </footnote>
9007 </p>
9008
9009 <p>
9010 If a localized version of a manual page is provided, it should
9011 either be up-to-date or it should be obvious to the reader that
9012 it is outdated and the original manual page should be used
9013 instead. This can be done either by a note at the beginning of
9014 the manual page or by showing the missing or changed portions in
9015 the original language instead of the target language.
9016 </p>
9017 </sect>
9018
9019 <sect>
9020 <heading>Info documents</heading>
9021
9022 <p>
9023 Info documents should be installed in <file>/usr/share/info</file>.
9024 They should be compressed with <tt>gzip -9</tt>.
9025 </p>
9026
9027 <p>
9028 The <prgn>install-info</prgn> program maintains a directory of
9029 installed info documents in <file>/usr/share/info/dir</file> for
9030 the use of info readers.<footnote>
9031 It was previously necessary for packages installing info
9032 documents to run <prgn>install-info</prgn> from maintainer
9033 scripts. This is no longer necessary. The installation
9034 system now uses dpkg triggers.
9035 </footnote>
9036 This file must not be included in packages. Packages containing
9037 info documents should depend on <tt>dpkg (>= 1.15.4) |
9038 install-info</tt> to ensure that the directory file is properly
9039 rebuilt during partial upgrades from Debian 5.0 (lenny) and
9040 earlier.
9041 </p>
9042
9043 <p>
9044 Info documents should contain section and directory entry
9045 information in the document for the use
9046 of <prgn>install-info</prgn>. The section should be specified
9047 via a line starting with <tt>INFO-DIR-SECTION</tt> followed by a
9048 space and the section of this info page. The directory entry or
9049 entries should be included between
9050 a <tt>START-INFO-DIR-ENTRY</tt> line and
9051 an <tt>END-INFO-DIR-ENTRY</tt> line. For example:
9052 <example>
9053 INFO-DIR-SECTION Individual utilities
9054 START-INFO-DIR-ENTRY
9055 * example: (example). An example info directory entry.
9056 END-INFO-DIR-ENTRY
9057 </example>
9058 To determine which section to use, you should look
9059 at <file>/usr/share/info/dir</file> on your system and choose
9060 the most relevant (or create a new section if none of the
9061 current sections are relevant).<footnote>
9062 Normally, info documents are generated from Texinfo source.
9063 To include this information in the generated info document, if
9064 it is absent, add commands like:
9065 <example>
9066 @dircategory Individual utilities
9067 @direntry
9068 * example: (example). An example info directory entry.
9069 @end direntry
9070 </example>
9071 to the Texinfo source of the document and ensure that the info
9072 documents are rebuilt from source during the package build.
9073 </footnote>
9074 </p>
9075 </sect>
9076
9077 <sect>
9078 <heading>Additional documentation</heading>
9079
9080 <p>
9081 Any additional documentation that comes with the package may
9082 be installed at the discretion of the package maintainer.
9083 Plain text documentation should be installed in the directory
9084 <file>/usr/share/doc/<var>package</var></file>, where
9085 <var>package</var> is the name of the package, and
9086 compressed with <tt>gzip -9</tt> unless it is small.
9087 </p>
9088
9089 <p>
9090 If a package comes with large amounts of documentation which
9091 many users of the package will not require you should create
9092 a separate binary package to contain it, so that it does not
9093 take up disk space on the machines of users who do not need
9094 or want it installed.</p>
9095
9096 <p>
9097 It is often a good idea to put text information files
9098 (<file>README</file>s, changelogs, and so forth) that come with
9099 the source package in <file>/usr/share/doc/<var>package</var></file>
9100 in the binary package. However, you don't need to install
9101 the instructions for building and installing the package, of
9102 course!</p>
9103
9104 <p>
9105 Packages must not require the existence of any files in
9106 <file>/usr/share/doc/</file> in order to function
9107 <footnote>
9108 The system administrator should be able to
9109 delete files in <file>/usr/share/doc/</file> without causing
9110 any programs to break.
9111 </footnote>.
9112 Any files that are referenced by programs but are also
9113 useful as stand alone documentation should be installed under
9114 <file>/usr/share/<var>package</var>/</file> with symbolic links from
9115 <file>/usr/share/doc/<var>package</var></file>.
9116 </p>
9117
9118 <p>
9119 <file>/usr/share/doc/<var>package</var></file> may be a symbolic
9120 link to another directory in <file>/usr/share/doc</file> only if
9121 the two packages both come from the same source and the
9122 first package Depends on the second.<footnote>
9123 <p>
9124 Please note that this does not override the section on
9125 changelog files below, so the file
9126 <file>/usr/share/doc/<var>package</var>/changelog.Debian.gz</file>
9127 must refer to the changelog for the current version of
9128 <var>package</var> in question. In practice, this means
9129 that the sources of the target and the destination of the
9130 symlink must be the same (same source package and
9131 version).
9132 </p>
9133 </footnote>
9134 </p>
9135
9136 <p>
9137 Former Debian releases placed all additional documentation
9138 in <file>/usr/doc/<var>package</var></file>. This has been
9139 changed to <file>/usr/share/doc/<var>package</var></file>,
9140 and packages must not put documentation in the directory
9141 <file>/usr/doc/<var>package</var></file>. <footnote>
9142 At this phase of the transition, we no longer require a
9143 symbolic link in <file>/usr/doc/</file>. At a later point,
9144 policy shall change to make the symbolic links a bug.
9145 </footnote>
9146 </p>
9147 </sect>
9148
9149 <sect>
9150 <heading>Preferred documentation formats</heading>
9151
9152 <p>
9153 The unification of Debian documentation is being carried out
9154 via HTML.</p>
9155
9156 <p>
9157 If your package comes with extensive documentation in a
9158 markup format that can be converted to various other formats
9159 you should if possible ship HTML versions in a binary
9160 package, in the directory
9161 <file>/usr/share/doc/<var>appropriate-package</var></file> or
9162 its subdirectories.<footnote>
9163 The rationale: The important thing here is that HTML
9164 docs should be available in <em>some</em> package, not
9165 necessarily in the main binary package.
9166 </footnote>
9167 </p>
9168
9169 <p>
9170 Other formats such as PostScript may be provided at the
9171 package maintainer's discretion.
9172 </p>
9173 </sect>
9174
9175 <sect id="copyrightfile">
9176 <heading>Copyright information</heading>
9177
9178 <p>
9179 Every package must be accompanied by a verbatim copy of its
9180 copyright information and distribution license in the file
9181 <file>/usr/share/doc/<var>package</var>/copyright</file>. This
9182 file must neither be compressed nor be a symbolic link.
9183 </p>
9184
9185 <p>
9186 In addition, the copyright file must say where the upstream
9187 sources (if any) were obtained. It should name the original
9188 authors of the package and the Debian maintainer(s) who were
9189 involved with its creation.
9190 </p>
9191
9192 <p>
9193 Packages in the <em>contrib</em> or <em>non-free</em> archive
9194 areas should state in the copyright file that the package is not
9195 part of the Debian GNU/Linux distribution and briefly explain
9196 why.
9197 </p>
9198
9199 <p>
9200 A copy of the file which will be installed in
9201 <file>/usr/share/doc/<var>package</var>/copyright</file> should
9202 be in <file>debian/copyright</file> in the source package.
9203 </p>
9204
9205 <p>
9206 <file>/usr/share/doc/<var>package</var></file> may be a symbolic
9207 link to another directory in <file>/usr/share/doc</file> only if
9208 the two packages both come from the same source and the
9209 first package Depends on the second. These rules are
9210 important because copyrights must be extractable by
9211 mechanical means.
9212 </p>
9213
9214 <p>
9215 Packages distributed under the UCB BSD license, the Apache
9216 license (version 2.0), the Artistic license, the GNU GPL
9217 (version 2 or 3), the GNU LGPL (versions 2, 2.1, or 3), and the
9218 GNU FDL (versions 1.2 or 1.3) should refer to the corresponding
9219 files under <file>/usr/share/common-licenses</file>,<footnote>
9220 <p>
9221 In particular,
9222 <file>/usr/share/common-licenses/BSD</file>,
9223 <file>/usr/share/common-licenses/Apache-2.0</file>,
9224 <file>/usr/share/common-licenses/Artistic</file>,
9225 <file>/usr/share/common-licenses/GPL-2</file>,
9226 <file>/usr/share/common-licenses/GPL-3</file>,
9227 <file>/usr/share/common-licenses/LGPL-2</file>,
9228 <file>/usr/share/common-licenses/LGPL-2.1</file>,
9229 <file>/usr/share/common-licenses/LGPL-3</file>,
9230 <file>/usr/share/common-licenses/GFDL-1.2</file>, and
9231 <file>/usr/share/common-licenses/GFDL-1.3</file>
9232 respectively.
9233 </p>
9234 </footnote> rather than quoting them in the copyright
9235 file.
9236 </p>
9237
9238 <p>
9239 You should not use the copyright file as a general <file>README</file>
9240 file. If your package has such a file it should be
9241 installed in <file>/usr/share/doc/<var>package</var>/README</file> or
9242 <file>README.Debian</file> or some other appropriate place.</p>
9243 </sect>
9244
9245 <sect>
9246 <heading>Examples</heading>
9247
9248 <p>
9249 Any examples (configurations, source files, whatever),
9250 should be installed in a directory
9251 <file>/usr/share/doc/<var>package</var>/examples</file>. These
9252 files should not be referenced by any program: they're there
9253 for the benefit of the system administrator and users as
9254 documentation only. Architecture-specific example files
9255 should be installed in a directory
9256 <file>/usr/lib/<var>package</var>/examples</file> with symbolic
9257 links to them from
9258 <file>/usr/share/doc/<var>package</var>/examples</file>, or the
9259 latter directory itself may be a symbolic link to the
9260 former.
9261 </p>
9262
9263 <p>
9264 If the purpose of a package is to provide examples, then the
9265 example files may be installed into
9266 <file>/usr/share/doc/<var>package</var></file>.
9267 </p>
9268 </sect>
9269
9270 <sect id="changelogs">
9271 <heading>Changelog files</heading>
9272
9273 <p>
9274 Packages that are not Debian-native must contain a
9275 compressed copy of the <file>debian/changelog</file> file from
9276 the Debian source tree in
9277 <file>/usr/share/doc/<var>package</var></file> with the name
9278 <file>changelog.Debian.gz</file>.
9279 </p>
9280
9281 <p>
9282 If an upstream changelog is available, it should be accessible as
9283 <file>/usr/share/doc/<var>package</var>/changelog.gz</file> in
9284 plain text. If the upstream changelog is distributed in
9285 HTML, it should be made available in that form as
9286 <file>/usr/share/doc/<var>package</var>/changelog.html.gz</file>
9287 and a plain text <file>changelog.gz</file> should be generated
9288 from it using, for example, <tt>lynx -dump -nolist</tt>. If
9289 the upstream changelog files do not already conform to this
9290 naming convention, then this may be achieved either by
9291 renaming the files, or by adding a symbolic link, at the
9292 maintainer's discretion.<footnote>
9293 Rationale: People should not have to look in places for
9294 upstream changelogs merely because they are given
9295 different names or are distributed in HTML format.
9296 </footnote>
9297 </p>
9298
9299 <p>
9300 All of these files should be installed compressed using
9301 <tt>gzip -9</tt>, as they will become large with time even
9302 if they start out small.
9303 </p>
9304
9305 <p>
9306 If the package has only one changelog which is used both as
9307 the Debian changelog and the upstream one because there is
9308 no separate upstream maintainer then that changelog should
9309 usually be installed as
9310 <file>/usr/share/doc/<var>package</var>/changelog.gz</file>; if
9311 there is a separate upstream maintainer, but no upstream
9312 changelog, then the Debian changelog should still be called
9313 <file>changelog.Debian.gz</file>.
9314 </p>
9315
9316 <p>
9317 For details about the format and contents of the Debian
9318 changelog file, please see <ref id="dpkgchangelog">.
9319 </p>
9320 </sect>
9321 </chapt>
9322
9323 <appendix id="pkg-scope">
9324 <heading>Introduction and scope of these appendices</heading>
9325
9326 <p>
9327 These appendices are taken essentially verbatim from the
9328 now-deprecated Packaging Manual, version 3.2.1.0. They are
9329 the chapters which are likely to be of use to package
9330 maintainers and which have not already been included in the
9331 policy document itself. Most of these sections are very likely
9332 not relevant to policy; they should be treated as
9333 documentation for the packaging system. Please note that these
9334 appendices are included for convenience, and for historical
9335 reasons: they used to be part of policy package, and they have
9336 not yet been incorporated into dpkg documentation. However,
9337 they still have value, and hence they are presented here.
9338 </p>
9339
9340 <p>
9341 They have not yet been checked to ensure that they are
9342 compatible with the contents of policy, and if there are any
9343 contradictions, the version in the main policy document takes
9344 precedence. The remaining chapters of the old Packaging
9345 Manual have also not been read in detail to ensure that there
9346 are not parts which have been left out. Both of these will be
9347 done in due course.
9348 </p>
9349
9350 <p>
9351 Certain parts of the Packaging manual were integrated into the
9352 Policy Manual proper, and removed from the appendices. Links
9353 have been placed from the old locations to the new ones.
9354 </p>
9355
9356 <p>
9357 <prgn>dpkg</prgn> is a suite of programs for creating binary
9358 package files and installing and removing them on Unix
9359 systems.<footnote>
9360 <prgn>dpkg</prgn> is targeted primarily at Debian
9361 GNU/Linux, but may work on or be ported to other
9362 systems.
9363 </footnote>
9364 </p>
9365
9366 <p>
9367 The binary packages are designed for the management of
9368 installed executable programs (usually compiled binaries) and
9369 their associated data, though source code examples and
9370 documentation are provided as part of some packages.</p>
9371
9372 <p>
9373 This manual describes the technical aspects of creating Debian
9374 binary packages (<file>.deb</file> files). It documents the
9375 behavior of the package management programs
9376 <prgn>dpkg</prgn>, <prgn>dselect</prgn> et al. and the way
9377 they interact with packages.</p>
9378
9379 <p>
9380 It also documents the interaction between
9381 <prgn>dselect</prgn>'s core and the access method scripts it
9382 uses to actually install the selected packages, and describes
9383 how to create a new access method.</p>
9384
9385 <p>
9386 This manual does not go into detail about the options and
9387 usage of the package building and installation tools. It
9388 should therefore be read in conjunction with those programs'
9389 man pages.
9390 </p>
9391
9392 <p>
9393 The utility programs which are provided with <prgn>dpkg</prgn>
9394 for managing various system configuration and similar issues,
9395 such as <prgn>update-rc.d</prgn> and
9396 <prgn>install-info</prgn>, are not described in detail here -
9397 please see their man pages.
9398 </p>
9399
9400 <p>
9401 It is assumed that the reader is reasonably familiar with the
9402 <prgn>dpkg</prgn> System Administrators' manual.
9403 Unfortunately this manual does not yet exist.
9404 </p>
9405
9406 <p>
9407 The Debian version of the FSF's GNU hello program is provided
9408 as an example for people wishing to create Debian
9409 packages. The Debian <prgn>debmake</prgn> package is
9410 recommended as a very helpful tool in creating and maintaining
9411 Debian packages. However, while the tools and examples are
9412 helpful, they do not replace the need to read and follow the
9413 Policy and Programmer's Manual.</p>
9414 </appendix>
9415
9416 <appendix id="pkg-binarypkg">
9417 <heading>Binary packages (from old Packaging Manual)</heading>
9418
9419 <p>
9420 The binary package has two main sections. The first part
9421 consists of various control information files and scripts used
9422 by <prgn>dpkg</prgn> when installing and removing. See <ref
9423 id="pkg-controlarea">.
9424 </p>
9425
9426 <p>
9427 The second part is an archive containing the files and
9428 directories to be installed.
9429 </p>
9430
9431 <p>
9432 In the future binary packages may also contain other
9433 components, such as checksums and digital signatures. The
9434 format for the archive is described in full in the
9435 <file>deb(5)</file> man page.
9436 </p>
9437
9438
9439 <sect id="pkg-bincreating"><heading>Creating package files -
9440 <prgn>dpkg-deb</prgn>
9441 </heading>
9442
9443 <p>
9444 All manipulation of binary package files is done by
9445 <prgn>dpkg-deb</prgn>; it's the only program that has
9446 knowledge of the format. (<prgn>dpkg-deb</prgn> may be
9447 invoked by calling <prgn>dpkg</prgn>, as <prgn>dpkg</prgn>
9448 will spot that the options requested are appropriate to
9449 <prgn>dpkg-deb</prgn> and invoke that instead with the same
9450 arguments.)
9451 </p>
9452
9453 <p>
9454 In order to create a binary package you must make a
9455 directory tree which contains all the files and directories
9456 you want to have in the file system data part of the package.
9457 In Debian-format source packages this directory is usually
9458 <file>debian/tmp</file>, relative to the top of the package's
9459 source tree.
9460 </p>
9461
9462 <p>
9463 They should have the locations (relative to the root of the
9464 directory tree you're constructing) ownerships and
9465 permissions which you want them to have on the system when
9466 they are installed.
9467 </p>
9468
9469 <p>
9470 With current versions of <prgn>dpkg</prgn> the uid/username
9471 and gid/groupname mappings for the users and groups being
9472 used should be the same on the system where the package is
9473 built and the one where it is installed.
9474 </p>
9475
9476 <p>
9477 You need to add one special directory to the root of the
9478 miniature file system tree you're creating:
9479 <prgn>DEBIAN</prgn>. It should contain the control
9480 information files, notably the binary package control file
9481 (see <ref id="pkg-controlfile">).
9482 </p>
9483
9484 <p>
9485 The <prgn>DEBIAN</prgn> directory will not appear in the
9486 file system archive of the package, and so won't be installed
9487 by <prgn>dpkg</prgn> when the package is installed.
9488 </p>
9489
9490 <p>
9491 When you've prepared the package, you should invoke:
9492 <example>
9493 dpkg --build <var>directory</var>
9494 </example>
9495 </p>
9496
9497 <p>
9498 This will build the package in
9499 <file><var>directory</var>.deb</file>. (<prgn>dpkg</prgn> knows
9500 that <tt>--build</tt> is a <prgn>dpkg-deb</prgn> option, so
9501 it invokes <prgn>dpkg-deb</prgn> with the same arguments to
9502 build the package.)
9503 </p>
9504
9505 <p>
9506 See the man page <manref name="dpkg-deb" section="8"> for details of how
9507 to examine the contents of this newly-created file. You may find the
9508 output of following commands enlightening:
9509 <example>
9510 dpkg-deb --info <var>filename</var>.deb
9511 dpkg-deb --contents <var>filename</var>.deb
9512 dpkg --contents <var>filename</var>.deb
9513 </example>
9514 To view the copyright file for a package you could use this command:
9515 <example>
9516 dpkg --fsys-tarfile <var>filename</var>.deb | tar xOf - --wildcards \*/copyright | pager
9517 </example>
9518 </p>
9519 </sect>
9520
9521 <sect id="pkg-controlarea">
9522 <heading>Package control information files</heading>
9523
9524 <p>
9525 The control information portion of a binary package is a
9526 collection of files with names known to <prgn>dpkg</prgn>.
9527 It will treat the contents of these files specially - some
9528 of them contain information used by <prgn>dpkg</prgn> when
9529 installing or removing the package; others are scripts which
9530 the package maintainer wants <prgn>dpkg</prgn> to run.
9531 </p>
9532
9533 <p>
9534 It is possible to put other files in the package control
9535 area, but this is not generally a good idea (though they
9536 will largely be ignored).
9537 </p>
9538
9539 <p>
9540 Here is a brief list of the control info files supported by
9541 <prgn>dpkg</prgn> and a summary of what they're used for.
9542 </p>
9543
9544 <p>
9545 <taglist>
9546 <tag><tt>control</tt>
9547 <item>
9548 <p>
9549 This is the key description file used by
9550 <prgn>dpkg</prgn>. It specifies the package's name
9551 and version, gives its description for the user,
9552 states its relationships with other packages, and so
9553 forth. See <ref id="sourcecontrolfiles"> and
9554 <ref id="binarycontrolfiles">.
9555 </p>
9556
9557 <p>
9558 It is usually generated automatically from information
9559 in the source package by the
9560 <prgn>dpkg-gencontrol</prgn> program, and with
9561 assistance from <prgn>dpkg-shlibdeps</prgn>.
9562 See <ref id="pkg-sourcetools">.
9563 </p>
9564 </item>
9565
9566 <tag><tt>postinst</tt>, <tt>preinst</tt>, <tt>postrm</tt>,
9567 <tt>prerm</tt>
9568 </tag>
9569 <item>
9570 <p>
9571 These are executable files (usually scripts) which
9572 <prgn>dpkg</prgn> runs during installation, upgrade
9573 and removal of packages. They allow the package to
9574 deal with matters which are particular to that package
9575 or require more complicated processing than that
9576 provided by <prgn>dpkg</prgn>. Details of when and
9577 how they are called are in <ref id="maintainerscripts">.
9578 </p>
9579
9580 <p>
9581 It is very important to make these scripts idempotent.
9582 See <ref id="idempotency">.
9583 </p>
9584
9585 <p>
9586 The maintainer scripts are guaranteed to run with a
9587 controlling terminal and can interact with the user.
9588 See <ref id="controllingterminal">.
9589 </p>
9590 </item>
9591
9592 <tag><tt>conffiles</tt>
9593 </tag>
9594 <item>
9595 This file contains a list of configuration files which
9596 are to be handled automatically by <prgn>dpkg</prgn>
9597 (see <ref id="pkg-conffiles">). Note that not necessarily
9598 every configuration file should be listed here.
9599 </item>
9600
9601 <tag><tt>shlibs</tt>
9602 </tag>
9603 <item>
9604 This file contains a list of the shared libraries
9605 supplied by the package, with dependency details for
9606 each. This is used by <prgn>dpkg-shlibdeps</prgn>
9607 when it determines what dependencies are required in a
9608 package control file. The <tt>shlibs</tt> file format
9609 is described on <ref id="shlibs">.
9610 </item>
9611 </taglist>
9612 </p>
9613
9614 <sect id="pkg-controlfile">
9615 <heading>The main control information file: <tt>control</tt></heading>
9616
9617 <p>
9618 The most important control information file used by
9619 <prgn>dpkg</prgn> when it installs a package is
9620 <tt>control</tt>. It contains all the package's "vital
9621 statistics".
9622 </p>
9623
9624 <p>
9625 The binary package control files of packages built from
9626 Debian sources are made by a special tool,
9627 <prgn>dpkg-gencontrol</prgn>, which reads
9628 <file>debian/control</file> and <file>debian/changelog</file> to
9629 find the information it needs. See <ref id="pkg-sourcepkg"> for
9630 more details.
9631 </p>
9632
9633 <p>
9634 The fields in binary package control files are listed in
9635 <ref id="binarycontrolfiles">.
9636 </p>
9637
9638 <p>
9639 A description of the syntax of control files and the purpose
9640 of the fields is available in <ref id="controlfields">.
9641 </p>
9642 </sect>
9643
9644 <sect>
9645 <heading>Time Stamps</heading>
9646
9647 <p>
9648 See <ref id="timestamps">.
9649 </p>
9650 </sect>
9651 </appendix>
9652
9653 <appendix id="pkg-sourcepkg">
9654 <heading>Source packages (from old Packaging Manual) </heading>
9655
9656 <p>
9657 The Debian binary packages in the distribution are generated
9658 from Debian sources, which are in a special format to assist
9659 the easy and automatic building of binaries.
9660 </p>
9661
9662 <sect id="pkg-sourcetools">
9663 <heading>Tools for processing source packages</heading>
9664
9665 <p>
9666 Various tools are provided for manipulating source packages;
9667 they pack and unpack sources and help build of binary
9668 packages and help manage the distribution of new versions.
9669 </p>
9670
9671 <p>
9672 They are introduced and typical uses described here; see
9673 <manref name="dpkg-source" section="1"> for full
9674 documentation about their arguments and operation.
9675 </p>
9676
9677 <p>
9678 For examples of how to construct a Debian source package,
9679 and how to use those utilities that are used by Debian
9680 source packages, please see the <prgn>hello</prgn> example
9681 package.
9682 </p>
9683
9684 <sect1 id="pkg-dpkg-source">
9685 <heading>
9686 <prgn>dpkg-source</prgn> - packs and unpacks Debian source
9687 packages
9688 </heading>
9689
9690 <p>
9691 This program is frequently used by hand, and is also
9692 called from package-independent automated building scripts
9693 such as <prgn>dpkg-buildpackage</prgn>.
9694 </p>
9695
9696 <p>
9697 To unpack a package it is typically invoked with
9698 <example>
9699 dpkg-source -x <var>.../path/to/filename</var>.dsc
9700 </example>
9701 </p>
9702
9703 <p>
9704 with the <file><var>filename</var>.tar.gz</file> and
9705 <file><var>filename</var>.diff.gz</file> (if applicable) in
9706 the same directory. It unpacks into
9707 <file><var>package</var>-<var>version</var></file>, and if
9708 applicable
9709 <file><var>package</var>-<var>version</var>.orig</file>, in
9710 the current directory.
9711 </p>
9712
9713 <p>
9714 To create a packed source archive it is typically invoked:
9715 <example>
9716 dpkg-source -b <var>package</var>-<var>version</var>
9717 </example>
9718 </p>
9719
9720 <p>
9721 This will create the <file>.dsc</file>, <file>.tar.gz</file> and
9722 <file>.diff.gz</file> (if appropriate) in the current
9723 directory. <prgn>dpkg-source</prgn> does not clean the
9724 source tree first - this must be done separately if it is
9725 required.
9726 </p>
9727
9728 <p>
9729 See also <ref id="pkg-sourcearchives">.</p>
9730 </sect1>
9731
9732
9733 <sect1 id="pkg-dpkg-buildpackage">
9734 <heading>
9735 <prgn>dpkg-buildpackage</prgn> - overall package-building
9736 control script
9737 </heading>
9738
9739 <p>
9740 <prgn>dpkg-buildpackage</prgn> is a script which invokes
9741 <prgn>dpkg-source</prgn>, the <file>debian/rules</file>
9742 targets <tt>clean</tt>, <tt>build</tt> and
9743 <tt>binary</tt>, <prgn>dpkg-genchanges</prgn> and
9744 <prgn>gpg</prgn> (or <prgn>pgp</prgn>) to build a signed
9745 source and binary package upload.
9746 </p>
9747
9748 <p>
9749 It is usually invoked by hand from the top level of the
9750 built or unbuilt source directory. It may be invoked with
9751 no arguments; useful arguments include:
9752 <taglist compact="compact">
9753 <tag><tt>-uc</tt>, <tt>-us</tt></tag>
9754 <item>
9755 <p>
9756 Do not sign the <tt>.changes</tt> file or the
9757 source package <tt>.dsc</tt> file, respectively.</p>
9758 </item>
9759 <tag><tt>-p<var>sign-command</var></tt></tag>
9760 <item>
9761 <p>
9762 Invoke <var>sign-command</var> instead of finding
9763 <tt>gpg</tt> or <tt>pgp</tt> on the <prgn>PATH</prgn>.
9764 <var>sign-command</var> must behave just like
9765 <prgn>gpg</prgn> or <tt>pgp</tt>.</p>
9766 </item>
9767 <tag><tt>-r<var>root-command</var></tt></tag>
9768 <item>
9769 <p>
9770 When root privilege is required, invoke the command
9771 <var>root-command</var>. <var>root-command</var>
9772 should invoke its first argument as a command, from
9773 the <prgn>PATH</prgn> if necessary, and pass its
9774 second and subsequent arguments to the command it
9775 calls. If no <var>root-command</var> is supplied
9776 then <var>dpkg-buildpackage</var> will take no
9777 special action to gain root privilege, so that for
9778 most packages it will have to be invoked as root to
9779 start with.</p>
9780 </item>
9781 <tag><tt>-b</tt>, <tt>-B</tt></tag>
9782 <item>
9783 <p>
9784 Two types of binary-only build and upload - see
9785 <manref name="dpkg-source" section="1">.
9786 </p>
9787 </item>
9788 </taglist>
9789 </p>
9790 </sect1>
9791
9792 <sect1 id="pkg-dpkg-gencontrol">
9793 <heading>
9794 <prgn>dpkg-gencontrol</prgn> - generates binary package
9795 control files
9796 </heading>
9797
9798 <p>
9799 This program is usually called from <file>debian/rules</file>
9800 (see <ref id="pkg-sourcetree">) in the top level of the source
9801 tree.
9802 </p>
9803
9804 <p>
9805 This is usually done just before the files and directories in the
9806 temporary directory tree where the package is being built have their
9807 permissions and ownerships set and the package is constructed using
9808 <prgn>dpkg-deb/</prgn>
9809 <footnote>
9810 This is so that the control file which is produced has
9811 the right permissions
9812 </footnote>.
9813 </p>
9814
9815 <p>
9816 <prgn>dpkg-gencontrol</prgn> must be called after all the
9817 files which are to go into the package have been placed in
9818 the temporary build directory, so that its calculation of
9819 the installed size of a package is correct.
9820 </p>
9821
9822 <p>
9823 It is also necessary for <prgn>dpkg-gencontrol</prgn> to
9824 be run after <prgn>dpkg-shlibdeps</prgn> so that the
9825 variable substitutions created by
9826 <prgn>dpkg-shlibdeps</prgn> in <file>debian/substvars</file>
9827 are available.
9828 </p>
9829
9830 <p>
9831 For a package which generates only one binary package, and
9832 which builds it in <file>debian/tmp</file> relative to the top
9833 of the source package, it is usually sufficient to call
9834 <prgn>dpkg-gencontrol</prgn>.
9835 </p>
9836
9837 <p>
9838 Sources which build several binaries will typically need
9839 something like:
9840 <example>
9841 dpkg-gencontrol -Pdebian/tmp-<var>pkg</var> -p<var>package</var>
9842 </example> The <tt>-P</tt> tells
9843 <prgn>dpkg-gencontrol</prgn> that the package is being
9844 built in a non-default directory, and the <tt>-p</tt>
9845 tells it which package's control file should be generated.
9846 </p>
9847
9848 <p>
9849 <prgn>dpkg-gencontrol</prgn> also adds information to the
9850 list of files in <file>debian/files</file>, for the benefit of
9851 (for example) a future invocation of
9852 <prgn>dpkg-genchanges</prgn>.</p>
9853 </sect1>
9854
9855 <sect1 id="pkg-dpkg-shlibdeps">
9856 <heading>
9857 <prgn>dpkg-shlibdeps</prgn> - calculates shared library
9858 dependencies
9859 </heading>
9860
9861 <p>
9862 This program is usually called from <file>debian/rules</file>
9863 just before <prgn>dpkg-gencontrol</prgn> (see <ref
9864 id="pkg-sourcetree">), in the top level of the source tree.
9865 </p>
9866
9867 <p>
9868 Its arguments are executables and shared libraries
9869 <footnote>
9870 <p>
9871 They may be specified either in the locations in the
9872 source tree where they are created or in the locations
9873 in the temporary build tree where they are installed
9874 prior to binary package creation.
9875 </p>
9876 </footnote> for which shared library dependencies should
9877 be included in the binary package's control file.
9878 </p>
9879
9880 <p>
9881 If some of the found shared libraries should only
9882 warrant a <tt>Recommends</tt> or <tt>Suggests</tt>, or if
9883 some warrant a <tt>Pre-Depends</tt>, this can be achieved
9884 by using the <tt>-d<var>dependency-field</var></tt> option
9885 before those executable(s). (Each <tt>-d</tt> option
9886 takes effect until the next <tt>-d</tt>.)
9887 </p>
9888
9889 <p>
9890 <prgn>dpkg-shlibdeps</prgn> does not directly cause the
9891 output control file to be modified. Instead by default it
9892 adds to the <file>debian/substvars</file> file variable
9893 settings like <tt>shlibs:Depends</tt>. These variable
9894 settings must be referenced in dependency fields in the
9895 appropriate per-binary-package sections of the source
9896 control file.
9897 </p>
9898
9899 <p>
9900 For example, a package that generates an essential part
9901 which requires dependencies, and optional parts that
9902 which only require a recommendation, would separate those
9903 two sets of dependencies into two different fields.<footnote>
9904 At the time of writing, an example for this was the
9905 <package/xmms/ package, with Depends used for the xmms
9906 executable, Recommends for the plug-ins and Suggests for
9907 even more optional features provided by unzip.
9908 </footnote>
9909 It can say in its <file>debian/rules</file>:
9910 <example>
9911 dpkg-shlibdeps -dDepends <var>program anotherprogram ...</var> \
9912 -dRecommends <var>optionalpart anotheroptionalpart</var>
9913 </example>
9914 and then in its main control file <file>debian/control</file>:
9915 <example>
9916 <var>...</var>
9917 Depends: ${shlibs:Depends}
9918 Recommends: ${shlibs:Recommends}
9919 <var>...</var>
9920 </example>
9921 </p>
9922
9923 <p>
9924 Sources which produce several binary packages with
9925 different shared library dependency requirements can use
9926 the <tt>-p<var>varnameprefix</var></tt> option to override
9927 the default <tt>shlibs:</tt> prefix (one invocation of
9928 <prgn>dpkg-shlibdeps</prgn> per setting of this option).
9929 They can thus produce several sets of dependency
9930 variables, each of the form
9931 <tt><var>varnameprefix</var>:<var>dependencyfield</var></tt>,
9932 which can be referred to in the appropriate parts of the
9933 binary package control files.
9934 </p>
9935 </sect1>
9936
9937
9938 <sect1 id="pkg-dpkg-distaddfile">
9939 <heading>
9940 <prgn>dpkg-distaddfile</prgn> - adds a file to
9941 <file>debian/files</file>
9942 </heading>
9943
9944 <p>
9945 Some packages' uploads need to include files other than
9946 the source and binary package files.
9947 </p>
9948
9949 <p>
9950 <prgn>dpkg-distaddfile</prgn> adds a file to the
9951 <file>debian/files</file> file so that it will be included in
9952 the <file>.changes</file> file when
9953 <prgn>dpkg-genchanges</prgn> is run.
9954 </p>
9955
9956 <p>
9957 It is usually invoked from the <tt>binary</tt> target of
9958 <file>debian/rules</file>:
9959 <example>
9960 dpkg-distaddfile <var>filename</var> <var>section</var> <var>priority</var>
9961 </example>
9962 The <var>filename</var> is relative to the directory where
9963 <prgn>dpkg-genchanges</prgn> will expect to find it - this
9964 is usually the directory above the top level of the source
9965 tree. The <file>debian/rules</file> target should put the
9966 file there just before or just after calling
9967 <prgn>dpkg-distaddfile</prgn>.
9968 </p>
9969
9970 <p>
9971 The <var>section</var> and <var>priority</var> are passed
9972 unchanged into the resulting <file>.changes</file> file.
9973 </p>
9974 </sect1>
9975
9976
9977 <sect1 id="pkg-dpkg-genchanges">
9978 <heading>
9979 <prgn>dpkg-genchanges</prgn> - generates a <file>.changes</file>
9980 upload control file
9981 </heading>
9982
9983 <p>
9984 This program is usually called by package-independent
9985 automatic building scripts such as
9986 <prgn>dpkg-buildpackage</prgn>, but it may also be called
9987 by hand.
9988 </p>
9989
9990 <p>
9991 It is usually called in the top level of a built source
9992 tree, and when invoked with no arguments will print out a
9993 straightforward <file>.changes</file> file based on the
9994 information in the source package's changelog and control
9995 file and the binary and source packages which should have
9996 been built.
9997 </p>
9998 </sect1>
9999
10000
10001 <sect1 id="pkg-dpkg-parsechangelog">
10002 <heading>
10003 <prgn>dpkg-parsechangelog</prgn> - produces parsed
10004 representation of a changelog
10005 </heading>
10006
10007 <p>
10008 This program is used internally by
10009 <prgn>dpkg-source</prgn> et al. It may also occasionally
10010 be useful in <file>debian/rules</file> and elsewhere. It
10011 parses a changelog, <file>debian/changelog</file> by default,
10012 and prints a control-file format representation of the
10013 information in it to standard output.
10014 </p>
10015 </sect1>
10016
10017 <sect1 id="pkg-dpkg-architecture">
10018 <heading>
10019 <prgn>dpkg-architecture</prgn> - information about the build and
10020 host system
10021 </heading>
10022
10023 <p>
10024 This program can be used manually, but is also invoked by
10025 <tt>dpkg-buildpackage</tt> or <file>debian/rules</file> to set
10026 environment or make variables which specify the build and host
10027 architecture for the package building process.
10028 </p>
10029 </sect1>
10030 </sect>
10031
10032 <sect id="pkg-sourcetree">
10033 <heading>The Debianised source tree</heading>
10034
10035 <p>
10036 The source archive scheme described later is intended to
10037 allow a Debianised source tree with some associated control
10038 information to be reproduced and transported easily. The
10039 Debianised source tree is a version of the original program
10040 with certain files added for the benefit of the
10041 Debianisation process, and with any other changes required
10042 made to the rest of the source code and installation
10043 scripts.
10044 </p>
10045
10046 <p>
10047 The extra files created for Debian are in the subdirectory
10048 <file>debian</file> of the top level of the Debianised source
10049 tree. They are described below.
10050 </p>
10051
10052 <sect1 id="pkg-debianrules">
10053 <heading><file>debian/rules</file> - the main building script</heading>
10054
10055 <p>
10056 See <ref id="debianrules">.
10057 </p>
10058 </sect1>
10059
10060
10061 <sect1 id="pkg-dpkgchangelog">
10062 <heading><file>debian/changelog</file></heading>
10063
10064 <p>
10065 See <ref id="dpkgchangelog">.
10066 </p>
10067
10068 <sect2><heading>Defining alternative changelog formats
10069 </heading>
10070
10071 <p>
10072 It is possible to use a different format to the standard
10073 one, by providing a parser for the format you wish to
10074 use.
10075 </p>
10076
10077 <p>
10078 In order to have <tt>dpkg-parsechangelog</tt> run your
10079 parser, you must include a line within the last 40 lines
10080 of your file matching the Perl regular expression:
10081 <tt>\schangelog-format:\s+([0-9a-z]+)\W</tt> The part in
10082 parentheses should be the name of the format. For
10083 example, you might say:
10084 <example>
10085 @@@ changelog-format: joebloggs @@@
10086 </example>
10087 Changelog format names are non-empty strings of alphanumerics.
10088 </p>
10089
10090 <p>
10091 If such a line exists then <tt>dpkg-parsechangelog</tt>
10092 will look for the parser as
10093 <file>/usr/lib/dpkg/parsechangelog/<var>format-name</var></file>
10094 or
10095 <file>/usr/local/lib/dpkg/parsechangelog/<var>format-name</var></file>;
10096 it is an error for it not to find it, or for it not to
10097 be an executable program. The default changelog format
10098 is <tt>dpkg</tt>, and a parser for it is provided with
10099 the <tt>dpkg</tt> package.
10100 </p>
10101
10102 <p>
10103 The parser will be invoked with the changelog open on
10104 standard input at the start of the file. It should read
10105 the file (it may seek if it wishes) to determine the
10106 information required and return the parsed information
10107 to standard output in the form of a series of control
10108 fields in the standard format. By default it should
10109 return information about only the most recent version in
10110 the changelog; it should accept a
10111 <tt>-v<var>version</var></tt> option to return changes
10112 information from all versions present <em>strictly
10113 after</em> <var>version</var>, and it should then be an
10114 error for <var>version</var> not to be present in the
10115 changelog.
10116 </p>
10117
10118 <p>
10119 The fields are:
10120 <list compact="compact">
10121 <item><qref id="f-Source"><tt>Source</tt></qref></item>
10122 <item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
10123 <item><qref id="f-Distribution"><tt>Distribution</tt></qref> (mandatory)</item>
10124 <item><qref id="f-Urgency"><tt>Urgency</tt></qref> (mandatory)</item>
10125 <item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
10126 <item><qref id="f-Date"><tt>Date</tt></qref></item>
10127 <item><qref id="f-Changes"><tt>Changes</tt></qref> (mandatory)</item>
10128 </list>
10129 </p>
10130
10131 <p>
10132 If several versions are being returned (due to the use
10133 of <tt>-v</tt>), the urgency value should be of the
10134 highest urgency code listed at the start of any of the
10135 versions requested followed by the concatenated
10136 (space-separated) comments from all the versions
10137 requested; the maintainer, version, distribution and
10138 date should always be from the most recent version.
10139 </p>
10140
10141 <p>
10142 For the format of the <tt>Changes</tt> field see
10143 <ref id="f-Changes">.
10144 </p>
10145
10146 <p>
10147 If the changelog format which is being parsed always or
10148 almost always leaves a blank line between individual
10149 change notes these blank lines should be stripped out,
10150 so as to make the resulting output compact.
10151 </p>
10152
10153 <p>
10154 If the changelog format does not contain date or package
10155 name information this information should be omitted from
10156 the output. The parser should not attempt to synthesize
10157 it or find it from other sources.
10158 </p>
10159
10160 <p>
10161 If the changelog does not have the expected format the
10162 parser should exit with a nonzero exit status, rather
10163 than trying to muddle through and possibly generating
10164 incorrect output.
10165 </p>
10166
10167 <p>
10168 A changelog parser may not interact with the user at
10169 all.
10170 </p>
10171 </sect2>
10172 </sect1>
10173
10174 <sect1 id="pkg-srcsubstvars">
10175 <heading><file>debian/substvars</file> and variable substitutions</heading>
10176
10177 <p>
10178 See <ref id="substvars">.
10179 </p>
10180
10181 </sect1>
10182
10183 <sect1>
10184 <heading><file>debian/files</file></heading>
10185
10186 <p>
10187 See <ref id="debianfiles">.
10188 </p>
10189 </sect1>
10190
10191 <sect1><heading><file>debian/tmp</file>
10192 </heading>
10193
10194 <p>
10195 This is the canonical temporary location for the
10196 construction of binary packages by the <tt>binary</tt>
10197 target. The directory <file>tmp</file> serves as the root of
10198 the file system tree as it is being constructed (for
10199 example, by using the package's upstream makefiles install
10200 targets and redirecting the output there), and it also
10201 contains the <tt>DEBIAN</tt> subdirectory. See <ref
10202 id="pkg-bincreating">.
10203 </p>
10204
10205 <p>
10206 If several binary packages are generated from the same
10207 source tree it is usual to use several
10208 <file>debian/tmp<var>something</var></file> directories, for
10209 example <file>tmp-a</file> or <file>tmp-doc</file>.
10210 </p>
10211
10212 <p>
10213 Whatever <file>tmp</file> directories are created and used by
10214 <tt>binary</tt> must of course be removed by the
10215 <tt>clean</tt> target.</p></sect1>
10216 </sect>
10217
10218
10219 <sect id="pkg-sourcearchives"><heading>Source packages as archives
10220 </heading>
10221
10222 <p>
10223 As it exists on the FTP site, a Debian source package
10224 consists of three related files. You must have the right
10225 versions of all three to be able to use them.
10226 </p>
10227
10228 <p>
10229 <taglist>
10230 <tag>Debian source control file - <tt>.dsc</tt></tag>
10231 <item>
10232 This file is a control file used by <prgn>dpkg-source</prgn>
10233 to extract a source package.
10234 See <ref id="debiansourcecontrolfiles">.
10235 </item>
10236
10237 <tag>
10238 Original source archive -
10239 <file>
10240 <var>package</var>_<var>upstream-version</var>.orig.tar.gz
10241 </file>
10242 </tag>
10243
10244 <item>
10245 <p>
10246 This is a compressed (with <tt>gzip -9</tt>)
10247 <prgn>tar</prgn> file containing the source code from
10248 the upstream authors of the program.
10249 </p>
10250 </item>
10251
10252 <tag>
10253 Debianisation diff -
10254 <file>
10255 <var>package</var>_<var>upstream_version-revision</var>.diff.gz
10256 </file>
10257 </tag>
10258 <item>
10259
10260 <p>
10261 This is a unified context diff (<tt>diff -u</tt>)
10262 giving the changes which are required to turn the
10263 original source into the Debian source. These changes
10264 may only include editing and creating plain files.
10265 The permissions of files, the targets of symbolic
10266 links and the characteristics of special files or
10267 pipes may not be changed and no files may be removed
10268 or renamed.
10269 </p>
10270
10271 <p>
10272 All the directories in the diff must exist, except the
10273 <file>debian</file> subdirectory of the top of the source
10274 tree, which will be created by
10275 <prgn>dpkg-source</prgn> if necessary when unpacking.
10276 </p>
10277
10278 <p>
10279 The <prgn>dpkg-source</prgn> program will
10280 automatically make the <file>debian/rules</file> file
10281 executable (see below).</p></item>
10282 </taglist>
10283 </p>
10284
10285 <p>
10286 If there is no original source code - for example, if the
10287 package is specially prepared for Debian or the Debian
10288 maintainer is the same as the upstream maintainer - the
10289 format is slightly different: then there is no diff, and the
10290 tarfile is named
10291 <file><var>package</var>_<var>version</var>.tar.gz</file>,
10292 and preferably contains a directory named
10293 <file><var>package</var>-<var>version</var></file>.
10294 </p>
10295 </sect>
10296
10297 <sect>
10298 <heading>Unpacking a Debian source package without <prgn>dpkg-source</prgn></heading>
10299
10300 <p>
10301 <tt>dpkg-source -x</tt> is the recommended way to unpack a
10302 Debian source package. However, if it is not available it
10303 is possible to unpack a Debian source archive as follows:
10304 <enumlist compact="compact">
10305 <item>
10306 <p>
10307 Untar the tarfile, which will create a <file>.orig</file>
10308 directory.</p>
10309 </item>
10310 <item>
10311 <p>Rename the <file>.orig</file> directory to
10312 <file><var>package</var>-<var>version</var></file>.</p>
10313 </item>
10314 <item>
10315 <p>
10316 Create the subdirectory <file>debian</file> at the top of
10317 the source tree.</p>
10318 </item>
10319 <item><p>Apply the diff using <tt>patch -p0</tt>.</p>
10320 </item>
10321 <item><p>Untar the tarfile again if you want a copy of the original
10322 source code alongside the Debianised version.</p>
10323 </item>
10324 </enumlist>
10325
10326 <p>
10327 It is not possible to generate a valid Debian source archive
10328 without using <prgn>dpkg-source</prgn>. In particular,
10329 attempting to use <prgn>diff</prgn> directly to generate the
10330 <file>.diff.gz</file> file will not work.
10331 </p>
10332
10333 <sect1>
10334 <heading>Restrictions on objects in source packages</heading>
10335
10336 <p>
10337 The source package may not contain any hard links
10338 <footnote>
10339 This is not currently detected when building source
10340 packages, but only when extracting
10341 them.
10342 </footnote>
10343 <footnote>
10344 Hard links may be permitted at some point in the
10345 future, but would require a fair amount of
10346 work.
10347 </footnote>, device special files, sockets or setuid or
10348 setgid files.
10349 <footnote>
10350 Setgid directories are allowed.
10351 </footnote>
10352 </p>
10353
10354 <p>
10355 The source packaging tools manage the changes between the
10356 original and Debianised source using <prgn>diff</prgn> and
10357 <prgn>patch</prgn>. Turning the original source tree as
10358 included in the <file>.orig.tar.gz</file> into the debianised
10359 source must not involve any changes which cannot be
10360 handled by these tools. Problematic changes which cause
10361 <prgn>dpkg-source</prgn> to halt with an error when
10362 building the source package are:
10363 <list compact="compact">
10364 <item><p>Adding or removing symbolic links, sockets or pipes.</p>
10365 </item>
10366 <item><p>Changing the targets of symbolic links.</p>
10367 </item>
10368 <item><p>Creating directories, other than <file>debian</file>.</p>
10369 </item>
10370 <item><p>Changes to the contents of binary files.</p></item>
10371 </list> Changes which cause <prgn>dpkg-source</prgn> to
10372 print a warning but continue anyway are:
10373 <list compact="compact">
10374 <item>
10375 <p>
10376 Removing files, directories or symlinks.
10377 <footnote>
10378 Renaming a file is not treated specially - it is
10379 seen as the removal of the old file (which
10380 generates a warning, but is otherwise ignored),
10381 and the creation of the new one.
10382 </footnote>
10383 </p>
10384 </item>
10385 <item>
10386 <p>
10387 Changed text files which are missing the usual final
10388 newline (either in the original or the modified
10389 source tree).
10390 </p>
10391 </item>
10392 </list>
10393 Changes which are not represented, but which are not detected by
10394 <prgn>dpkg-source</prgn>, are:
10395 <list compact="compact">
10396 <item><p>Changing the permissions of files (other than
10397 <file>debian/rules</file>) and directories.</p></item>
10398 </list>
10399 </p>
10400
10401 <p>
10402 The <file>debian</file> directory and <file>debian/rules</file>
10403 are handled specially by <prgn>dpkg-source</prgn> - before
10404 applying the changes it will create the <file>debian</file>
10405 directory, and afterwards it will make
10406 <file>debian/rules</file> world-executable.
10407 </p>
10408 </sect1>
10409 </sect>
10410 </appendix>
10411
10412 <appendix id="pkg-controlfields">
10413 <heading>Control files and their fields (from old Packaging Manual)</heading>
10414
10415 <p>
10416 Many of the tools in the <prgn>dpkg</prgn> suite manipulate
10417 data in a common format, known as control files. Binary and
10418 source packages have control data as do the <file>.changes</file>
10419 files which control the installation of uploaded files, and
10420 <prgn>dpkg</prgn>'s internal databases are in a similar
10421 format.
10422 </p>
10423
10424 <sect>
10425 <heading>Syntax of control files</heading>
10426
10427 <p>
10428 See <ref id="controlsyntax">.
10429 </p>
10430
10431 <p>
10432 It is important to note that there are several fields which
10433 are optional as far as <prgn>dpkg</prgn> and the related
10434 tools are concerned, but which must appear in every Debian
10435 package, or whose omission may cause problems.
10436 </p>
10437 </sect>
10438
10439 <sect>
10440 <heading>List of fields</heading>
10441
10442 <p>
10443 See <ref id="controlfieldslist">.
10444 </p>
10445
10446 <p>
10447 This section now contains only the fields that didn't belong
10448 to the Policy manual.
10449 </p>
10450
10451 <sect1 id="pkg-f-Filename">
10452 <heading><tt>Filename</tt> and <tt>MSDOS-Filename</tt></heading>
10453
10454 <p>
10455 These fields in <tt>Packages</tt> files give the
10456 filename(s) of (the parts of) a package in the
10457 distribution directories, relative to the root of the
10458 Debian hierarchy. If the package has been split into
10459 several parts the parts are all listed in order, separated
10460 by spaces.
10461 </p>
10462 </sect1>
10463
10464 <sect1 id="pkg-f-Size">
10465 <heading><tt>Size</tt> and <tt>MD5sum</tt></heading>
10466
10467 <p>
10468 These fields in <file>Packages</file> files give the size (in
10469 bytes, expressed in decimal) and MD5 checksum of the
10470 file(s) which make(s) up a binary package in the
10471 distribution. If the package is split into several parts
10472 the values for the parts are listed in order, separated by
10473 spaces.
10474 </p>
10475 </sect1>
10476
10477 <sect1 id="pkg-f-Status">
10478 <heading><tt>Status</tt></heading>
10479
10480 <p>
10481 This field in <prgn>dpkg</prgn>'s status file records
10482 whether the user wants a package installed, removed or
10483 left alone, whether it is broken (requiring
10484 re-installation) or not and what its current state on the
10485 system is. Each of these pieces of information is a
10486 single word.
10487 </p>
10488 </sect1>
10489
10490 <sect1 id="pkg-f-Config-Version">
10491 <heading><tt>Config-Version</tt></heading>
10492
10493 <p>
10494 If a package is not installed or not configured, this
10495 field in <prgn>dpkg</prgn>'s status file records the last
10496 version of the package which was successfully
10497 configured.
10498 </p>
10499 </sect1>
10500
10501 <sect1 id="pkg-f-Conffiles">
10502 <heading><tt>Conffiles</tt></heading>
10503
10504 <p>
10505 This field in <prgn>dpkg</prgn>'s status file contains
10506 information about the automatically-managed configuration
10507 files held by a package. This field should <em>not</em>
10508 appear anywhere in a package!
10509 </p>
10510 </sect1>
10511
10512 <sect1>
10513 <heading>Obsolete fields</heading>
10514
10515 <p>
10516 These are still recognized by <prgn>dpkg</prgn> but should
10517 not appear anywhere any more.
10518
10519 <taglist compact="compact">
10520
10521 <tag><tt>Revision</tt></tag>
10522 <tag><tt>Package-Revision</tt></tag>
10523 <tag><tt>Package_Revision</tt></tag>
10524 <item>
10525 The Debian revision part of the package version was
10526 at one point in a separate control file field. This
10527 field went through several names.
10528 </item>
10529
10530 <tag><tt>Recommended</tt></tag>
10531 <item>Old name for <tt>Recommends</tt>.</item>
10532
10533 <tag><tt>Optional</tt></tag>
10534 <item>Old name for <tt>Suggests</tt>.</item>
10535
10536 <tag><tt>Class</tt></tag>
10537 <item>Old name for <tt>Priority</tt>.</item>
10538
10539 </taglist>
10540 </p>
10541 </sect1>
10542 </sect>
10543
10544 </appendix>
10545
10546 <appendix id="pkg-conffiles">
10547 <heading>Configuration file handling (from old Packaging Manual)</heading>
10548
10549 <p>
10550 <prgn>dpkg</prgn> can do a certain amount of automatic
10551 handling of package configuration files.
10552 </p>
10553
10554 <p>
10555 Whether this mechanism is appropriate depends on a number of
10556 factors, but basically there are two approaches to any
10557 particular configuration file.
10558 </p>
10559
10560 <p>
10561 The easy method is to ship a best-effort configuration in the
10562 package, and use <prgn>dpkg</prgn>'s conffile mechanism to
10563 handle updates. If the user is unlikely to want to edit the
10564 file, but you need them to be able to without losing their
10565 changes, and a new package with a changed version of the file
10566 is only released infrequently, this is a good approach.
10567 </p>
10568
10569 <p>
10570 The hard method is to build the configuration file from
10571 scratch in the <prgn>postinst</prgn> script, and to take the
10572 responsibility for fixing any mistakes made in earlier
10573 versions of the package automatically. This will be
10574 appropriate if the file is likely to need to be different on
10575 each system.
10576 </p>
10577
10578 <sect><heading>Automatic handling of configuration files by
10579 <prgn>dpkg</prgn>
10580 </heading>
10581
10582 <p>
10583 A package may contain a control area file called
10584 <tt>conffiles</tt>. This file should be a list of filenames
10585 of configuration files needing automatic handling, separated
10586 by newlines. The filenames should be absolute pathnames,
10587 and the files referred to should actually exist in the
10588 package.
10589 </p>
10590
10591 <p>
10592 When a package is upgraded <prgn>dpkg</prgn> will process
10593 the configuration files during the configuration stage,
10594 shortly before it runs the package's <prgn>postinst</prgn>
10595 script,
10596 </p>
10597
10598 <p>
10599 For each file it checks to see whether the version of the
10600 file included in the package is the same as the one that was
10601 included in the last version of the package (the one that is
10602 being upgraded from); it also compares the version currently
10603 installed on the system with the one shipped with the last
10604 version.
10605 </p>
10606
10607 <p>
10608 If neither the user nor the package maintainer has changed
10609 the file, it is left alone. If one or the other has changed
10610 their version, then the changed version is preferred - i.e.,
10611 if the user edits their file, but the package maintainer
10612 doesn't ship a different version, the user's changes will
10613 stay, silently, but if the maintainer ships a new version
10614 and the user hasn't edited it the new version will be
10615 installed (with an informative message). If both have
10616 changed their version the user is prompted about the problem
10617 and must resolve the differences themselves.
10618 </p>
10619
10620 <p>
10621 The comparisons are done by calculating the MD5 message
10622 digests of the files, and storing the MD5 of the file as it
10623 was included in the most recent version of the package.
10624 </p>
10625
10626 <p>
10627 When a package is installed for the first time
10628 <prgn>dpkg</prgn> will install the file that comes with it,
10629 unless that would mean overwriting a file already on the
10630 file system.
10631 </p>
10632
10633 <p>
10634 However, note that <prgn>dpkg</prgn> will <em>not</em>
10635 replace a conffile that was removed by the user (or by a
10636 script). This is necessary because with some programs a
10637 missing file produces an effect hard or impossible to
10638 achieve in another way, so that a missing file needs to be
10639 kept that way if the user did it.
10640 </p>
10641
10642 <p>
10643 Note that a package should <em>not</em> modify a
10644 <prgn>dpkg</prgn>-handled conffile in its maintainer
10645 scripts. Doing this will lead to <prgn>dpkg</prgn> giving
10646 the user confusing and possibly dangerous options for
10647 conffile update when the package is upgraded.</p>
10648 </sect>
10649
10650 <sect><heading>Fully-featured maintainer script configuration
10651 handling
10652 </heading>
10653
10654 <p>
10655 For files which contain site-specific information such as
10656 the hostname and networking details and so forth, it is
10657 better to create the file in the package's
10658 <prgn>postinst</prgn> script.
10659 </p>
10660
10661 <p>
10662 This will typically involve examining the state of the rest
10663 of the system to determine values and other information, and
10664 may involve prompting the user for some information which
10665 can't be obtained some other way.
10666 </p>
10667
10668 <p>
10669 When using this method there are a couple of important
10670 issues which should be considered:
10671 </p>
10672
10673 <p>
10674 If you discover a bug in the program which generates the
10675 configuration file, or if the format of the file changes
10676 from one version to the next, you will have to arrange for
10677 the postinst script to do something sensible - usually this
10678 will mean editing the installed configuration file to remove
10679 the problem or change the syntax. You will have to do this
10680 very carefully, since the user may have changed the file,
10681 perhaps to fix the very problem that your script is trying
10682 to deal with - you will have to detect these situations and
10683 deal with them correctly.
10684 </p>
10685
10686 <p>
10687 If you do go down this route it's probably a good idea to
10688 make the program that generates the configuration file(s) a
10689 separate program in <file>/usr/sbin</file>, by convention called
10690 <file><var>package</var>config</file> and then run that if
10691 appropriate from the post-installation script. The
10692 <tt><var>package</var>config</tt> program should not
10693 unquestioningly overwrite an existing configuration - if its
10694 mode of operation is geared towards setting up a package for
10695 the first time (rather than any arbitrary reconfiguration
10696 later) you should have it check whether the configuration
10697 already exists, and require a <tt>--force</tt> flag to
10698 overwrite it.</p></sect>
10699 </appendix>
10700
10701 <appendix id="pkg-alternatives"><heading>Alternative versions of
10702 an interface - <prgn>update-alternatives</prgn> (from old
10703 Packaging Manual)
10704 </heading>
10705
10706 <p>
10707 When several packages all provide different versions of the
10708 same program or file it is useful to have the system select a
10709 default, but to allow the system administrator to change it
10710 and have their decisions respected.
10711 </p>
10712
10713 <p>
10714 For example, there are several versions of the <prgn>vi</prgn>
10715 editor, and there is no reason to prevent all of them from
10716 being installed at once, each under their own name
10717 (<prgn>nvi</prgn>, <prgn>vim</prgn> or whatever).
10718 Nevertheless it is desirable to have the name <tt>vi</tt>
10719 refer to something, at least by default.
10720 </p>
10721
10722 <p>
10723 If all the packages involved cooperate, this can be done with
10724 <prgn>update-alternatives</prgn>.
10725 </p>
10726
10727 <p>
10728 Each package provides its own version under its own name, and
10729 calls <prgn>update-alternatives</prgn> in its postinst to
10730 register its version (and again in its prerm to deregister
10731 it).
10732 </p>
10733
10734 <p>
10735 See the man page <manref name="update-alternatives"
10736 section="8"> for details.
10737 </p>
10738
10739 <p>
10740 If <prgn>update-alternatives</prgn> does not seem appropriate
10741 you may wish to consider using diversions instead.</p>
10742 </appendix>
10743
10744 <appendix id="pkg-diversions"><heading>Diversions - overriding a
10745 package's version of a file (from old Packaging Manual)
10746 </heading>
10747
10748 <p>
10749 It is possible to have <prgn>dpkg</prgn> not overwrite a file
10750 when it reinstalls the package it belongs to, and to have it
10751 put the file from the package somewhere else instead.
10752 </p>
10753
10754 <p>
10755 This can be used locally to override a package's version of a
10756 file, or by one package to override another's version (or
10757 provide a wrapper for it).
10758 </p>
10759
10760 <p>
10761 Before deciding to use a diversion, read <ref
10762 id="pkg-alternatives"> to see if you really want a diversion
10763 rather than several alternative versions of a program.
10764 </p>
10765
10766 <p>
10767 There is a diversion list, which is read by <prgn>dpkg</prgn>,
10768 and updated by a special program <prgn>dpkg-divert</prgn>.
10769 Please see <manref name="dpkg-divert" section="8"> for full
10770 details of its operation.
10771 </p>
10772
10773 <p>
10774 When a package wishes to divert a file from another, it should
10775 call <prgn>dpkg-divert</prgn> in its preinst to add the
10776 diversion and rename the existing file. For example,
10777 supposing that a <prgn>smailwrapper</prgn> package wishes to
10778 install a wrapper around <file>/usr/sbin/smail</file>:
10779 <example>
10780 dpkg-divert --package smailwrapper --add --rename \
10781 --divert /usr/sbin/smail.real /usr/sbin/smail
10782 </example> The <tt>--package smailwrapper</tt> ensures that
10783 <prgn>smailwrapper</prgn>'s copy of <file>/usr/sbin/smail</file>
10784 can bypass the diversion and get installed as the true version.
10785 It's safe to add the diversion unconditionally on upgrades since
10786 it will be left unchanged if it already exists, but
10787 <prgn>dpkg-divert</prgn> will display a message. To suppress that
10788 message, make the command conditional on the version from which
10789 the package is being upgraded:
10790 <example>
10791 if [ upgrade != "$1" ] || dpkg --compare-versions "$2" lt 1.0-2; then
10792 dpkg-divert --package smailwrapper --add --rename \
10793 --divert /usr/sbin/smail.real /usr/sbin/smail
10794 fi
10795 </example> where <tt>1.0-2</tt> is the version at which the
10796 diversion was first added to the package. Running the command
10797 during abort-upgrade is pointless but harmless.
10798 </p>
10799
10800 <p>
10801 The postrm has to do the reverse:
10802 <example>
10803 if [ remove = "$1" -o abort-install = "$1" -o disappear = "$1" ]; then
10804 dpkg-divert --package smailwrapper --remove --rename \
10805 --divert /usr/sbin/smail.real /usr/sbin/smail
10806 fi
10807 </example> If the diversion was added at a particular version, the
10808 postrm should also handle the failure case of upgrading from an
10809 older version (unless the older version is so old that direct
10810 upgrades are no longer supported):
10811 <example>
10812 if [ abort-upgrade = "$1" ] && dpkg --compare-versions "$2" lt 1.0-2; then
10813 dpkg-divert --package smailwrapper --remove --rename \
10814 --divert /usr/sbin/smail.real /usr/sbin/smail
10815 fi
10816 </example> where <tt>1.02-2</tt> is the version at which the
10817 diversion was first added to the package. The postrm should not
10818 remove the diversion on upgrades both because there's no reason to
10819 remove the diversion only to immediately re-add it and since the
10820 postrm of the old package is run after unpacking so the removal of
10821 the diversion will fail.
10822 </p>
10823
10824 <p>
10825 Do not attempt to divert a file which is vitally important for
10826 the system's operation - when using <prgn>dpkg-divert</prgn>
10827 there is a time, after it has been diverted but before
10828 <prgn>dpkg</prgn> has installed the new version, when the file
10829 does not exist.</p>
10830 </appendix>
10831
10832 </book>
10833 </debiandoc>
10834 <!-- Local variables: -->
10835 <!-- indent-tabs-mode: t -->
10836 <!-- End: -->
10837 <!-- vim:set ai et sts=2 sw=2 tw=76: -->
Debian Policy Manual and related documents