| blob | 1505214b94a17600b66e773bd81cfd95616288ad |
1 <!doctype debiandoc system [
2 <!-- include version information so we don't have to hard code it
3 within the document -->
5 <!-- current Debian changes file format -->
7 ]>
8 <debiandoc>
10 <book>
11 <titlepag>
16 <abstract>
17 This manual describes the policy requirements for the Debian
18 distribution. This includes the structure and
19 contents of the Debian archive and several design issues of
20 the operating system, as well as technical requirements that
21 each package must satisfy to be included in the distribution.
22 </abstract>
24 <copyright>
25 <copyrightsummary>
27 and Christian Schwarz.
28 </copyrightsummary>
29 <p>
30 These are the copyright dates of the original Policy manual.
31 Since then, this manual has been updated by many others. No
32 comprehensive collection of copyright notices for subsequent
33 work exists.
34 </p>
36 <p>
37 This manual is free software; you may redistribute it and/or
38 modify it under the terms of the GNU General Public License
39 as published by the Free Software Foundation; either version
40 2, or (at your option) any later version.
41 </p>
43 <p>
44 This is distributed in the hope that it will be useful, but
46 warranty of merchantability or fitness for a particular
47 purpose. See the GNU General Public License for more
48 details.
49 </p>
51 <p>
52 A copy of the GNU General Public License is available as
54 distribution or on the World Wide Web at
57 obtain it by writing to the Free Software Foundation, Inc.,
59 </p>
60 </copyright>
61 </titlepag>
67 <sect>
69 <p>
70 This manual describes the policy requirements for the Debian
71 distribution. This includes the structure and
72 contents of the Debian archive and several design issues of the
73 operating system, as well as technical requirements that
74 each package must satisfy to be included in the
75 distribution.
76 </p>
78 <p>
79 This manual also describes Debian policy as it relates to
80 creating Debian packages. It is not a tutorial on how to build
81 packages, nor is it exhaustive where it comes to describing
82 the behavior of the packaging system. Instead, this manual
83 attempts to define the interface to the package management
84 system that the developers have to be conversant with.<footnote>
85 Informally, the criteria used for inclusion is that the
86 material meet one of the following requirements:
89 <item>
90 The material presented represents an interface to
91 the packaging system that is mandated for use, and
92 is used by, a significant number of packages, and
93 therefore should not be changed without peer
94 review. Package maintainers can then rely on this
95 interface not changing, and the package management
96 software authors need to ensure compatibility with
97 this interface definition. (Control file and
98 changelog file formats are examples.)
99 </item>
101 <item>
102 If there are a number of technically viable choices
103 that can be made, but one needs to select one of
104 these options for inter-operability. The version
105 number format is one example.
106 </item>
107 </taglist>
108 Please note that these are not mutually exclusive;
109 selected conventions often become parts of standard
110 interfaces.
111 </footnote>
112 </p>
114 <p>
115 The footnotes present in this manual are
116 merely informative, and are not part of Debian policy itself.
117 </p>
119 <p>
120 The appendices to this manual are not necessarily normative,
122 </p>
124 <p>
125 In the normative part of this manual,
129 distinguish the significance of the various guidelines in
130 this policy document. Packages that do not conform to the
132 will generally not be considered acceptable for the Debian
133 distribution. Non-conformance with guidelines denoted by
135 considered a bug, but will not necessarily render a package
136 unsuitable for distribution. Guidelines denoted by
138 adherence is left to the maintainer's discretion.
139 </p>
141 <p>
142 These classifications are roughly equivalent to the bug
148 items).
149 <footnote>
150 Compare RFC 2119. Note, however, that these words are
151 used in a different way in this document.
152 </footnote>
153 </p>
155 <p>
156 Much of the information presented in this manual will be
157 useful even when building a package which is to be
158 distributed in some other way or is intended for local use
159 only.
160 </p>
162 <p>
163 udebs (stripped-down binary packages used by the Debian Installer) do
164 not comply with all of the requirements discussed here. See the
167 information about them.
168 </p>
169 </sect>
171 <sect>
174 <p>
175 This manual is distributed via the Debian package
180 </p>
182 <p>
183 The current version of this document is also available from
184 the Debian web mirrors at
187 (
190 Also available from the same directory are several other
197 </p>
199 <p>
202 changes between versions of this document.
203 </p>
204 </sect>
209 <p>
210 Originally called "Debian GNU/Linux Policy Manual", this
211 manual was initially written in 1996 by Ian Jackson.
214 and reworked/restructured it in April-July 1997.
215 Christoph Lameter contributed the "Web Standard".
216 Julian Gilbey largely restructured it in 2001.
217 </p>
219 <p>
220 Since September 1998, the responsibility for the contents of
223 are discussed there and inserted into policy after a certain
224 consensus is established.
225 <!-- insert shameless policy-process plug here eventually -->
226 The actual editing is done by a group of maintainers that have
227 no editorial powers. These are the current maintainers:
229 <enumlist>
234 </enumlist>
235 </p>
237 <p>
238 While the authors of this document have tried hard to avoid
239 typos and other errors, these do still occur. If you discover
240 an error in this manual or if you want to give any
241 comments, suggestions, or criticisms please send an email to
242 the Debian Policy List,
245 </p>
247 <p>
248 Please do not try to reach the individual authors or maintainers
249 of the Policy Manual regarding changes to the Policy.
250 </p>
251 </sect>
256 <p>
257 There are several other documents other than this Policy Manual
258 that are necessary to fully understand some Debian policies and
259 procedures.
260 </p>
262 <p>
263 The external "sub-policy" documents are referred to in:
271 </list>
272 </p>
274 <p>
275 In addition to those, which carry the weight of policy, there
276 is the Debian Developer's Reference. This document describes
277 procedures and resources for Debian developers, but it is
279 belong in the Policy, such as best practices for developers.
280 </p>
282 <p>
283 The Developer's Reference is available in the
285 It's also available from the Debian web mirrors at
288 </p>
290 <p>
292 machine-readable copyright files</qref> is maintained as part of
294 procedure as the other policy documents. Use of this format is
295 optional.
296 </p>
297 </sect>
302 <p>
303 The following terms are used in this Policy Manual:
304 <taglist>
306 <item>
307 The character encoding specified by ANSI X3.4-1986 and its
308 predecessor standards, referred to in MIME as US-ASCII, and
309 corresponding to an encoding in eight bits per character of
312 </item>
314 <item>
315 The transformation format (sometimes called encoding) of
319 ASCII as a subset, so any text encoded in ASCII is trivially
320 also valid UTF-8.
321 </item>
322 </taglist>
323 </p>
324 </sect>
325 </chapt>
331 <p>
332 The Debian system is maintained and distributed as a
334 them (currently well over 15000), they are split into
336 the handling of them.
337 </p>
339 <p>
340 The effort of the Debian project is to build a free operating
341 system, but not every package we want to make accessible is
343 Guidelines, below), or may be imported/exported without
344 restrictions. Thus, the archive is split into areas<footnote>
345 The Debian archive software uses the term "component" internally
346 and in the Release file format to refer to the division of an
347 archive. The Debian Social Contract simply refers to "areas."
348 This document uses terminology similar to the Social Contract.
349 </footnote> based on their licenses and other restrictions.
350 </p>
352 <p>
353 The aims of this are:
357 <item>to allow us to encourage everyone to write free software,
358 and</item>
359 <item>to allow us to make it easy for people to produce
360 CD-ROMs of our system without violating any licenses,
361 import/export restrictions, or any other laws.</item>
362 </list>
363 </p>
365 <p>
367 </p>
369 <p>
372 distribution, although we support their use and provide
373 infrastructure for them (such as our bug-tracking system and
374 mailing lists). This Debian Policy Manual applies to these
375 packages as well.
376 </p>
380 <p>
381 The Debian Free Software Guidelines (DFSG) form our
382 definition of "free software". These are:
383 <taglist>
385 </tag>
386 <item>
387 The license of a Debian component may not restrict any
388 party from selling or giving away the software as a
389 component of an aggregate software distribution
390 containing programs from several different
391 sources. The license may not require a royalty or
392 other fee for such sale.
393 </item>
395 </tag>
396 <item>
397 The program must include source code, and must allow
398 distribution in source code as well as compiled form.
399 </item>
401 </tag>
402 <item>
403 The license must allow modifications and derived
404 works, and must allow them to be distributed under the
405 same terms as the license of the original software.
406 </item>
408 </tag>
409 <item>
410 The license may restrict source-code from being
412 license allows the distribution of "patch files"
413 with the source code for the purpose of modifying the
414 program at build time. The license must explicitly
415 permit distribution of software built from modified
416 source code. The license may require derived works to
417 carry a different name or version number from the
418 original software. (This is a compromise. The Debian
419 Project encourages all authors to not restrict any
420 files, source or binary, from being modified.)
421 </item>
423 </tag>
424 <item>
425 The license must not discriminate against any person
426 or group of persons.
427 </item>
429 </tag>
430 <item>
431 The license must not restrict anyone from making use
432 of the program in a specific field of endeavor. For
433 example, it may not restrict the program from being
434 used in a business, or from being used for genetic
435 research.
436 </item>
438 </tag>
439 <item>
440 The rights attached to the program must apply to all
441 to whom the program is redistributed without the need
442 for execution of an additional license by those
443 parties.
444 </item>
446 </tag>
447 <item>
448 The rights attached to the program must not depend on
449 the program's being part of a Debian system. If the
450 program is extracted from Debian and used or
451 distributed without Debian but otherwise within the
452 terms of the program's license, all parties to whom
453 the program is redistributed must have the same
454 rights as those that are granted in conjunction with
455 the Debian system.
456 </item>
458 </tag>
459 <item>
460 The license must not place restrictions on other
461 software that is distributed along with the licensed
462 software. For example, the license must not insist
463 that all other programs distributed on the same medium
464 must be free software.
465 </item>
467 </tag>
468 <item>
471 </item>
472 </taglist>
473 </p>
474 </sect>
482 <p>
484 distribution. Only the packages in this area are considered
485 part of the distribution. None of the packages in
487 that area to function. Anyone may use, share, modify and
488 redistribute the packages in this archive area
489 freely<footnote>
492 more about what we mean by free software.
493 </footnote>.
494 </p>
496 <p>
498 (Debian Free Software Guidelines).
499 </p>
501 <p>
504 <item>
505 must not require or recommend a package outside
510 package),
511 </item>
512 <item>
513 must not be so buggy that we refuse to support them,
514 and
515 </item>
516 <item>
517 must meet all policy requirements presented in this
518 manual.
519 </item>
520 </list>
521 </p>
523 </sect1>
528 <p>
530 packages intended to work with the Debian distribution, but
531 which require software outside of the distribution to either
532 build or function.
533 </p>
535 <p>
537 </p>
539 <p>
542 <item>
543 must not be so buggy that we refuse to support them,
544 and
545 </item>
546 <item>
547 must meet all policy requirements presented in this
548 manual.
549 </item>
550 </list>
551 </p>
553 <p>
554 Examples of packages which would be included in
557 <item>
560 in our archive at all for compilation or execution,
561 and
562 </item>
563 <item>
564 wrapper packages or other sorts of free accessories for
565 non-free programs.
566 </item>
567 </list>
568 </p>
569 </sect1>
574 <p>
576 packages intended to work with the Debian distribution that do
577 not comply with the DFSG or have other problems that make
578 their distribution problematic. They may not comply with all
579 of the policy requirements in this manual due to restrictions
580 on modifications or other limitations.
581 </p>
583 <p>
585 not compliant with the DFSG or are encumbered by patents
586 or other legal issues that make their distribution
587 problematic.
588 </p>
590 <p>
593 <item>
594 must not be so buggy that we refuse to support them,
595 and
596 </item>
597 <item>
598 must meet all policy requirements presented in this
599 manual that it is possible for them to meet.
600 <footnote>
601 It is possible that there are policy
602 requirements which the package is unable to
603 meet, for example, if the source is
604 unavailable. These situations will need to be
605 handled on a case-by-case basis.
606 </footnote>
607 </item>
608 </list>
609 </p>
610 </sect1>
612 </sect>
617 <p>
618 Every package must be accompanied by a verbatim copy of its
619 copyright information and distribution license in the file
622 </p>
624 <p>
625 We reserve the right to restrict files from being included
626 anywhere in our archives if
628 <item>
629 their use or distribution would break a law,
630 </item>
631 <item>
632 there is an ethical conflict in their distribution or
633 use,
634 </item>
635 <item>
636 we would have to sign a license for them, or
637 </item>
638 <item>
639 their distribution would conflict with other project
640 policies.
641 </item>
642 </list>
643 </p>
645 <p>
646 Programs whose authors encourage the user to make
647 donations are fine for the main distribution, provided
648 that the authors do not claim that not donating is
649 immoral, unethical, illegal or something similar; in such
651 </p>
653 <p>
654 Packages whose copyright permission notices (or patent
655 problems) do not even allow redistribution of binaries
656 only, and where no special permission has been obtained,
657 must not be placed on the Debian FTP site and its mirrors
658 at all.
659 </p>
661 <p>
662 Note that under international copyright law (this applies
664 modification of a work is allowed without an explicit
665 notice saying so. Therefore a program without a copyright
667 to it without risking being sued! Likewise if a program
668 has a copyright notice but no statement saying what is
669 permitted then nothing is permitted.
670 </p>
672 <p>
673 Many authors are unaware of the problems that restrictive
674 copyrights (or lack of copyright notices) can cause for
675 the users of their supposedly-free software. It is often
676 worthwhile contacting such authors diplomatically to ask
677 them to modify their license terms. However, this can be a
678 politically difficult thing to do and you should ask for
680 explained below.
681 </p>
683 <p>
684 When in doubt about a copyright, send mail to
686 to provide us with the copyright statement. Software
687 covered by the GPL, public domain software and BSD-like
688 copyrights are safe; be wary of the phrases "commercial
690 </p>
691 </sect>
696 <p>
700 </p>
702 <p>
703 The archive area and section for each package should be
706 archive may override this selection to ensure the consistency of
708 of the form:
710 <item>
713 </item>
714 <item>
717 archive areas.
718 </item>
719 </list>
720 </p>
722 <p>
723 The Debian archive maintainers provide the authoritative
724 list of sections. At present, they are:
725 admin,
726 cli-mono,
727 comm,
728 database,
729 debug,
730 devel,
731 doc,
732 editors,
733 education,
734 electronics,
735 embedded,
736 fonts,
737 games,
738 gnome,
739 gnu-r,
740 gnustep,
741 graphics,
742 hamradio,
743 haskell,
744 httpd,
745 interpreters,
746 introspection,
747 java,
748 kde,
749 kernel,
750 libdevel,
751 libs,
752 lisp,
753 localization,
754 mail,
755 math,
756 metapackages,
757 misc,
758 net,
759 news,
760 ocaml,
761 oldlibs,
762 otherosfs,
763 perl,
764 php,
765 python,
766 ruby,
767 science,
768 shells,
769 sound,
770 tasks,
771 tex,
772 text,
773 utils,
774 vcs,
775 video,
776 web,
777 x11,
778 xfce,
779 zope.
781 contains special packages used by the installer and is not used
782 for normal Debian packages.
783 </p>
785 <p>
786 For more information about the sections and their definitions,
789 </p>
790 </sect>
795 <p>
799 This information is used by the Debian package management tools to
800 separate high-priority packages from less-important packages.
801 </p>
803 <p>
805 Debian package management tools.
806 <taglist>
808 <item>
809 Packages which are necessary for the proper
810 functioning of the system (usually, this means that
811 dpkg functionality depends on these packages).
813 system to become totally broken and you may not even
815 so only do so if you know what you are doing. Systems
817 unusable, but they do have enough functionality to
818 allow the sysadmin to boot and install more software.
819 </item>
821 <item>
822 Important programs, including those which one would
823 expect to find on any Unix-like system. If the
824 expectation is that an experienced Unix person who
825 found it missing would say "What on earth is going on,
826 where is <prgn>foo</prgn>?", it must be an
828 This is an important criterion because we are
829 trying to produce, amongst other things, a free
830 Unix.
831 </footnote>
832 Other packages without which the system will not run
833 well or be usable must also have priority
836 or any other large applications. The
838 commonly-expected and necessary tools.
839 </item>
841 <item>
842 These packages provide a reasonably small but not too
843 limited character-mode system. This is what will be
844 installed by default if the user doesn't select anything
845 else. It doesn't include many large applications.
846 </item>
848 <item>
849 (In a sense everything that isn't required is
850 optional, but that's not what is meant here.) This is
851 all the software that you might reasonably want to
852 install if you didn't know what it was and don't have
853 specialized requirements. This is a much larger system
854 and includes the X Window System, a full TeX
855 distribution, and many applications. Note that
856 optional packages should not conflict with each other.
857 </item>
859 <item>
860 This contains all packages that conflict with others
861 with required, important, standard or optional
862 priorities, or are only likely to be useful if you
863 already know what they are or have specialized
864 requirements (such as packages containing only detached
865 debugging symbols).
866 </item>
867 </taglist>
868 </p>
870 <p>
871 Packages must not depend on packages with lower priority
872 values (excluding build-time dependencies). In order to
873 ensure this, the priorities of one or more packages may need
874 to be adjusted.
875 </p>
876 </sect>
878 </chapt>
884 <p>
885 The Debian distribution is based on the Debian
887 all packages in the Debian distribution must be provided
889 </p>
891 <p>
893 to install on the system when the package is installed, and a set
894 of files that provide additional metadata about the package or
895 which are executed when the package is installed or removed. This
897 Among those files are the package maintainer scripts
899 package control file</qref> that contains the control fields for
900 the package. Other control information files include
903 used to store shared library dependency information and
906 </p>
908 <p>
909 There is unfortunately a collision of terminology here between
910 control information files and files in the Debian control file
912 to a file in the Debian control file format. These files are
915 included in the control information file member of
917 control information files are not in the Debian control file
918 format.
919 </p>
921 <sect>
924 <p>
925 Every package must have a name that's unique within the Debian
926 archive.
927 </p>
929 <p>
930 The package name is included in the control field
933 The package name is also included as a part of the file name
935 </p>
936 </sect>
941 <p>
942 Every package has a version number recorded in its
945 </p>
947 <p>
948 The package management system imposes an ordering on version
949 numbers, so that it can tell whether packages are being up- or
950 downgraded and so that package system front end applications
951 can tell whether a package it finds available is newer than
952 the one installed on the system. The version number format
953 has the most significant parts (as far as comparison is
954 concerned) at the beginning.
955 </p>
957 <p>
958 If an upstream package has problematic version numbers they
959 should be converted to a sane form for use in the
961 </p>
963 <sect1>
966 <p>
967 In general, Debian packages should use the same version
968 numbers as the upstream sources. However, upstream version
969 numbers based on some date formats (sometimes used for
970 development or "snapshot" releases) will not be ordered
971 correctly by the package management software. For
973 greater than "96Dec24".
974 </p>
976 <p>
977 To prevent having to use epochs for every new upstream
978 version, the date-based portion of any upstream version number
979 should be given in a way that sorts correctly: four-digit year
980 first, followed by a two-digit numeric month, followed by a
981 two-digit numeric date, possibly with punctuation between the
982 components.
983 </p>
985 <p>
986 Native Debian packages (i.e., packages which have been written
987 especially for Debian) whose version numbers include dates
988 should also follow these rules. If punctuation is desired
990 cannot be used in native package versions. Period
992 </p>
993 </sect1>
995 </sect>
1000 <p>
1001 Every package must have a maintainer, except for orphaned
1002 packages as described below. The maintainer may be one person
1003 or a group of people reachable from a common email address, such
1004 as a mailing list. The maintainer is responsible for
1005 maintaining the Debian packaging files, evaluating and
1006 responding appropriately to reported bugs, uploading new
1007 versions of the package (either directly or through a sponsor),
1008 ensuring that the package is placed in the appropriate archive
1009 area and included in Debian releases as appropriate for the
1010 stability and utility of the package, and requesting removal of
1011 the package from the Debian distribution if it is no longer
1012 useful or maintainable.
1013 </p>
1015 <p>
1017 control field with their correct name and a working email
1019 control field must accept mail from those role accounts in
1020 Debian used to send automated mails regarding the package. This
1021 includes non-spam mail from the bug-tracking system, all mail
1022 from the Debian archive maintenance software, and other role
1023 accounts or automated processes that are commonly agreed on by
1024 the project.<footnote>
1025 A sample implementation of such a whitelist written for the
1026 Mailman mailing list management software is used for mailing
1027 lists hosted by alioth.debian.org.
1028 </footnote>
1029 If one person or team maintains several packages, they should
1030 use the same form of their name and email address in
1032 </p>
1034 <p>
1037 </p>
1039 <p>
1040 If the maintainer of the package is a team of people with a
1042 be present and must contain at least one human with their
1044 syntax of that field.
1045 </p>
1047 <p>
1048 An orphaned package is one with no current maintainer. Orphaned
1051 These packages are considered maintained by the Debian project
1052 as a whole until someone else volunteers to take over
1053 maintenance.<footnote>
1054 The detailed procedure for gracefully orphaning a package can
1055 be found in the Debian Developer's Reference
1057 </footnote>
1058 </p>
1059 </sect>
1064 <p>
1066 field which contains a synopsis and extended description of the
1067 package. Technical information about the format of the
1069 </p>
1071 <p>
1072 The description should describe the package (the program) to a
1073 user (system administrator) who has never met it before so that
1074 they have enough information to decide whether they want to
1075 install it. This description should not just be copied verbatim
1076 from the program's documentation.
1077 </p>
1079 <p>
1080 Put important information first, both in the synopsis and
1081 extended description. Sometimes only the first part of the
1082 synopsis or of the description will be displayed. You can
1083 assume that there will usually be a way to see the whole
1084 extended description.
1085 </p>
1087 <p>
1088 The description should also give information about the
1089 significant dependencies and conflicts between this package
1090 and others, so that the user knows why these dependencies and
1091 conflicts have been declared.
1092 </p>
1094 <p>
1095 Instructions for configuring or using the package should
1096 not be included (that is what installation scripts,
1097 manual pages, info files, etc., are for). Copyright
1098 statements and other administrivia should not be included
1099 either (that is what the copyright file is for).
1100 </p>
1104 <p>
1105 The single line synopsis should be kept brief - certainly
1106 under 80 characters.
1107 </p>
1109 <p>
1110 Do not include the package name in the synopsis line. The
1111 display software knows how to display this already, and you
1112 do not need to state it. Remember that in many situations
1113 the user may only see the synopsis line - make it as
1114 informative as you can.
1115 </p>
1117 </sect1>
1121 <p>
1122 Do not try to continue the single line synopsis into the
1123 extended description. This will not work correctly when
1124 the full description is displayed, and makes no sense
1125 where only the summary (the single line synopsis) is
1126 available.
1127 </p>
1129 <p>
1130 The extended description should describe what the package
1131 does and how it relates to the rest of the system (in terms
1132 of, for example, which subsystem it is which part of).
1133 </p>
1135 <p>
1136 The description field needs to make sense to anyone, even
1137 people who have no idea about any of the things the
1138 package deals with.<footnote>
1139 The blurb that comes with a program in its
1141 rarely suitable for use in a description. It is
1142 usually aimed at people who are already in the
1143 community where the package is used.
1144 </footnote>
1145 </p>
1147 </sect1>
1149 </sect>
1154 <p>
1155 Every package must specify the dependency information
1156 about other packages that are required for the first to
1157 work correctly.
1158 </p>
1160 <p>
1161 For example, a dependency entry must be provided for any
1162 shared libraries required by a dynamically-linked executable
1163 binary in a package.
1164 </p>
1166 <p>
1167 Packages are not required to declare any dependencies they
1169 (see below), and should not do so unless they depend on a
1170 particular version of that package.<footnote>
1171 <p>
1172 Essential is needed in part to avoid unresolvable dependency
1173 loops on upgrade. If packages add unnecessary dependencies
1174 on packages in this set, the chances that there
1176 caused by forcing these Essential packages to be configured
1177 first before they need to be is greatly increased. It also
1178 increases the chances that frontends will be unable to
1180 exists.
1181 </p>
1182 <p>
1183 Also, functionality is rarely ever removed from the
1185 the Essential set when the functionality moved to a
1186 different package. So depending on these packages <em>just
1187 in case</em> they stop being essential does way more harm
1188 than good.
1189 </p>
1190 </footnote>
1191 </p>
1193 <p>
1194 Sometimes, unpacking one package requires that another package
1196 depending package must specify this dependency in
1198 </p>
1200 <p>
1202 package before this has been discussed on the
1204 doing that has been reached.
1205 </p>
1207 <p>
1208 The format of the package interrelationship control fields is
1210 </p>
1211 </sect>
1216 <p>
1217 Sometimes, there are several packages which offer
1218 more-or-less the same functionality. In this case, it's
1220 describes that common functionality. (The virtual
1221 packages only exist logically, not physically; that's why
1224 package. Thus, any other package requiring that function
1225 can simply depend on the virtual package without having to
1226 specify all possible packages individually.
1227 </p>
1229 <p>
1230 All packages should use virtual package names where
1231 appropriate, and arrange to create new ones if necessary.
1232 They should not use virtual package names (except privately,
1233 amongst a cooperating group of packages) unless they have
1234 been agreed upon and appear in the list of virtual package
1236 </p>
1238 <p>
1239 The latest version of the authoritative list of virtual
1241 It is also available from the Debian web mirrors at
1244 </p>
1246 <p>
1247 The procedure for updating the list is described in the preface
1248 to the list.
1249 </p>
1251 </sect>
1253 <sect>
1256 <p>
1258 system that is installed before everything else
1259 on a new system. Only very few packages are allowed to form
1260 part of the base system, in order to keep the required disk
1261 usage very small.
1262 </p>
1264 <p>
1265 The base system consists of all those packages with priority
1268 </p>
1269 </sect>
1271 <sect>
1274 <p>
1275 Essential is defined as the minimal set of functionality that
1276 must be available and usable on the system at all times, even
1277 when packages are in the "Unpacked" state.
1282 </p>
1284 <p>
1285 Since these packages cannot be easily removed (one has to
1288 unless absolutely necessary. A shared library package
1290 prevent its premature removal, and we need to be able to
1291 remove it when it has been superseded.
1292 </p>
1294 <p>
1295 Since dpkg will not prevent upgrading of other packages
1298 their core functionality even when unconfigured. If the
1299 package cannot satisfy this requirement it must not be
1300 tagged as essential, and any packages depending on this
1301 package must instead have explicit dependency fields as
1302 appropriate.
1303 </p>
1305 <p>
1306 Maintainers should take great care in adding any programs,
1308 Packages may assume that functionality provided by
1310 declaring explicit dependencies, which means that removing
1311 functionality from the Essential set is very difficult and is
1312 almost never done. Any capability added to an
1314 support that capability as part of the Essential set in
1315 perpetuity.
1316 </p>
1318 <p>
1321 mailing list and a consensus about doing that has been
1322 reached.
1323 </p>
1324 </sect>
1329 <p>
1330 The package installation scripts should avoid producing
1331 output which is unnecessary for the user to see and
1333 the part of a user installing many packages. This means,
1336 </p>
1338 <p>
1339 Errors which occur during the execution of an installation
1340 script must be checked and the installation must not
1341 continue after an error.
1342 </p>
1344 <p>
1346 maintainer scripts, too.
1347 </p>
1349 <p>
1351 to another package without consulting the maintainer of that
1352 package first. When adding or removing diversions, package
1355 </p>
1357 <p>
1358 All packages which supply an instance of a common command
1359 name (or, in general, filename) should generally use
1362 is not used, then each package must use
1364 removed. (In this case, it may be appropriate to
1365 specify a conflict against earlier versions of something
1366 that previously did not use
1368 the usual rule that versioned conflicts should be
1369 avoided.)
1370 </p>
1374 <p>
1375 Package maintainer scripts may prompt the user if
1376 necessary. Prompting must be done by communicating
1378 conforms to the Debian Configuration Management
1379 Specification, version 2 or higher.
1380 </p>
1382 <p>
1383 Packages which are essential, or which are dependencies of
1384 essential packages, may fall back on another prompting method
1385 if no such interface is available when they are executed.
1386 </p>
1388 <p>
1389 The Debian Configuration Management Specification is included
1392 It is also available from the Debian web mirrors at
1395 </p>
1397 <p>
1398 Packages which use the Debian Configuration Management
1399 Specification may contain the additional control information
1402 additional maintainer script used for package configuration,
1406 unpacked or any of its dependencies or pre-dependencies are
1407 satisfied. Therefore it must work using only the tools
1410 implements the Debian Configuration Management
1411 Specification will also be installed, and any
1412 versioned dependencies on it will be satisfied
1413 before preconfiguration begins.
1414 </footnote>
1415 </p>
1417 <p>
1418 Packages which use the Debian Configuration Management
1419 Specification must allow for translation of their user-visible
1420 messages by using a gettext-based system such as the one
1422 </p>
1424 <p>
1425 Packages should try to minimize the amount of prompting
1426 they need to do, and they should ensure that the user
1427 will only ever be asked each question once. This means
1428 that packages should try to use appropriate shared
1432 prompting for their own list of required pieces of
1433 information.
1434 </p>
1436 <p>
1437 It also means that an upgrade should not ask the same
1438 questions again, unless the user has used
1440 The answers to configuration questions should be stored in an
1442 modify them, and how this has been done should be
1443 documented.
1444 </p>
1446 <p>
1447 If a package has a vitally important piece of
1448 information to pass to the user (such as "don't run me
1449 as I am, you must edit the following configuration files
1450 first or you risk your system emitting badly-formatted
1451 messages"), it should display this in the
1453 prompt the user to hit return to acknowledge the
1454 message. Copyright messages do not count as vitally
1455 important (they belong in
1457 neither do instructions on how to use a program (these
1458 should be in on-line documentation, where all the users
1459 can see them).
1460 </p>
1462 <p>
1463 Any necessary prompting should almost always be confined
1466 should be protected with a conditional so that
1467 unnecessary prompting doesn't happen if a package's
1471 </p>
1472 </sect1>
1474 </sect>
1476 </chapt>
1485 <p>
1486 Source packages should specify the most recent version number
1487 of this policy document with which your package complied
1488 when it was last updated.
1489 </p>
1491 <p>
1492 This information may be used to file bug reports
1493 automatically if your package becomes too much out of date.
1494 </p>
1496 <p>
1498 control field.
1501 </p>
1503 <p>
1504 You should regularly, and especially if your package has
1505 become out of date, check for the newest Policy Manual
1506 available and update your package, if necessary. When your
1507 package complies with the new standards you should update the
1509 release it.<footnote>
1511 information about policy which has changed between
1512 different versions of this document.
1513 </footnote>
1514 </p>
1516 </sect>
1521 <p>
1522 Source packages should specify which binary packages they
1523 require to be installed or not to be installed in order to
1524 build correctly. For example, if building a package
1525 requires a certain compiler, then the compiler should be
1526 specified as a build-time dependency.
1527 </p>
1529 <p>
1530 It is not necessary to explicitly specify build-time
1531 relationships on a minimal set of packages that are always
1532 needed to compile, link and put in a Debian package a
1533 standard "Hello World!" program written in C or C++. The
1535 an informational list can be found in
1538 package).<footnote>
1539 Rationale:
1541 <item>
1542 This allows maintaining the list separately
1543 from the policy documents (the list does not
1544 need the kind of control that the policy
1545 documents do).
1546 </item>
1547 <item>
1548 Having a separate package allows one to install
1549 the build-essential packages on a machine, as
1550 well as allowing other packages such as tasks to
1551 require installation of the build-essential
1552 packages using the depends relation.
1553 </item>
1554 <item>
1555 The separate package allows bug reports against
1556 the list to be categorized separately from
1557 the policy management process in the BTS.
1558 </item>
1559 </list>
1560 </footnote>
1561 </p>
1563 <p>
1564 When specifying the set of build-time dependencies, one
1565 should list only those packages explicitly required by the
1566 build. It is not necessary to list packages which are
1567 required merely because some other package in the list of
1568 build-time dependencies depends on them.<footnote>
1569 The reason for this is that dependencies change, and
1572 others need is their business. For example, if you
1578 will automatically ensure that all of its run-time
1579 dependencies are satisfied.
1580 </footnote>
1581 </p>
1583 <p>
1584 If build-time dependencies are specified, it must be
1585 possible to build the package and produce working binaries
1586 on a system with only essential and build-essential
1587 packages installed and also those required to satisfy the
1588 build-time relationships (including any implied
1589 relationships). In particular, this means that version
1590 clauses should be used rigorously in build-time
1591 relationships so that one cannot produce bad or
1592 inconsistently configured packages when the relationships
1593 are properly satisfied.
1594 </p>
1596 <p>
1598 </p>
1599 </sect>
1601 <sect>
1604 <p>
1605 If changes to the source code are made that are not
1606 specific to the needs of the Debian system, they should be
1607 sent to the upstream authors in whatever form they prefer
1608 so as to be included in the upstream version of the
1609 package.
1610 </p>
1612 <p>
1613 If you need to configure the package differently for
1614 Debian or for Linux, and the upstream source doesn't
1615 provide a way to do so, you should add such configuration
1618 authors, with the default set to the way they originally
1619 had it. You can then easily override the default in your
1621 </p>
1623 <p>
1625 detects the correct architecture specification string
1627 </p>
1628 <p>
1633 details how to achieve that). This ensures that these files can
1634 be updated distribution-wide at build time when introducing
1635 new architectures.
1636 </p>
1638 <p>
1643 reconfigure the package if necessary. You should
1646 else to later reconfigure the package without losing the
1647 changes you made.
1648 </p>
1650 </sect>
1655 <p>
1656 Changes in the Debian version of the package should be
1657 briefly explained in the Debian changelog file
1659 <p>
1660 Mistakes in changelogs are usually best rectified by
1661 making a new changelog entry rather than "rewriting
1662 history" by editing old changelog entries.
1663 </p>
1664 </footnote>
1665 This includes modifications
1666 made in the Debian package compared to the upstream one
1667 as well as other changes and updates to the package.
1668 <footnote>
1669 Although there is nothing stopping an author who is also
1670 the Debian maintainer from using this changelog for all
1671 their changes, it will have to be renamed if the Debian
1672 and upstream maintainers become different people. In such
1673 a case, however, it might be better to maintain the package
1674 as a non-native package.
1675 </footnote>
1676 </p>
1678 <p>
1680 package building tools to discover which version of the package
1681 is being built and find out other release-specific information.
1682 </p>
1684 <p>
1685 That format is a series of entries like this:
1689 <var>
1690 [optional blank line(s), stripped]
1691 </var>
1694 <var>
1695 [blank line(s), included in output of dpkg-parsechangelog]
1696 </var>
1698 <var>
1699 [optional blank line(s), stripped]
1700 </var>
1701 -- <var>maintainer name</var> <<var>email address</var>><var>[two spaces]</var> <var>date</var>
1702 </example>
1703 </p>
1705 <p>
1707 package name and version number.
1708 </p>
1710 <p>
1712 this version should be installed when it is uploaded - it
1715 </p>
1717 <p>
1721 an urgency containing commas; commas are used to separate
1726 </p>
1728 <p>
1729 The change details may in fact be any series of lines
1730 starting with at least two spaces, but conventionally each
1731 change starts with an asterisk and a separating space and
1732 continuation lines are indented so as to bring them in
1733 line with the start of the text above. Blank lines may be
1734 used here to separate groups of changes, if desired.
1735 </p>
1737 <p>
1738 If this upload resolves bugs recorded in the Bug Tracking
1739 System (BTS), they may be automatically closed on the
1740 inclusion of this package into the Debian archive by
1742 in the change details.<footnote>
1743 To be precise, the string should match the following
1744 Perl regular expression:
1745 <example>
1746 /closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i
1747 </example>
1748 Then all of the bug numbers listed will be closed by the
1751 </footnote>
1754 </p>
1756 <p>
1757 The maintainer name and email address used in the changelog
1758 should be the details of the person who prepared this release of
1760 uploader or usual package maintainer.<footnote>
1761 In the case of a sponsored upload, the uploader signs the
1762 files, but the changelog maintainer name and address are those
1763 of the person who prepared this release. If the preparer of
1764 the release is not one of the usual maintainers of the package
1765 (as listed in
1768 fields of the package), the first line of the changelog is
1769 conventionally used to explain why a non-maintainer is
1770 uploading the package. The Debian Developer's Reference
1772 used.</footnote>
1776 acknowledgement when the upload has been installed.
1777 </p>
1779 <p>
1781 This is the same as the format generated by <tt>date
1782 -R</tt>.
1783 </footnote> (compatible and with the same semantics of
1786 where:
1788 <item>
1789 day-of week is one of: Mon, Tue, Wed, Thu, Fri, Sat, Sun
1790 </item>
1791 <item>
1793 </item>
1794 <item>
1795 month is one of: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,
1796 Sep, Oct, Nov, Dec
1797 </item>
1802 <item>
1803 +zzzz or -zzzz is the time zone offset from Coordinated
1804 Universal Time (UTC). "+" indicates that the time is ahead
1805 of (i.e., east of) UTC and "-" indicates that the time is
1806 behind (i.e., west of) UTC. The first two digits indicate
1807 the hour difference from UTC and the last two digits
1808 indicate the number of additional minutes difference from
1810 </item>
1811 </list>
1812 </p>
1814 <p>
1815 The first "title" line with the package name must start
1816 at the left hand margin. The "trailer" line with the
1817 maintainer and date details must be preceded by exactly
1818 one space. The maintainer details and the date must be
1819 separated by exactly two spaces.
1820 </p>
1822 <p>
1823 The entire changelog must be encoded in UTF-8.
1824 </p>
1826 <p>
1827 For more information on placement of the changelog files
1829 </p>
1830 </sect>
1834 <p>
1835 Every package must be accompanied by a verbatim copy of its
1836 copyright information and distribution license in the file
1840 to copyrights for packages.
1841 </p>
1842 </sect>
1843 <sect>
1846 <p>
1848 (including your package's upstream makefiles and
1851 properties apply: if you include a miniature script as one
1852 of the commands in your makefile you'll find that if you
1853 don't do anything about it then errors are not detected
1855 problems.
1856 </p>
1858 <p>
1859 Every time you put more than one shell command (this
1860 includes using a loop) in a makefile command you
1861 must make sure that errors are trapped. For
1862 simple compound commands, such as changing directory and
1864 than semicolon as a command separator is sufficient. For
1865 more complex commands including most loops and
1867 command at the start of every makefile command that's
1868 actually one of these miniature shell scripts.
1869 </p>
1870 </sect>
1874 <p>
1875 Maintainers should preserve the modification times of the
1876 upstream source files in a package, as far as is reasonably
1877 possible.<footnote>
1878 The rationale is that there is some information conveyed
1879 by knowing the age of the file, for example, you could
1880 recognize that some documentation is very old by looking
1881 at the modification time, so it would be nice if the
1882 modification time of the upstream source would be
1883 preserved.
1884 </footnote>
1885 </p>
1886 </sect>
1891 <p>
1892 The source package may not contain any hard links<footnote>
1893 <p>
1894 This is not currently detected when building source
1895 packages, but only when extracting
1896 them.
1897 </p>
1898 <p>
1899 Hard links may be permitted at some point in the
1900 future, but would require a fair amount of
1901 work.
1902 </p>
1903 </footnote>, device special files, sockets or setuid or
1904 setgid files.<footnote>
1905 Setgid directories are allowed.
1906 </footnote>
1907 </p>
1908 </sect>
1913 <p>
1914 This file must be an executable makefile, and contains the
1915 package-specific recipes for compiling the package and
1916 building binary package(s) from the source.
1917 </p>
1919 <p>
1921 so that it can be invoked by saying its name rather than
1925 identical behavior.
1926 </p>
1928 <p>
1929 The following targets are required and must be implemented
1934 </p>
1936 <p>
1938 impossible to auto-compile that package and also makes it hard
1939 for other people to reproduce the same binary package, all
1940 required targets must be non-interactive. It also follows that
1941 any target that these targets depend on must also be
1942 non-interactive.
1943 </p>
1944 <p>
1945 For packages in the main archive, no required targets
1946 may attempt network access.
1947 </p>
1949 <p>
1950 The targets are as follows:
1951 <taglist>
1953 <item>
1954 <p>
1956 configuration and compilation of the package.
1957 If a package has an interactive pre-build
1958 configuration routine, the Debian source package
1959 must either be built after this has taken place (so
1960 that the binary package can be built without rerunning
1961 the configuration) or the configuration routine
1962 modified to become non-interactive. (The latter is
1963 preferable if there are architecture-specific features
1964 detected by the configuration routine.)
1965 </p>
1967 <p>
1968 For some packages, notably ones where the same
1969 source tree is compiled in different ways to produce
1971 does not make much sense. For these packages it is
1972 good enough to provide two (or more) targets
1974 for each of the ways of building the package, and a
1977 package in each of the possible ways and make the
1978 binary package out of each.
1979 </p>
1981 <p>
1983 that might require root privilege.
1984 </p>
1986 <p>
1989 </p>
1991 <p>
1992 When a package has a configuration and build routine
1993 which takes a long time, or when the makefiles are
1997 complete. This will ensure that if <tt>debian/rules
1998 build</tt> is run again it will not rebuild the whole
1999 program.<footnote>
2003 target to do the building and to <tt>touch
2004 build-stamp</tt> on completion. This is
2005 especially useful if the build routine creates a
2008 a phony target (i.e., as a dependency of the
2011 targets.
2012 </footnote>
2013 </p>
2014 </item>
2018 </tag>
2019 <item>
2020 <p>
2022 perform all the configuration and compilation required for
2023 producing all architecture-dependent binary packages
2024 (those packages for which the body of the
2027 target must perform all the configuration
2028 and compilation required for producing all
2029 architecture-independent binary packages (those packages
2033 should either depend on those targets or take the same
2034 actions as invoking those targets would perform.<footnote>
2035 This split allows binary-only builds to not install the
2037 target and skip any resource-intensive build tasks that
2038 are only required when building architecture-independent
2039 binary packages.
2040 </footnote>
2041 </p>
2043 <p>
2045 must not do anything that might require root privilege.
2046 </p>
2047 </item>
2051 </tag>
2052 <item>
2053 <p>
2055 necessary for the user to build the binary package(s)
2056 produced from this source package. It is
2058 the binary packages which are specific to a particular
2060 those which are not.
2061 </p>
2062 <p>
2064 no commands which simply depends on
2066 </p>
2067 <p>
2071 that the package is built if it has not been already. It
2072 should then create the relevant binary package(s),
2075 them in the parent of the top level directory.
2076 </p>
2078 <p>
2081 If one of them has nothing to do (which will always be
2082 the case if the source generates only a single binary
2083 package, whether architecture-dependent or not), it
2084 must still exist and must always succeed.
2085 </p>
2087 <p>
2089 root.<footnote>
2091 to build a package correctly even without being
2092 root.
2093 </footnote>
2094 </p>
2095 </item>
2098 <item>
2099 <p>
2102 that it should leave alone any output files created in
2104 target.
2105 </p>
2107 <p>
2110 should be removed as the first action that
2114 already done.
2115 </p>
2117 <p>
2123 example).
2124 </p>
2125 </item>
2128 <item>
2129 <p>
2130 This target fetches the most recent version of the
2131 original source package from a canonical archive site
2132 (via FTP or WWW, for example), does any necessary
2133 rearrangement to turn it into the original source
2134 tar file format described below, and leaves it in the
2135 current directory.
2136 </p>
2138 <p>
2139 This target may be invoked in any directory, and
2140 should take care to clean up any temporary files it
2141 may have left.
2142 </p>
2144 <p>
2145 This target is optional, but providing it if
2146 possible is a good idea.
2147 </p>
2148 </item>
2151 <item>
2152 <p>
2153 This target performs whatever additional actions are
2154 required to make the source ready for editing (unpacking
2155 additional upstream archives, applying patches, etc.).
2156 It is recommended to be implemented for any package where
2158 for additional modification. See
2160 </p>
2161 </item>
2162 </taglist>
2164 <p>
2167 directory being the package's top-level directory.
2168 </p>
2171 <p>
2173 either as published or undocumented interfaces or for the
2174 package's internal use.
2175 </p>
2177 <p>
2178 The architectures we build on and build for are determined
2181 You can determine the Debian architecture and the GNU style
2182 architecture specification string for the build architecture as
2183 well as for the host architecture. The build architecture is
2185 the package build is performed. The host architecture is the
2186 architecture on which the resulting package will be installed
2187 and run. These are normally the same, but may be different in
2188 the case of cross-compilation (building packages for one
2189 architecture on machines of a different architecture).
2190 </p>
2192 <p>
2195 <item>
2197 </item>
2198 <item>
2200 </item>
2201 <item>
2203 </item>
2204 <item>
2206 specification string)
2207 </item>
2208 <item>
2211 </item>
2212 <item>
2215 </list>
2218 host architecture.
2219 </p>
2221 <p>
2222 Backward compatibility can be provided in the rules file
2223 by setting the needed variables to suitable default
2224 values; please refer to the documentation of
2226 </p>
2228 <p>
2230 string only determines which Debian architecture we are
2231 building on or for. It should not be used to get the CPU
2234 GNU style variables should generally only be used with upstream
2235 build systems.
2236 </p>
2242 <p>
2243 Supporting the standardized environment variable
2245 contain several flags to change how a package is compiled and
2248 given, they must be separated by whitespace.<footnote>
2249 Some packages support any delimiter, but whitespace is the
2250 easiest to parse inside a makefile and avoids ambiguity with
2251 flag values that contain commas.
2252 </footnote>
2258 tag should not be given multiple times with conflicting
2259 values. Package maintainers may assume that
2261 </p>
2263 <p>
2264 The meaning of the following tags has been standardized:
2265 <taglist>
2267 <item>
2268 This tag says to not run any build-time test suite
2269 provided by the package.
2270 </item>
2272 <item>
2273 This tag says to skip any build steps that only generate
2274 package documentation. Files required by other sections
2275 of Debian Policy, such as copyright and changelog files,
2276 must still be generated and put in the package, but other
2277 generated documentation such as help2man-generated pages,
2278 Doxygen-generated API documentation, or info pages
2279 generated from Texinfo sources should be skipped if
2280 possible. This option does not change the set of binary
2281 packages generated by the source package, but
2282 documentation-only binary packages may be nearly empty
2283 when built with this option.
2284 </item>
2286 <item>
2287 The presence of this tag means that the package should
2288 be compiled with a minimum of optimization. For C
2291 Some programs might fail to build or run at this level
2292 of optimization; it may be necessary to use
2294 </item>
2296 <item>
2297 This tag means that the debugging symbols should not be
2298 stripped from the binary during installation, so that
2299 debugging information may be included in the package.
2300 </item>
2302 <item>
2303 This tag means that the package should be built using up
2305 system supports this.<footnote>
2309 </footnote>
2310 If the package build system does not support parallel
2311 builds, this string must be ignored. If the package
2312 build system only supports a lower level of concurrency
2314 many parallel processes as the package build system
2315 supports. It is up to the package maintainer to decide
2316 whether the package build times are long enough and the
2317 package build system is robust enough to make supporting
2318 parallel builds worthwhile.
2319 </item>
2320 </taglist>
2321 </p>
2323 <p>
2325 </p>
2327 <p>
2328 The following makefile snippet is an example of how one may
2329 implement the build options; you will probably have to
2330 massage this example in order to make it work for your
2331 package.
2333 CFLAGS = -Wall -g
2334 INSTALL = install
2335 INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
2336 INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
2337 INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755
2338 INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
2340 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
2341 CFLAGS += -O0
2342 else
2343 CFLAGS += -O2
2344 endif
2345 ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
2346 INSTALL_PROGRAM += -s
2347 endif
2348 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2349 NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2350 MAKEFLAGS += -j$(NUMJOBS)
2351 endif
2353 build:
2354 # ...
2355 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
2356 # Code to run the package test suite.
2357 endif
2358 </example>
2359 </p>
2360 </sect1>
2361 </sect>
2363 <!-- FIXME: section pkg-srcsubstvars is the same as substvars -->
2367 <p>
2371 substitutions on its output just before writing it. Variable
2374 variable substitutions to be used; variables can also be set
2376 option to the source packaging commands, and certain predefined
2377 variables are also available.
2378 </p>
2380 <p>
2384 </p>
2386 <p>
2388 details about source variable substitutions, including the
2390 </sect>
2395 <p>
2396 This is an optional, recommended configuration file for the
2398 ftp or http sites for newly available updates of the
2399 package. This is used Debian QA
2400 tools to help with quality control and maintenance of the
2401 distribution as a whole.
2402 </p>
2404 </sect>
2409 <p>
2410 This file is not a permanent part of the source tree; it
2411 is used while building packages to record which files are
2414 </p>
2416 <p>
2417 It should not exist in a shipped source package, and so it
2418 (and any backup files or temporary files such as
2424 to avoid leaving a corrupted copy if an error
2425 occurs.
2426 </footnote>) should be removed by the
2428 ensure a fresh start by emptying or removing it at the
2430 </p>
2432 <p>
2436 --build</tt> is run for that binary package. So for most
2437 packages all that needs to be done with this file is to
2439 </p>
2441 <p>
2442 If a package upload includes files besides the source
2443 package and any binary packages whose control files were
2445 placed in the parent of the package's top-level directory
2448 </sect>
2453 <p>
2454 Some software packages include in their distribution convenience
2455 copies of code from other software packages, generally so that
2456 users compiling from source don't have to download multiple
2457 packages. Debian packages should not make use of these
2458 convenience copies unless the included package is explicitly
2459 intended to be used in this way.<footnote>
2460 For example, parts of the GNU build system work like this.
2461 </footnote>
2462 If the included code is already in the Debian archive in the
2463 form of a library, the Debian packaging should ensure that
2464 binary packages reference the libraries already in Debian and
2465 the convenience copy is not used. If the included code is not
2466 already in Debian, it should be packaged separately as a
2467 prerequisite if possible.
2468 <footnote>
2469 Having multiple copies of the same code in Debian is
2470 inefficient, often creates either static linking or shared
2471 library conflicts, and, most importantly, increases the
2472 difficulty of handling security vulnerabilities in the
2473 duplicated code.
2474 </footnote>
2475 </p>
2476 </sect>
2479 <heading>Source package handling:
2482 <p>
2484 doesn't produce the source of the package, ready for editing,
2485 and allow one to make changes and run
2487 without taking any additional steps, creating a
2489 recommended. This file should explain how to do all of the
2490 following:
2491 <enumlist>
2492 <item>Generate the fully patched source, in a form ready for
2493 editing, that would be built to create Debian
2497 <item>Modify the source and save those modifications so that
2498 they will be applied when building the package.</item>
2499 <item>Remove source modifications that are currently being
2500 applied when building the package.</item>
2501 <item>Optionally, document what steps are necessary to
2502 upgrade the Debian source package to a new upstream version,
2503 if applicable.</item>
2504 </enumlist>
2505 This explanation should include specific commands and mention
2506 any additional required Debian packages. It should not assume
2507 familiarity with any specific Debian packaging system or patch
2508 management tools.
2509 </p>
2511 <p>
2512 This explanation may refer to a documentation file installed by
2513 one of the package's build dependencies provided that the
2514 referenced documentation clearly explains these tasks and is not
2515 a general reference manual.
2516 </p>
2518 <p>
2520 information that would be helpful to someone modifying the
2521 source package. Even if the package doesn't fit the above
2522 description, maintainers are encouraged to document in a
2524 particularly complex or unintuitive source layout or build
2525 system (for example, a package that builds the same source
2526 multiple times to generate different binary packages).
2527 </p>
2528 </sect>
2529 </chapt>
2535 <p>
2536 The package management system manipulates data represented in
2539 Control files are used for source packages, binary packages and
2541 of uploaded files<footnote>
2543 format.
2544 </footnote>.
2545 </p>
2550 <p>
2551 A control file consists of one or more paragraphs of
2552 fields<footnote>
2553 The paragraphs are also sometimes referred to as stanzas.
2554 </footnote>.
2555 The paragraphs are separated by empty lines. Parsers may accept
2556 lines consisting solely of spaces and tabs as paragraph
2557 separators, but control files should use empty lines. Some control
2558 files allow only one paragraph; others allow several, in
2559 which case each paragraph usually refers to a different
2560 package. (For example, in source packages, the first
2561 paragraph refers to the source package, and later paragraphs
2562 refer to binary packages generated from the source.) The
2563 ordering of the paragraphs in control files is significant.
2564 </p>
2566 <p>
2567 Each paragraph consists of a series of data fields. Each field
2568 consists of the field name followed by a colon and then the
2569 data/value associated with that field. The field name is
2570 composed of US-ASCII characters excluding control characters,
2571 space, and colon (i.e., characters in the ranges U+0021
2574 names must not begin with the comment character
2577 </p>
2579 <p>
2580 The field ends at the end of the line or at the end of the last
2581 continuation line (see below). Horizontal whitespace (spaces
2582 and tabs) may occur immediately before or after the value and is
2583 ignored there; it is conventional to put a single space after
2584 the colon. For example, a field might be:
2586 Package: libc6
2587 </example>
2590 </p>
2591 <p> Empty field values are only permitted in source package control files
2593 </p>
2594 <p>
2595 A paragraph must not contain more than one instance of a
2596 particular field name.
2597 </p>
2599 <p>
2600 There are three types of fields:
2601 <taglist>
2603 <item>
2604 The field, including its value, must be a single line. Folding
2605 of the field is not permitted. This is the default field type
2606 if the definition of the field does not specify a different
2607 type.
2608 </item>
2610 <item>
2611 The value of a folded field is a logical line that may span
2612 several lines. The lines after the first are called
2613 continuation lines and must start with a space or a tab.
2614 Whitespace, including any newlines, is not significant in the
2615 field values of folded fields.<footnote>
2616 This folding method is similar to RFC 5322, allowing control
2617 files that contain only one paragraph and no multiline fields
2618 to be read by parsers written for RFC 5322.
2619 </footnote>
2620 </item>
2622 <item>
2623 The value of a multiline field may comprise multiple continuation
2624 lines. The first line of the value, the part on the same line as
2625 the field name, often has special significance or may have to be
2626 empty. Other lines are added following the same syntax as the
2627 continuation lines of the folded fields. Whitespace, including newlines,
2628 is significant in the values of multiline fields.
2629 </item>
2630 </taglist>
2631 </p>
2633 <p>
2634 Whitespace must not appear
2635 inside names (of packages, architectures, files or anything
2636 else) or version numbers, or between the characters of
2637 multi-character version relationships.
2638 </p>
2640 <p>
2641 The presence and purpose of a field, and the syntax of its
2642 value may differ between types of control files.
2643 </p>
2645 <p>
2646 Field names are not case-sensitive, but it is usual to
2647 capitalize the field names using mixed case as shown below.
2648 Field values are case-sensitive unless the description of the
2649 field says otherwise.
2650 </p>
2652 <p>
2653 Paragraph separators (empty lines), and lines consisting only of
2655 or between fields. Empty lines in field values are usually
2656 escaped by representing them by a U+0020 SPACE followed by a
2658 </p>
2660 <p>
2662 whitespace, are comment lines that are only permitted in source
2664 comment lines are ignored, even between two continuation
2665 lines. They do not end logical lines.
2666 </p>
2668 <p>
2669 All control files must be encoded in UTF-8.
2670 </p>
2671 </sect>
2676 <p>
2678 (and version-independent) information about the source package
2679 and about the binary packages it creates.
2680 </p>
2682 <p>
2683 The first paragraph of the control file contains information about
2684 the source package in general. The subsequent sets each describe a
2685 binary package that the source tree builds.
2686 </p>
2688 <p>
2689 The fields in the general paragraph (the first one, for the source
2690 package) are:
2702 </list>
2703 </p>
2705 <p>
2706 The fields in the binary package paragraphs are:
2719 </list>
2720 </p>
2722 <p>
2723 The syntax and semantics of the fields are described below.
2724 </p>
2726 <p>
2728 generate control files for binary packages (see below), by
2734 but not in any other control
2735 file. These tools are responsible for removing the line
2736 breaks from such fields when using fields from
2738 They are also responsible for discarding empty fields.
2739 </p>
2741 <p>
2742 The fields here may contain variable references - their
2745 when they generate output control files.
2747 </p>
2748 </sect>
2753 <p>
2755 (and version-dependent) information about a binary package. It
2756 consists of a single paragraph.
2757 </p>
2759 <p>
2760 The fields in this file are:
2776 </list>
2777 </p>
2778 </sect>
2783 <p>
2784 This file consists of a single paragraph, possibly surrounded by
2785 a PGP signature. The fields of that paragraph are listed below.
2805 </list>
2806 </p>
2808 <p>
2809 The Debian source control file is generated by
2811 archive, from other files in the source package,
2812 described above. When unpacking, it is checked against
2813 the files and directories in the other parts of the
2814 source package.
2815 </p>
2817 </sect>
2822 <p>
2824 maintenance software to process updates to packages. They
2825 consist of a single paragraph, possibly surrounded by a PGP
2826 signature. That paragraph contains information from the
2830 </p>
2832 <p>
2834 incremented whenever the documented fields or their meaning
2835 change. This document describes format &changesversion;.
2836 </p>
2838 <p>
2839 The fields in this file are:
2858 </list>
2859 </p>
2860 </sect>
2868 <p>
2869 This field identifies the source package name.
2870 </p>
2872 <p>
2874 this field must contain only the name of the source package.
2875 </p>
2877 <p>
2879 file, the source package name may be followed by a version
2880 number in parentheses<footnote>
2881 It is customary to leave a space after the package name
2882 if a version number is specified.
2883 </footnote>.
2884 This version number may be omitted (and is, by
2887 question. The field itself may be omitted from a binary
2888 package control file when the source package has the same
2889 name and version as the binary package.
2890 </p>
2892 <p>
2893 Package names (both source and binary,
2898 must start with an alphanumeric character.
2899 </p>
2900 </sect1>
2905 <p>
2906 The package maintainer's name and email address. The name
2907 must come first, then the email address inside angle
2909 </p>
2911 <p>
2912 If the maintainer's name contains a full stop then the
2913 whole field will not work directly as an email address due
2914 to a misfeature in the syntax specified in RFC822; a
2915 program using this field as an address must check for this
2916 and correct the problem if necessary (for example by
2917 putting the name in round brackets and moving it to the
2918 end, and bringing the email address forward).
2919 </p>
2921 <p>
2923 information about package maintainers.
2924 </p>
2925 </sect1>
2930 <p>
2931 List of the names and email addresses of co-maintainers of the
2932 package, if any. If the package has other maintainers besides
2934 field</qref>, their names and email addresses should be listed
2935 here. The format of each entry is the same as that of the
2936 Maintainer field, and multiple entries must be comma
2937 separated.
2938 </p>
2940 <p>
2941 This is normally an optional field, but if
2944 be present and must contain at least one human with their
2945 personal email address.
2946 </p>
2948 <p>
2950 </p>
2951 </sect1>
2956 <p>
2957 The name and email address of the person who prepared this
2958 version of the package, usually a maintainer. The syntax is
2960 field</qref>.
2961 </p>
2962 </sect1>
2967 <p>
2968 This field specifies an application area into which the package
2970 </p>
2972 <p>
2974 it gives the value for the subfield of the same name in
2976 It also gives the default for the same field in the binary
2977 packages.
2978 </p>
2979 </sect1>
2984 <p>
2985 This field represents how important it is that the user
2987 </p>
2989 <p>
2991 it gives the value for the subfield of the same name in
2993 It also gives the default for the same field in the binary
2994 packages.
2995 </p>
2996 </sect1>
3001 <p>
3002 The name of the binary package.
3003 </p>
3005 <p>
3006 Binary package names must follow the same syntax and
3008 for the details.
3009 </p>
3010 </sect1>
3015 <p>
3016 Depending on context and the control file used, the
3018 values:
3019 <list>
3020 <item>
3021 A unique single word identifying a Debian machine
3023 </item>
3024 <item>
3025 An architecture wildcard identifying a set of Debian
3028 and is the most frequently used.
3029 </item>
3030 <item>
3032 architecture-independent package.
3033 </item>
3034 <item>
3036 </item>
3037 </list>
3038 </p>
3040 <p>
3042 package, this field may contain the special
3047 contents of the field. Most packages will use
3049 </p>
3051 <p>
3052 Specifying a specific list of architectures indicates that the
3053 source will build an architecture-dependent package only on
3054 architectures included in the list. Specifying a list of
3055 architecture wildcards indicates that the source will build an
3056 architecture-dependent package on only those architectures
3057 that match any of the specified architecture wildcards.
3058 Specifying a list of architectures or architecture wildcards
3060 program is not portable or is not useful on some
3061 architectures. Where possible, the program should be made
3062 portable instead.
3063 </p>
3065 <p>
3067 field contains a list of architectures and architecture
3068 wildcards separated by spaces. When the list contains the
3071 </p>
3073 <p>
3074 The list may include (or consist solely of) the special
3077 occur in combination with specific architectures.
3082 </p>
3084 <p>
3086 isn't dependent on any particular architecture and should
3087 compile fine on any one. The produced binary package(s)
3088 will be specific to whatever the current build architecture is.
3089 </p>
3091 <p>
3093 will only build architecture-independent packages.
3094 </p>
3096 <p>
3098 isn't dependent on any particular architecture. The set of
3099 produced binary packages will include at least one
3100 architecture-dependent package and one architecture-independent
3101 package.
3102 </p>
3104 <p>
3105 Specifying a list of architectures or architecture wildcards
3106 indicates that the source will build an architecture-dependent
3107 package, and will only work correctly on the listed or
3108 matching architectures. If the source package also builds at
3110 also be included in the list.
3111 </p>
3113 <p>
3115 field lists the architecture(s) of the package(s) currently
3116 being uploaded. This will be a list; if the source for the
3117 package is also being uploaded, the special
3119 present if any architecture-independent packages are being
3123 </p>
3125 <p>
3127 the architecture for the build process.
3128 </p>
3129 </sect1>
3134 <p>
3135 This is a boolean field which may occur only in the
3136 control file of a binary package or in a per-package fields
3137 paragraph of a source package control file.
3138 </p>
3140 <p>
3142 will refuse to remove the package (upgrading and replacing
3144 which is the same as not having the field at all.
3145 </p>
3146 </sect1>
3148 <sect1>
3149 <heading>Package interrelationship fields:
3154 </heading>
3156 <p>
3157 These fields describe the package's relationships with
3158 other packages. Their syntax and semantics are described
3160 </sect1>
3165 <p>
3166 The most recent version of the standards (the policy
3167 manual and associated texts) with which the package
3168 complies.
3169 </p>
3171 <p>
3172 The version number has four components: major and minor
3173 version number and major and minor patch level. When the
3174 standards change in a way that requires every package to
3175 change the major number will be changed. Significant
3176 changes that will require work in many packages will be
3177 signaled by a change to the minor number. The major patch
3178 level will be changed for any change to the meaning of the
3179 standards, however small; the minor patch level will be
3180 changed when only cosmetic, typographical or other edits
3181 are made which neither change the meaning of the document
3182 nor affect the contents of packages.
3183 </p>
3185 <p>
3186 Thus only the first three components of the policy version
3188 field, and so either these three components or all four
3189 components may be specified.<footnote>
3190 In the past, people specified the full version number
3191 in the Standards-Version field, for example "2.3.0.0".
3192 Since minor patch-level changes don't introduce new
3193 policy, it was thought it would be better to relax
3194 policy and only require the first 3 components to be
3195 specified, in this example "2.3.0". All four
3196 components may still be used if someone wishes to do so.
3197 </footnote>
3198 </p>
3200 </sect1>
3205 <p>
3206 The version number of a package. The format is:
3208 </p>
3210 <p>
3211 The three components here are:
3212 <taglist>
3214 <item>
3215 <p>
3216 This is a single (generally small) unsigned integer. It
3217 may be omitted, in which case zero is assumed. If it is
3219 contain any colons.
3220 </p>
3222 <p>
3223 It is provided to allow mistakes in the version numbers
3224 of older versions of a package, and also a package's
3225 previous version numbering schemes, to be left behind.
3226 </p>
3227 </item>
3230 <item>
3231 <p>
3232 This is the main part of the version number. It is
3233 usually the version number of the original ("upstream")
3235 if this is applicable. Usually this will be in the same
3236 format as that specified by the upstream author(s);
3237 however, it may need to be reformatted to fit into the
3238 package management system's format and comparison
3239 scheme.
3240 </p>
3242 <p>
3243 The comparison behavior of the package management system
3246 portion of the version number is mandatory.
3247 </p>
3249 <p>
3251 alphanumerics<footnote>
3253 </footnote>
3256 tilde) and should start with a digit. If there is no
3258 </p>
3259 </item>
3262 <item>
3263 <p>
3264 This part of the version number specifies the version of
3265 the Debian package based on the upstream version. It
3266 may contain only alphanumerics and the characters
3268 tilde) and is compared in the same way as the
3270 </p>
3272 <p>
3273 It is optional; if it isn't present then the
3275 This format represents the case where a piece of
3276 software was written specifically to be a Debian
3277 package, where the Debian package source must always
3278 be identical to the pristine source and therefore no
3279 revision indication is required.
3280 </p>
3282 <p>
3283 It is conventional to restart the
3286 </p>
3288 <p>
3289 The package management system will break the version
3290 number apart at the last hyphen in the string (if there
3295 </p>
3296 </item>
3297 </taglist>
3298 </p>
3300 <p>
3307 parts are compared by the package management system using the
3308 following algorithm:
3309 </p>
3311 <p>
3312 The strings are compared from left to right.
3313 </p>
3315 <p>
3316 First the initial part of each string consisting entirely of
3317 non-digit characters is determined. These two parts (one of
3318 which may be empty) are compared lexically. If a difference
3319 is found it is returned. The lexical comparison is a
3320 comparison of ASCII values modified so that all the letters
3321 sort earlier than all the non-letters and so that a tilde
3322 sorts before anything, even the end of a part. For example,
3323 the following parts are in sorted order from earliest to
3329 </footnote>
3330 </p>
3332 <p>
3333 Then the initial part of the remainder of each string which
3334 consists entirely of digit characters is determined. The
3335 numerical values of these two parts are compared, and any
3336 difference found is returned as the result of the comparison.
3337 For these purposes an empty string (which can only occur at
3338 the end of one or both version strings being compared) counts
3339 as zero.
3340 </p>
3342 <p>
3343 These two steps (comparing and removing initial non-digit
3344 strings and initial digit strings) are repeated until a
3345 difference is found or both strings are exhausted.
3346 </p>
3348 <p>
3349 Note that the purpose of epochs is to allow us to leave behind
3350 mistakes in version numbering, and to cope with situations
3351 where the version numbering scheme changes. It is
3353 strings of letters which the package management system cannot
3355 silly orderings.<footnote>
3356 The author of this manual has heard of a package whose
3359 forth.
3360 </footnote>
3361 </p>
3362 </sect1>
3367 <p>
3369 field contains a description of the binary package, consisting
3370 of two parts, the synopsis or the short description, and the
3371 long description. It is a multiline field with the following
3372 format:
3373 </p>
3375 <p>
3376 <example>
3379 </example>
3380 </p>
3382 <p>
3383 The lines in the extended description can have these formats:
3384 </p>
3386 <p><list>
3388 <item>
3389 Those starting with a single space are part of a paragraph.
3390 Successive lines of this form will be word-wrapped when
3391 displayed. The leading space will usually be stripped off.
3392 The line must contain at least one non-whitespace character.
3393 </item>
3395 <item>
3396 Those starting with two or more spaces. These will be
3397 displayed verbatim. If the display cannot be panned
3398 horizontally, the displaying program will line wrap them "hard"
3399 (i.e., without taking account of word breaks). If it can they
3400 will be allowed to trail off to the right. None, one or two
3401 initial spaces may be deleted, but the number of spaces
3402 deleted from each line will be the same (so that you can have
3403 indenting work correctly, for example). The line must
3404 contain at least one non-whitespace character.
3405 </item>
3407 <item>
3408 Those containing a single space followed by a single full stop
3409 character. These are rendered as blank lines. This is the
3411 Completely empty lines will not be rendered as blank lines.
3412 Instead, they will cause the parser to think you're starting
3413 a whole new record in the control file, and will therefore
3414 likely abort with an error.
3415 </footnote>.
3416 </item>
3418 <item>
3419 Those containing a space, a full stop and some more characters.
3420 These are for future expansion. Do not use them.
3421 </item>
3423 </list></p>
3425 <p>
3426 Do not use tab characters. Their effect is not predictable.
3427 </p>
3429 <p>
3431 </p>
3433 <p>
3435 field contains a summary of the descriptions for the packages
3436 being uploaded. For this case, the first line of the field
3438 always empty. It is a multiline field, with one
3439 line per package. Each line is
3440 indented by one space and contains the name of a binary
3442 short description line from that package.
3443 </p>
3444 </sect1>
3449 <p>
3451 this contains the (space-separated) name(s) of the
3452 distribution(s) where this version of the package should
3453 be installed. Valid distributions are determined by the
3454 archive maintainers.<footnote>
3455 Example distribution names in the Debian archive used in
3459 <item>
3460 This distribution value refers to the
3462 tree. Most new packages, new upstream versions of
3464 directory tree.
3465 </item>
3468 <item>
3469 The packages with this distribution value are deemed
3470 by their maintainers to be high risk. Oftentimes they
3471 represent early beta or developmental packages from
3472 various sources that the maintainers want people to
3473 try, but are not ready to be a part of the other parts
3474 of the Debian distribution tree.
3475 </item>
3476 </taglist>
3478 <p>
3479 Others are used for updating stable releases or for
3480 security uploads. More information is available in the
3481 Debian Developer's Reference, section "The Debian
3482 archive".
3483 </p>
3484 </footnote>
3485 The Debian archive software only supports listing a single
3486 distribution. Migration of packages to other distributions is
3487 handled outside of the upload process.
3488 </p>
3489 </sect1>
3494 <p>
3495 This field includes the date the package was built or last
3498 </p>
3500 <p>
3501 The value of this field is usually extracted from the
3504 </p>
3505 </sect1>
3510 <p>
3512 files, this field declares the format version of that file.
3513 The syntax of the field value is the same as that of
3515 that no epoch or Debian revision is allowed. The format
3517 </p>
3519 <p>
3521 Debian source control</qref> files, this field declares the
3522 format of the source package. The field value is used by
3523 programs acting on a source package to interpret the list of
3524 files in the source package and determine how to unpack it.
3525 The syntax of the field value is a numeric major revision, a
3526 period, a numeric minor revision, and then an optional subtype
3527 after whitespace, which if specified is an alphanumeric word
3528 in parentheses. The subtype is optional in the syntax but may
3529 be mandatory for particular source format revisions.
3530 <footnote>
3531 The source formats currently supported by the Debian archive
3534 </footnote>
3535 </p>
3536 </sect1>
3541 <p>
3542 This is a description of how important it is to upgrade to
3543 this version from previous ones. It consists of a single
3547 Other urgency values are supported with configuration
3548 changes in the archive software but are not used in Debian.
3549 The urgency affects how quickly a package will be considered
3551 gives an indication of the importance of any fixes included
3553 treated as synonymous.
3554 </footnote> (not case-sensitive) followed by an optional
3555 commentary (separated by a space) which is usually in
3556 parentheses. For example:
3558 <example>
3559 Urgency: low (HIGH for users of diversions)
3560 </example>
3562 </p>
3564 <p>
3565 The value of this field is usually extracted from the
3568 </p>
3569 </sect1>
3574 <p>
3575 This multiline field contains the human-readable changes data, describing
3576 the differences between the last version and the current one.
3577 </p>
3579 <p>
3580 The first line of the field value (the part on the same line
3582 field is expressed as continuation lines, with each line
3583 indented by at least one space. Blank lines must be
3584 represented by a line consisting only of a space and a full
3586 </p>
3588 <p>
3589 The value of this field is usually extracted from the
3592 </p>
3594 <p>
3595 Each version's change information should be preceded by a
3596 "title" line giving at least the version, distribution(s)
3597 and urgency, in a human-readable way.
3598 </p>
3600 <p>
3601 If data from several versions is being returned the entry
3602 for the most recent version should be returned first, and
3603 entries should be separated by the representation of a
3604 blank line (the "title" line may also be followed by the
3605 representation of a blank line).
3606 </p>
3607 </sect1>
3612 <p>
3613 This folded field is a list of binary packages. Its syntax and
3614 meaning varies depending on the control file in which it
3615 appears.
3616 </p>
3618 <p>
3620 packages which a source package can produce, separated by
3621 commas<footnote>
3622 A space after each comma is conventional.
3623 </footnote>. The source package
3624 does not necessarily produce all of these binary packages for
3625 every architecture. The source control file doesn't contain
3626 details of which architectures are appropriate for which of
3627 the binary packages.
3628 </p>
3630 <p>
3632 names of the binary packages being uploaded, separated by
3633 whitespace (not commas).
3634 </p>
3635 </sect1>
3640 <p>
3641 This field appears in the control files of binary packages,
3643 of the total amount of disk space required to install the
3644 named package. Actual installed size may vary based on block
3645 size, file system properties, or actions taken by package
3646 maintainer scripts.
3647 </p>
3649 <p>
3650 The disk space is given as the integer value of the estimated
3651 installed size in bytes, divided by 1024 and rounded up.
3652 </p>
3653 </sect1>
3658 <p>
3659 This field contains a list of files with information about
3660 each one. The exact information and syntax varies with
3661 the context.
3662 </p>
3664 <p>
3665 In all cases, Files is a multiline field. The first line of
3667 is always empty. The content of the field is expressed as
3668 continuation lines, one line per file. Each line must be
3669 indented by one space and contain a number of sub-fields,
3670 separated by spaces, as described below.
3671 </p>
3673 <p>
3675 checksum, size and filename of the tar file and (if
3676 applicable) diff file which make up the remainder of the
3677 source package<footnote>
3679 </footnote>. For example:
3680 <example>
3681 Files:
3682 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
3684 </example>
3685 The exact forms of the filenames are described
3687 </p>
3689 <p>
3691 file being uploaded. Each line contains the MD5 checksum,
3692 size, section and priority and the filename. For example:
3693 <example>
3694 Files:
3696 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
3699 </example>
3702 the corresponding fields in the main source control file. If
3704 used, though section and priority values must be specified for
3705 new packages to be installed properly.
3706 </p>
3708 <p>
3711 is not an ordinary package file and must be installed by
3712 hand by the distribution maintainers. If the section is
3714 </p>
3716 <p>
3717 If a new Debian revision of a package is being shipped and
3718 no new original source archive is being distributed the
3720 entry for the original source archive
3723 this case the original source archive on the distribution
3724 site must match exactly, byte-for-byte, the original
3725 source archive which was used to generate the
3727 </sect1>
3732 <p>
3733 A space-separated list of bug report numbers that the upload
3734 governed by the .changes file closes.
3735 </p>
3736 </sect1>
3741 <p>
3742 The URL of the web site for this package, preferably (when
3743 applicable) the site from which the original source can be
3744 obtained and any additional upstream documentation or
3745 information may be found. The content of this field is a
3746 simple URL without any surrounding characters such as
3748 </p>
3749 </sect1>
3755 <p>
3756 These multiline fields contain a list of files with a checksum and size
3759 only in the checksum algorithm used: SHA-1
3762 </p>
3764 <p>
3766 multiline fields. The first line of the field value (the part
3769 of the field is expressed as continuation lines, one line per
3770 file. Each line consists of the checksum, a space, the file
3771 size, a space, and the file name. For example (from
3773 <example>
3774 Checksums-Sha1:
3776 a0ed1456fad61116f868b1855530dbe948e20f06 171602 example_1.0.orig.tar.gz
3779 Checksums-Sha256:
3781 0d123be7f51e61c4bf15e5c492b484054be7e90f3081608a5517007bfb1fd128 171602 example_1.0.orig.tar.gz
3782 f54ae966a5f580571ae7d9ef5e1df0bd42d63e27cb505b27957351a495bc6288 6137 example_1.0-1.debian.tar.gz
3784 </example>
3785 </p>
3787 <p>
3789 files that make up the source package. In
3791 files being uploaded. The list of files in these fields
3793 </p>
3794 </sect1>
3796 <sect1>
3799 <p>
3801 </p>
3802 </sect1>
3807 <p>
3808 Debian source packages are increasingly developed using VCSs. The
3809 purpose of the following fields is to indicate a publicly accessible
3810 repository where the Debian source package is developed.
3812 <taglist>
3814 <item>
3815 <p>
3816 URL of a web interface for browsing the repository.
3817 </p>
3818 </item>
3820 <tag>
3824 (Subversion)
3825 </tag>
3826 <item>
3827 <p>
3828 The field name identifies the VCS. The field's value uses the
3829 version control system's conventional syntax for describing
3830 repository locations and should be sufficient to locate the
3831 repository used for packaging. Ideally, it also locates the
3832 branch used for development of new versions of the Debian
3833 package.
3834 </p>
3835 <p>
3836 In the case of Git, the value consists of a URL, optionally
3838 the indicated repository, following the syntax of the
3840 packaging should be on the default branch.
3841 </p>
3842 <p>
3843 More than one different VCS may be specified for the same
3844 package.
3845 </p>
3846 </item>
3847 </taglist>
3848 </p>
3849 </sect1>
3854 <p>
3855 Multiline field listing all the packages that can be built from
3856 the source package, considering every architecture. The first line
3857 of the field value is empty. Each one of the next lines describes
3858 one binary package, by listing its name, type, section and priority
3859 separated by spaces. Fifth and subsequent space-separated items
3860 may be present and parsers must allow them. See the
3862 package types.
3863 </p>
3864 </sect1>
3869 <p>
3870 Simple field containing a word indicating the type of package:
3872 packages. Other types not defined here may be indicated. In
3875 this value is assumed for paragraphs lacking this field.
3876 </p>
3877 </sect1>
3882 <p>
3883 Folded field containing a single git commit hash, presented in
3884 full, followed optionally by whitespace and other data to be
3885 defined in future extensions.
3886 </p>
3888 <p>
3889 Declares that the source package corresponds exactly to a
3890 referenced commit in a Git repository available at the canonical
3892 bidirectional gateway between the Debian archive and Git. The
3893 commit is reachable from at least one reference whose name matches
3895 further details.
3896 </p>
3897 </sect1>
3898 </sect>
3900 <sect>
3903 <p>
3904 Additional user-defined fields may be added to the
3905 source package control file. Such fields will be
3906 ignored, and not copied to (for example) binary or
3907 Debian source control files or upload control files.
3908 </p>
3910 <p>
3911 If you wish to add additional unsupported fields to
3912 these output files you should use the mechanism
3913 described here.
3914 </p>
3916 <p>
3917 Fields in the main source control information file with
3920 be copied to the output files. Only the part of the
3921 field name after the hyphen will be used in the output
3923 will appear in binary package control files, where the
3927 </p>
3929 <p>
3930 For example, if the main source information control file
3931 contains the field
3932 <example>
3933 XBS-Comment: I stand between the candle and the star.
3934 </example>
3935 then the binary and Debian source control files will contain the
3936 field
3937 <example>
3938 Comment: I stand between the candle and the star.
3939 </example>
3940 </p>
3942 </sect>
3947 <p>
3948 The following fields have been obsoleted and may be found in packages
3949 conforming with previous versions of the Policy.
3950 </p>
3955 <p>
3956 Indicates that Debian Maintainers may upload this package to
3958 field was used to regulate uploads by Debian Maintainers, See the
3961 </p>
3962 </sect1>
3964 </sect>
3966 </chapt>
3972 <sect>
3975 <p>
3976 It is possible to supply scripts as part of a package which
3977 the package management system will run for you when your
3978 package is installed, upgraded or removed.
3979 </p>
3981 <p>
3982 These scripts are the control information
3985 if they are scripts (which is recommended), they must start with
3987 executable by anyone, and must not be world-writable.
3988 </p>
3990 <p>
3991 The package management system looks at the exit status from
3992 these scripts. It is important that they exit with a
3993 non-zero status if there is an error, so that the package
3994 management system can stop its processing. For shell
3997 scripts, in fact). It is also important, of course, that
3998 they exit with a zero status if everything went well.
3999 </p>
4001 <p>
4002 Additionally, packages interacting with users
4006 </p>
4008 <p>
4009 When a package is upgraded a combination of the scripts from
4010 the old and new packages is called during the upgrade
4011 procedure. If your scripts are going to be at all
4012 complicated you need to be aware of this, and may need to
4013 check the arguments to your scripts.
4014 </p>
4016 <p>
4018 (a particular version of) a package is unpacked, and the
4020 before (a version of) a package is removed and the
4022 </p>
4024 <p>
4025 Programs called from maintainer scripts should not normally
4026 have a path prepended to them. Before installation is
4027 started, the package management system checks to see if the
4031 other program that one would expect to be in the
4033 pathname. Maintainer scripts should also not reset the
4035 prepending or appending package-specific directories. These
4036 considerations really apply to all shell scripts.</p>
4037 </sect>
4042 <p>
4043 It is necessary for the error recovery procedures that the
4044 scripts be idempotent. This means that if it is run
4045 successfully, and then it is called again, it doesn't bomb
4046 out or cause any harm, but just ensures that everything is
4047 the way it ought to be. If the first call failed, or
4048 aborted half way through for some reason, the second call
4049 should merely do the things that were left undone the first
4050 time, if any, and exit with a success status if everything
4051 is OK.<footnote>
4052 This is so that if an error occurs, the user interrupts
4054 happens you don't leave the user with a badly-broken
4056 action.
4057 </footnote>
4058 </p>
4059 </sect>
4064 <p>
4065 Maintainer scripts are not guaranteed to run with a controlling
4066 terminal and may not be able to interact with the user. They
4067 must be able to fall back to noninteractive behavior if no
4068 controlling terminal is available. Maintainer scripts that
4069 prompt via a program conforming to the Debian Configuration
4071 assume that program will handle falling back to noninteractive
4072 behavior.
4073 </p>
4075 <p>
4076 For high-priority prompts without a reasonable default answer,
4077 maintainer scripts may abort if there is no controlling
4078 terminal. However, this situation should be avoided if at all
4079 possible, since it prevents automated or unattended installs.
4080 In most cases, users will consider this to be a bug in the
4081 package.
4082 </p>
4083 </sect>
4088 <p>
4089 Each script must return a zero exit status for
4090 success, or a nonzero one for failure, since the package
4091 management system looks for the exit status of these scripts
4092 and determines what action to take next based on that datum.
4093 </p>
4094 </sect>
4097 scripts are called
4098 </heading>
4100 <p>
4101 What follows is a summary of all the ways in which maintainer
4102 scripts may be called along with what facilities those scripts
4103 may rely on being available at that time. Script names preceded
4105 package being installed, upgraded to, or downgraded to. Script
4107 version of a package that is being upgraded from or downgraded
4108 from.
4109 </p>
4111 <p>
4113 ways:
4114 <taglist>
4120 <item>
4121 The package will not yet be unpacked, so
4123 included in its package. Only essential packages and
4125 available. Pre-dependencies will have been configured at
4128 state if a previous version of the pre-dependency was
4129 completely configured and has not been removed since then.
4130 </item>
4134 <item>
4135 Called during error handling of an upgrade that failed after
4136 unpacking the new package because the <tt>postrm
4137 upgrade</tt> action failed. The unpacked files may be
4138 partly from the new version or partly missing, so the script
4139 cannot rely on files included in the package. Package
4140 dependencies may not be available. Pre-dependencies will be
4141 at least "Unpacked" following the same rules as above, except
4142 they may be only "Half-Installed" if an upgrade of the
4143 pre-dependency failed.<footnote>
4144 This can happen if the new version of the package no
4145 longer pre-depends on a package that had been partially
4146 upgraded.
4147 </footnote>
4148 </item>
4149 </taglist>
4150 </p>
4152 <p>
4154 ways:
4155 <taglist>
4158 <item>
4159 The files contained in the package will be unpacked. All
4160 package dependencies will at least be "Unpacked". If there
4161 are no circular dependencies involved, all package
4162 dependencies will be configured. For behavior in the case
4163 of circular dependencies, see the discussion
4165 </item>
4178 <item>
4179 The files contained in the package will be unpacked. All
4180 package dependencies will at least be "Half-Installed" and
4181 will have previously been configured and not removed.
4182 However, dependencies may not be configured or even fully
4183 unpacked in some error situations.<footnote>
4184 For example, suppose packages foo and bar are "Installed"
4185 with foo depending on bar. If an upgrade of bar were
4186 started and then aborted, and then an attempt to remove
4189 bar only "Half-Installed".
4190 </footnote>
4192 for which its dependencies are required, since they will
4193 normally be available, but consider the correct error
4194 handling approach if those actions fail. Aborting
4196 from the package dependencies are not available is often the
4197 best approach.
4198 </item>
4199 </taglist>
4200 </p>
4202 <p>
4204 ways:
4205 <taglist>
4216 <item>
4218 at least "Half-Installed". All package dependencies will at
4219 least be "Half-Installed" and will have previously been
4220 configured and not removed. If there was no error, all
4221 dependencies will at least be "Unpacked", but these actions
4222 may be called in various error states where dependencies are
4223 only "Half-Installed" due to a partial upgrade.
4224 </item>
4228 <item>
4230 fails. The new package will not yet be unpacked, and all
4232 </item>
4233 </taglist>
4234 </p>
4236 <p>
4238 ways:
4239 <taglist>
4246 <item>
4248 files have been removed or replaced. The package
4250 previously been deconfigured and only be "Unpacked", at which
4251 point subsequent package changes do not consider its
4253 may only rely on essential packages and must gracefully skip
4254 any actions that require the package's dependencies if those
4255 dependencies are unavailable.<footnote>
4256 This is often done by checking whether the command or
4258 available before calling it. For example:
4259 <example>
4260 if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
4261 . /usr/share/debconf/confmodule
4262 db_purge
4263 fi
4264 </example>
4266 configuration for the package
4268 </footnote>
4269 </item>
4273 <item>
4275 The new package will be unpacked, but only essential
4276 packages and pre-dependencies can be relied on.
4277 Pre-dependencies will either be configured or will be
4279 configured and was never removed.
4280 </item>
4287 <item>
4288 Called before unpacking the new package as part of the
4291 </item>
4292 </taglist>
4293 </p>
4294 </sect>
4299 <p>
4300 The procedure on installation/upgrade/overwrite/disappear
4303 case, if a major error occurs (unless listed below) the
4304 actions are, in general, run backwards - this means that the
4305 maintainer scripts are run with different arguments in
4306 reverse order. These are the "error unwind" calls listed
4307 below.
4309 <enumlist>
4310 <item>
4311 <enumlist>
4312 <item>
4313 If a version of the package is already "Installed", call
4316 </example>
4317 </item>
4318 <item>
4319 If the script runs but exits with a non-zero
4323 </example>
4324 If this works, the upgrade continues. If this
4325 does not work, the error unwind:
4328 </example>
4329 If this works, then the old-version is
4330 "Installed", if not, the old version is in a
4331 "Half-Configured" state.
4332 </item>
4333 </enumlist>
4334 </item>
4336 <item>
4337 If a "conflicting" package is being removed at the same time,
4339 <enumlist>
4340 <item>
4342 specified, call, for each package to be deconfigured
4347 </example>
4348 Error unwind:
4352 </example>
4353 The deconfigured packages are marked as
4354 requiring configuration, so that if
4356 configured again if possible.
4357 </item>
4358 <item>
4359 If any packages depended on a conflicting
4361 specified, call, for each such package:
4366 </example>
4367 Error unwind:
4372 </example>
4373 The deconfigured packages are marked as
4374 requiring configuration, so that if
4376 configured again if possible.
4377 </item>
4378 <item>
4379 To prepare for removal of each conflicting package, call:
4383 </example>
4384 Error unwind:
4388 </example>
4389 </item>
4390 </enumlist>
4391 </item>
4393 <item>
4394 <enumlist>
4395 <item>
4396 If the package is being upgraded, call:
4399 </example>
4400 If this fails, we call:
4401 <example>
4403 </example>
4404 <enumlist>
4405 <item>
4406 <p>
4407 If that works, then
4408 <example>
4410 </example>
4411 is called. If this works, then the old version
4412 is in an "Installed" state, or else it is left
4413 in an "Unpacked" state.
4414 </p>
4415 </item>
4416 <item>
4417 <p>
4418 If it fails, then the old version is left
4419 in an "Half-Installed" state.
4420 </p>
4421 </item>
4422 </enumlist>
4424 </item>
4425 <item>
4426 Otherwise, if the package had some configuration
4427 files from a previous version installed (i.e., it
4428 is in the "Config-Files" state):
4431 </example>
4432 Error unwind:
4433 <example>
4435 </example>
4436 If this fails, the package is left in a
4437 "Half-Installed" state, which requires a
4438 reinstall. If it works, the packages is left in
4439 a "Config-Files" state.
4440 </item>
4441 <item>
4442 Otherwise (i.e., the package was completely purged):
4445 </example>
4446 Error unwind:
4449 </example>
4450 If the error-unwind fails, the package is in a
4451 "Half-Installed" phase, and requires a
4452 reinstall. If the error unwind works, the
4453 package is in the "Not-Installed" state.
4454 </item>
4455 </enumlist>
4456 </item>
4458 <item>
4459 <p>
4460 The new package's files are unpacked, overwriting any
4461 that may be on the system already, for example any
4462 from the old version of the same package or from
4463 another package. Backups of the old files are kept
4464 temporarily, and if anything goes wrong the package
4465 management system will attempt to put them back as
4466 part of the error unwind.
4467 </p>
4469 <p>
4470 It is an error for a package to contain files which
4471 are on the system in another package, unless
4473 <!--
4474 The following paragraph is not currently the case:
4475 Currently the <tt>- - force-overwrite</tt> flag is
4476 enabled, downgrading it to a warning, but this may not
4477 always be the case.
4478 -->
4479 </p>
4481 <p>
4482 It is a more serious error for a package to contain a
4483 plain file or other kind of non-directory where another
4484 package has a directory (again, unless
4486 overridden if desired using
4488 advisable.
4489 </p>
4491 <p>
4492 Packages which overwrite each other's files produce
4493 behavior which, though deterministic, is hard for the
4494 system administrator to understand. It can easily
4495 lead to "missing" programs if, for example, a package
4496 is unpacked which overwrites a file from another
4497 package, and is then removed again.<footnote>
4498 Part of the problem is due to what is arguably a
4500 </footnote>
4501 </p>
4503 <p>
4504 A directory will never be replaced by a symbolic link
4505 to a directory or vice versa; instead, the existing
4506 state (symlink or not) will be left alone and
4508 one.
4509 </p>
4510 </item>
4512 <item>
4513 <p>
4514 <enumlist>
4515 <item>
4516 If the package is being upgraded, call
4519 </example>
4520 </item>
4521 <item>
4525 </example>
4526 If this works, installation continues. If not,
4527 Error unwind:
4530 </example>
4531 If this fails, the old version is left in a
4532 "Half-Installed" state. If it works, dpkg now
4533 calls:
4536 </example>
4537 If this fails, the old version is left in a
4538 "Half-Installed" state. If it works, dpkg now
4539 calls:
4542 </example>
4543 If this fails, the old version is in an
4544 "Unpacked" state.
4545 </item>
4546 </enumlist>
4547 </p>
4549 <p>
4550 This is the point of no return - if
4552 past this point if an error occurs. This will
4553 leave the package in a fairly bad state, which
4554 will require a successful re-installation to clear
4556 things that are irreversible.
4557 </p>
4558 </item>
4560 <item>
4561 Any files which were in the old version of the package
4562 but not in the new are removed.
4563 </item>
4565 <item>
4566 The new file list replaces the old.
4567 </item>
4569 <item>
4570 The new maintainer scripts replace the old.
4571 </item>
4573 <item>
4574 Any packages all of whose files have been overwritten
4575 during the installation, and which aren't required for
4576 dependencies, are considered to have been removed.
4577 For each such package
4578 <enumlist>
4579 <item>
4584 </example>
4585 </item>
4586 <item>
4587 The package's maintainer scripts are removed.
4588 </item>
4589 <item>
4590 It is noted in the status database as being in a
4591 sane state, namely "Not-Installed" (any conffiles
4592 it may have are ignored, rather than being
4594 disappearing packages do not have their prerm
4596 in advance that the package is going to
4597 vanish.
4598 </item>
4599 </enumlist>
4600 </item>
4602 <item>
4603 Any files in the package we're unpacking that are also
4604 listed in the file lists of other packages are removed
4605 from those lists. (This will lobotomize the file list
4606 of the "conflicting" package if there is one.)
4607 </item>
4609 <item>
4610 The backup files made during installation, above, are
4611 deleted.
4612 </item>
4614 <item>
4615 <p>
4616 The new package's status is now sane, and recorded as
4617 "Unpacked".
4618 </p>
4620 <p>
4621 Here is another point of no return - if the
4622 conflicting package's removal fails we do not unwind
4623 the rest of the installation; the conflicting package
4624 is left in a half-removed limbo.
4625 </p>
4626 </item>
4628 <item>
4629 If there was a conflicting package we go and do the
4630 removal actions (described below), starting with the
4631 removal of the conflicting package's files (any that
4632 are also in the package being unpacked have already
4633 been removed from the conflicting package's file list,
4634 and so do not get removed now).
4635 </item>
4636 </enumlist>
4637 </p>
4638 </sect>
4642 <p>
4643 When we configure a package (this happens with <tt>dpkg
4648 </example>
4649 </p>
4651 <p>
4652 No attempt is made to unwind after errors during
4653 configuration. If the configuration fails, the package is in
4654 a "Half-Configured" state, and an error message is generated.
4655 </p>
4657 <p>
4658 If there is no most recently configured version
4660 <footnote>
4661 <p>
4662 Historical note: Truly ancient (pre-1997) versions of
4664 (including the angle brackets) in this case. Even older
4665 ones did not pass a second argument at all, under any
4666 circumstance. Note that upgrades using such an old dpkg
4667 version are unlikely to work for other reasons, even if
4668 this old argument behavior is handled by your postinst script.
4669 </p>
4670 </footnote>
4671 </p>
4672 </sect>
4675 configuration purging</heading>
4677 <p>
4678 <enumlist>
4679 <item>
4680 <p>
4683 </example>
4684 </p>
4685 <p>
4686 If prerm fails during replacement due to conflict
4687 <example>
4690 </example>
4691 Or else we call:
4692 <example>
4694 </example>
4695 </p>
4696 <p>
4697 If this fails, the package is in a "Half-Configured"
4698 state, or else it remains "Installed".
4699 </p>
4700 </item>
4701 <item>
4703 </item>
4704 <item>
4707 </example>
4709 <p>
4710 If it fails, there's no error unwind, and the package is in
4711 an "Half-Installed" state.
4712 </p>
4713 </item>
4714 <item>
4715 <p>
4717 are removed.
4718 </p>
4720 <p>
4721 If we aren't purging the package we stop here. Note
4724 removed, as there is no difference except for the
4726 </p>
4727 </item>
4728 <item>
4732 are removed.
4733 </item>
4734 <item>
4735 <p>
4738 </example>
4739 </p>
4740 <p>
4741 If this fails, the package remains in a "Config-Files"
4742 state.
4743 </p>
4744 </item>
4745 <item>
4746 The package's file list is removed.
4747 </item>
4748 </enumlist>
4750 </p>
4751 </sect>
4752 </chapt>
4761 <p>
4762 These fields all have a uniform syntax. They are a list of
4763 package names separated by commas.
4764 </p>
4766 <p>
4771 control fields of the package, which declare
4772 dependencies on other packages, the package names listed may
4773 also include lists of alternative package names, separated
4775 that part of the dependency can be satisfied by any one of
4776 the alternative packages.
4777 </p>
4779 <p>
4781 their applicability to particular versions of each named
4782 package. This is done in parentheses after each individual
4783 package name; the parentheses should contain a relation from
4784 the list below followed by a version number, in the format
4786 </p>
4788 <p>
4791 earlier, earlier or equal, exactly equal, later or equal and
4792 strictly later, respectively.<footnote>
4794 allowed, but they were confusingly defined to mean
4795 earlier/later or equal rather than strictly
4797 warning, but they are no longer allowed by Debian Policy.
4798 </footnote>
4799 </p>
4801 <p>
4802 Whitespace may appear at any point in the version
4803 specification subject to the rules in <ref
4805 disambiguate; it is not otherwise significant. All of the
4806 relationship fields can only be folded in source package control files. For
4807 consistency and in case of future changes to
4809 used after a version relationship and before a version
4810 number; it is also conventional to put a single space after
4811 each comma, on either side of each vertical bar, and before
4812 each open parenthesis. When opening a continuation line in a relationship field, it
4813 is conventional to do so after a comma and before the space
4814 following that comma.
4815 </p>
4817 <p>
4818 For example, a list of dependencies might appear as:
4820 Package: mutt
4823 </example>
4824 </p>
4826 <p>
4827 Relationships may be restricted to a certain set of
4828 architectures. This is indicated in brackets after each
4829 individual package name and the optional version specification.
4830 The brackets enclose a non-empty list of Debian architecture names
4832 separated by whitespace. Exclamation marks may be prepended to
4833 each of the names. (It is not permitted for some names to be
4834 prepended with exclamation marks while others aren't.)
4835 </p>
4837 <p>
4838 For build relationship fields
4842 the current Debian host architecture is not in this list and
4843 there are no exclamation marks in the list, or it is in the list
4844 with a prepended exclamation mark, the package name and the
4845 associated version specification are ignored completely for the
4846 purposes of defining the relationships.
4847 </p>
4849 <p>
4850 For example:
4852 Source: glibc
4853 Build-Depends-Indep: texinfo
4854 Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
4855 hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
4856 </example>
4860 showing multiple architectures separated by spaces:
4862 Build-Depends:
4863 libluajit5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc mips],
4864 liblua5.1-dev [hurd-i386 ia64 kfreebsd-amd64 s390x sparc],
4865 </example>
4866 </p>
4868 <p>
4870 field, the architecture restriction
4871 syntax is only supported in the source package control
4873 package control file is generated, the relationship will either
4874 be omitted or included without the architecture restriction
4875 based on the architecture of the binary package. This means
4876 that architecture restrictions must not be used in binary
4877 relationship fields for architecture-independent packages
4879 </p>
4881 <p>
4882 For example:
4884 Depends: foo [i386], bar [amd64]
4885 </example>
4889 entirely in binary packages built on all other architectures.
4890 </p>
4892 <p>
4893 If the architecture-restricted dependency is part of a set of
4895 completely on architectures that do not match the restriction.
4896 For example:
4898 Build-Depends: foo [!i386] | bar [!amd64]
4899 </example>
4902 bar</tt> on all other architectures.
4903 </p>
4905 <p>
4906 Relationships may also be restricted to a certain set of
4907 architectures using architecture wildcards in the format
4909 declaring such restrictions is the same as declaring
4910 restrictions using a certain set of architectures without
4911 architecture wildcards. For example:
4913 Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
4914 </example>
4918 using a kernel other than Linux.
4919 </p>
4921 <p>
4922 Note that the binary package relationship fields such as
4924 sections of the control file, whereas the build-time
4926 source package section of the control file (which is the
4927 first section).
4928 </p>
4929 </sect>
4935 </heading>
4937 <p>
4938 Packages can declare in their control file that they have
4939 certain relationships to other packages - for example, that
4940 they may not be installed at the same time as certain other
4941 packages, and/or that they depend on the presence of others.
4942 </p>
4944 <p>
4950 rest are described below.
4951 </p>
4953 <p>
4954 These seven fields are used to declare a dependency
4955 relationship by one package on another. Except for
4957 depending (binary) package's control file.
4960 depended-on package which causes the named package to
4961 break).
4962 </p>
4964 <p>
4966 package is to be configured. It does not prevent a package
4967 being on the system in an unconfigured state while its
4968 dependencies are unsatisfied, and it is possible to replace
4969 a package whose dependencies are satisfied and which is
4970 properly installed with a different version whose
4971 dependencies are not and cannot be satisfied; when this is
4972 done the depending package will be left unconfigured (since
4973 attempts to configure it will give errors) and will not
4974 function properly. If it is necessary, a
4976 effect even when a package is being unpacked, as explained
4977 in detail below. (The other three dependency fields,
4982 </p>
4984 <p>
4986 which packages are configured, packages in an installation run
4987 are usually all unpacked first and all configured later.
4988 <footnote>
4989 This approach makes dependency resolution easier. If two
4990 packages A and B are being upgraded, the installed package A
4991 depends on exactly the installed package B, and the new
4992 package A depends on exactly the new package B (a common
4993 situation when upgrading shared libraries and their
4994 corresponding development packages), satisfying the
4995 dependencies at every stage of the upgrade would be
4996 impossible. This relaxed restriction means that both new
4997 packages can be unpacked together and then configured in their
4998 dependency order.
4999 </footnote>
5000 </p>
5002 <p>
5003 If there is a circular dependency among packages being installed
5004 or removed, installation or removal order honoring the
5005 dependency order is impossible, requiring the dependency loop be
5006 broken at some point and the dependency requirements violated
5007 for at least one package. Packages involved in circular
5008 dependencies may not be able to rely on their dependencies being
5009 configured before they themselves are configured, depending on
5010 which side of the break of the circular dependency loop they
5011 happen to be on. If one of the packages in the loop has
5014 scripts are run with their dependencies properly configured if
5015 this is possible. Otherwise the breaking point is arbitrary.
5016 Packages should therefore avoid circular dependencies where
5018 scripts.
5019 </p>
5021 <p>
5022 The meaning of the five dependency fields is as follows:
5023 <taglist>
5025 <item>
5026 <p>
5027 This declares an absolute dependency. A package will
5028 not be configured unless all of the packages listed in
5030 configured (unless there is a circular dependency as
5031 described above).
5032 </p>
5034 <p>
5036 depended-on package is required for the depending
5037 package to provide a significant amount of
5038 functionality.
5039 </p>
5041 <p>
5044 require the depended-on package to be unpacked or
5045 configured in order to run. In the case of <tt>postinst
5046 configure</tt>, the depended-on packages will be unpacked
5047 and configured first. (If both packages are involved in a
5048 dependency loop, this might not work as expected; see the
5049 explanation a few paragraphs back.) In the case
5051 actions, the package dependencies will normally be at
5052 least unpacked, but they may be only "Half-Installed" if a
5053 previous upgrade of the dependency failed.
5054 </p>
5056 <p>
5059 script to fully clean up after the package removal. There
5060 is no guarantee that package dependencies will be
5062 depended-on package is more likely to be available if the
5063 package declares a dependency (particularly in the case
5065 script must gracefully skip actions that require a
5066 dependency if that dependency isn't available.
5067 </p>
5068 </item>
5071 <item>
5072 <p>
5073 This declares a strong, but not absolute, dependency.
5074 </p>
5076 <p>
5078 that would be found together with this one in all but
5079 unusual installations.
5080 </p>
5081 </item>
5084 <item>
5085 This is used to declare that one package may be more
5086 useful with one or more others. Using this field
5087 tells the packaging system and the user that the
5088 listed packages are related to this one and can
5089 perhaps enhance its usefulness, but that installing
5090 this one without them is perfectly reasonable.
5091 </item>
5094 <item>
5095 This field is similar to Suggests but works in the
5096 opposite direction. It is used to declare that a
5097 package can enhance the functionality of another
5098 package.
5099 </item>
5102 <item>
5103 <p>
5106 of the packages named before even starting the
5107 installation of the package which declares the
5108 pre-dependency, as follows:
5109 </p>
5111 <p>
5112 When a package declaring a pre-dependency is about to
5114 satisfied if the depended-on package is either fully
5117 state, provided that they have been configured
5118 correctly at some point in the past (and not removed
5119 or partially removed since). In this case, both the
5120 previously-configured and currently "Unpacked" or
5121 "Half-Configured" versions must satisfy any version
5123 </p>
5125 <p>
5126 When the package declaring a pre-dependency is about to
5129 satisfied only if the depended-on package has been
5130 correctly configured. However, unlike
5132 permit circular dependencies to be broken. If a circular
5133 dependency is encountered while attempting to honor
5135 </p>
5137 <p>
5140 It is best to avoid this situation if possible.
5141 </p>
5143 <p>
5145 preferably only by packages whose premature upgrade or
5146 installation would hamper the ability of the system to
5147 continue with any upgrade that might be in progress.
5148 </p>
5150 <p>
5152 package before this has been discussed on the
5155 </p>
5156 </item>
5157 </taglist>
5158 </p>
5160 <p>
5161 When selecting which level of dependency to use you should
5162 consider how important the depended-on package is to the
5163 functionality of the one declaring the dependency. Some
5164 packages are composed of components of varying degrees of
5165 importance. Such a package should list using
5167 more important components. The other components'
5168 requirements may be mentioned as Suggestions or
5169 Recommendations, as appropriate to the components' relative
5170 importance.
5171 </p>
5172 </sect>
5177 <p>
5178 When one binary package declares that it breaks another,
5181 package is deconfigured first, and it will refuse to
5182 allow the broken package to be reconfigured.
5183 </p>
5185 <p>
5186 A package will not be regarded as causing breakage merely
5187 because its configuration files are still installed; it must
5188 be at least "Half-Installed".
5189 </p>
5191 <p>
5192 A special exception is made for packages which declare that
5193 they break their own package name or a virtual package which
5194 they provide (see below): this does not count as a real
5195 breakage.
5196 </p>
5198 <p>
5201 version of an (implicit or explicit) dependency which violates
5202 an assumption or reveals a bug in earlier versions of the broken
5203 package, or which takes over a file from earlier versions of the
5205 will inform higher-level package management tools that the
5206 broken package must be upgraded before the new one.
5207 </p>
5209 <p>
5210 If the breaking package also overwrites some files from the
5213 of taking over files from other packages, including how to
5215 </p>
5217 <p>
5223 differences.
5224 </p>
5225 </sect>
5230 <p>
5231 When one binary package declares a conflict with another using
5233 allow them to be unpacked on the system at the same time. This
5235 the broken package from being configured while the breaking
5236 package is in the "Unpacked" state but allows both packages to
5237 be unpacked at the same time.
5238 </p>
5240 <p>
5241 If one package is to be unpacked, the other must be removed
5242 first. If the package being unpacked is marked as replacing
5244 normally be used in this case) the one on the system, or the one
5245 on the system is marked as deselected, or both packages are
5247 automatically remove the package which is causing the conflict.
5248 Otherwise, it will halt the installation of the new package with
5249 an error. This mechanism is specifically designed to produce an
5251 new package is not.
5252 </p>
5254 <p>
5255 A package will not cause a conflict merely because its
5256 configuration files are still installed; it must be at least
5257 "Half-Installed".
5258 </p>
5260 <p>
5261 A special exception is made for packages which declare a
5262 conflict with their own package name, or with a virtual
5263 package which they provide (see below): this does not
5264 prevent their installation, and allows a package to conflict
5265 with others providing a replacement for it. You use this
5266 feature when you want the package in question to be the only
5267 package providing some feature.
5268 </p>
5270 <p>
5273 stronger restriction on the ordering of package installation or
5274 upgrade and can make it more difficult for the package manager
5275 to find a correct solution to an upgrade or installation
5277 <list>
5278 <item>when moving a file from one package to another (see
5280 <item>when splitting a package (a special case of the previous
5281 one), or</item>
5282 <item>when the breaking package exposes a bug in or interacts
5283 badly with particular versions of the broken
5284 package.</item>
5285 </list>
5287 <list>
5288 <item>when two packages provide the same file and will
5289 continue to do so,</item>
5291 package providing a given virtual facility may be unpacked
5293 <item>in other cases where one must prevent simultaneous
5294 installation of two packages for reasons that are ongoing
5295 (not fixed in a later version of one of the packages) or
5296 that must prevent both packages from being unpacked at the
5297 same time, not just configured.</item>
5298 </list>
5300 solution when two packages provide the same files. Depending on
5301 the reason for that conflict, using alternatives or renaming the
5302 files is often a better approach. See, for
5304 </p>
5306 <p>
5308 unless two packages cannot be installed at the same time or
5309 installing them both causes one of them to be broken or
5310 unusable. Having similar functionality or performing the same
5311 tasks as another package is not sufficient reason to
5313 </p>
5315 <p>
5317 clause if the reason for the conflict is corrected in a later
5318 version of one of the packages. However, normally the presence
5319 of an "earlier than" version clause is a sign
5323 package which declares such a conflict until the upgrade or
5324 removal of the conflicted-with package has been completed, which
5325 is a strong restriction.
5326 </p>
5327 </sect>
5330 </heading>
5332 <p>
5333 As well as the names of actual ("concrete") packages, the
5340 may mention "virtual packages".
5341 </p>
5343 <p>
5346 is as if the package(s) which provide a particular virtual
5347 package name had been listed by name everywhere the virtual
5349 </p>
5351 <p>
5352 If there are both concrete and virtual packages of the same
5353 name, then the dependency may be satisfied (or the conflict
5354 caused) by either the concrete package with the name in
5355 question or any other concrete package which provides the
5356 virtual package with the name in question. This is so that,
5357 for example, supposing we have
5359 Package: foo
5360 Depends: bar
5361 </example> and someone else releases an enhanced version of
5364 Package: bar-plus
5365 Provides: bar
5366 </example>
5369 </p>
5371 <p>
5372 If a relationship field has a version number attached, only real
5373 packages will be considered to see whether the relationship is
5374 satisfied (or the prohibition violated, for a conflict or
5375 breakage). In other words, if a version number is specified,
5377 package name and consider only real packages. The package
5378 manager will assume that a package providing that virtual
5380 field may not contain version numbers, and the version number of
5381 the concrete package which provides a particular virtual package
5382 will not be considered when considering a dependency on or
5383 conflict with the virtual package name.<footnote>
5385 add the ability to specify a version number for each virtual
5386 package it provides. This feature is not yet present,
5387 however, and is expected to be used only infrequently.
5388 </footnote>
5389 </p>
5391 <p>
5392 To specify which of a set of real packages should be the default
5393 to satisfy a particular dependency on a virtual package, list
5394 the real package as an alternative before the virtual one.
5395 </p>
5397 <p>
5398 If the virtual package represents a facility that can only be
5399 provided by one real package at a time, such as
5401 requires installation of a binary that would conflict with all
5402 other providers of that virtual package (see
5404 virtual package should also declare a conflict with it
5406 provider of that virtual package is unpacked or installed at a
5407 time.
5408 </p>
5409 </sect>
5414 <p>
5415 Packages can declare in their control file that they should
5416 overwrite files in certain other packages, or completely replace
5418 two distinct purposes.
5419 </p>
5423 <p>
5424 It is usually an error for a package to contain files which
5425 are on the system in another package. However, if the
5428 will replace the file from the old package with that from the
5429 new. The file will no longer be listed as "owned" by the old
5430 package and will be taken over by the new package.
5438 be installed and take over that file. However,
5441 version that knows it does not include that file and instead
5444 being installed and then removed, removing the file that it
5446 operation, the package manager would think the system was in
5448 would be missing one of its files.
5449 </footnote>
5450 </p>
5452 <p>
5456 have the fields
5460 </example>
5461 in its control file. The new version of the
5465 </example>
5468 required for normal operation).
5469 </p>
5471 <p>
5472 If a package is completely replaced in this way, so that
5474 contains, it is considered to have "disappeared". It will
5475 be marked as not wanted on the system (selected for
5477 details noted for the package will be ignored, as they
5478 will have been taken over by the overwriting package. The
5480 special argument to allow the package to do any final
5482 <footnote>
5483 Replaces is a one way relationship. You have to install
5484 the replacing package after the replaced package.
5485 </footnote>
5486 </p>
5488 <p>
5492 replaced must be mentioned by their real names.
5493 </p>
5495 <p>
5497 packages are at least partially on the system at once. It is
5498 not relevant if the packages conflict unless the conflict has
5499 been overridden.
5500 </p>
5501 </sect1>
5503 <sect1><heading>Replacing whole packages, forcing their
5504 removal</heading>
5506 <p>
5508 resolve which package should be removed when there is a
5511 two usages of this field do not interfere with each other.
5512 </p>
5514 <p>
5515 In this situation, the package declared as being replaced
5516 can be a virtual package, so for example, all mail
5517 transport agents (MTAs) would have the following fields in
5518 their control files:
5520 Provides: mail-transport-agent
5521 Conflicts: mail-transport-agent
5522 Replaces: mail-transport-agent
5523 </example>
5524 ensuring that only one MTA can be unpacked at any one
5526 example.
5527 </sect1>
5528 </sect>
5531 <heading>Relationships between source and binary packages -
5535 </heading>
5537 <p>
5538 Source packages that require certain binary packages to be
5539 installed or absent at the time of building the package
5540 can declare relationships to those binary packages.
5541 </p>
5543 <p>
5548 </p>
5550 <p>
5551 Build-dependencies on "build-essential" binary packages can be
5553 </p>
5555 <p>
5556 The dependencies and conflicts they define must be satisfied
5557 (as defined earlier for binary packages) in order to invoke
5559 <taglist>
5561 <item>
5563 fields must be satisfied when this target is invoked.
5564 </item>
5566 <item>
5569 fields must be satisfied when these targets are invoked.
5570 </item>
5572 <item>
5575 fields must be satisfied when these targets are invoked.
5576 </item>
5578 <item>
5582 fields must be satisfied when these targets are invoked.
5583 </item>
5584 </taglist>
5585 </p>
5586 </sect>
5589 <heading>Additional source packages used to build the binary
5591 </heading>
5593 <p>
5594 Some binary packages incorporate parts of other packages when built
5595 but do not have to depend on those packages. Examples include
5596 linking with static libraries or incorporating source code from
5597 another package during the build. In this case, the source packages
5598 of those other packages are a required part of the complete source
5599 (the binary package is not reproducible without them).
5600 </p>
5602 <p>
5604 package for any such binary package incorporated during the build
5605 <footnote>
5607 it (rightfully) does not document the exact version used in the
5608 build.
5609 </footnote>,
5611 that was used to build that binary package<footnote>
5612 The archive software might reject packages that refer to
5613 non-existent sources.
5614 </footnote>.
5615 </p>
5617 <p>
5618 A package using the source code from the gcc-4.6-source
5619 binary package built from the gcc-4.6 source package would
5620 have this field in its control file:
5623 </example>
5624 </p>
5626 <p>
5627 A package including binaries from grub2 and loadlin would
5628 have this field in its control file:
5631 </example>
5632 </p>
5633 </sect>
5634 </chapt>
5639 <p>
5640 Packages containing shared libraries must be constructed with
5641 a little care to make sure that the shared library is always
5642 available. This is especially important for packages whose
5643 shared libraries are vitally important, such as the C library
5645 </p>
5647 <p>
5648 This section deals only with public shared libraries: shared
5649 libraries that are placed in directories searched by the dynamic
5650 linker by default or which are intended to be linked against
5651 normally and possibly used by other, independent packages. Shared
5652 libraries that are internal to a particular package or that are
5653 only loaded as dynamic modules are not covered by this section and
5654 are not subject to its requirements.
5655 </p>
5657 <p>
5659 stored in its dynamic section. When a binary is linked against a
5662 dynamic linker knows that library must be loaded at runtime. The
5663 shared library file's full name (which usually contains additional
5665 therefore normally not referenced directly. Instead, the shared
5667 system as a symlink pointing to the full name of the shared
5668 library. This symlink must be provided by the
5670 <footnote>
5671 This is a convention of shared library versioning, but not a
5673 library file name instead and therefore do not need a symlink.
5674 Most, however, encode additional information about
5675 backwards-compatible revisions as a minor version number in the
5677 binaries linked with the earlier version of the shared library
5678 may no longer work, but the filename may change with each
5680 more information.
5681 </footnote>
5682 </p>
5684 <p>
5685 When linking a binary or another shared library against a shared
5687 known. Instead, the shared library is found by looking for a file
5689 exists on the file system as a symlink pointing to the shared
5690 library.
5691 </p>
5693 <p>
5694 Shared libraries are normally split into several binary packages.
5697 the development package since it's only used when linking binaries
5698 or shared libraries. However, there are some exceptions for
5699 unusual shared libraries or for shared libraries that are also
5700 loaded as dynamic modules by other programs.
5701 </p>
5703 <p>
5704 This section is primarily concerned with how the separation of
5705 shared libraries into multiple packages should be done and how
5706 dependencies on and between shared library binary packages are
5708 conjunction with this section and contains additional rules for
5709 the files contained in the shared library packages.
5710 </p>
5715 <p>
5716 The run-time shared library must be placed in a package
5718 library changes. This allows several versions of the shared
5719 library to be installed at the same time, allowing installation
5720 of the new version of the shared library without immediately
5721 breaking binaries that depend on the old version. Normally, the
5723 be placed in a package named
5730 should use
5732 instead.
5733 </p>
5735 <p>
5746 </p>
5748 <p>
5749 If you have several shared libraries built from the same source
5750 tree, you may lump them all together into a single shared
5752 always change together. Be aware that this is not normally the
5754 upgrading such a merged shared library package will be
5755 unnecessarily difficult because of file conflicts with the old
5756 version of the package. When in doubt, always split shared
5757 library packages so that each binary package installs a single
5758 shared library.
5759 </p>
5761 <p>
5762 Every time the shared library ABI changes in a way that may
5763 break binaries linked against older versions of the shared
5765 corresponding name for the binary package containing the runtime
5766 shared library should change. Normally, this means
5768 removed from the shared library or the signature of an interface
5769 (the number of parameters or the types of parameters that it
5770 takes, for example) is changed. This practice is vital to
5771 allowing clean upgrades from older versions of the package and
5772 clean transitions between the old ABI and new ABI without having
5773 to upgrade every affected package simultaneously.
5774 </p>
5776 <p>
5778 normally should not, change if new interfaces are added but none
5779 are removed or changed, since this will not break binaries
5780 linked against the old shared library. Correct versioning of
5781 dependencies on the newer shared library by binaries that use
5782 the new interfaces is handled via
5785 </p>
5787 <p>
5788 The package should install the shared libraries under
5794 of renaming things safely without affecting running programs,
5795 and attempts to interfere with this are likely to lead to
5796 problems.
5797 </p>
5799 <p>
5800 Shared libraries should not be installed executable, since
5801 the dynamic linker does not require this and trying to
5802 execute a shared library usually results in a core dump.
5803 </p>
5805 <p>
5806 The run-time library package should include the symbolic link for
5808 the shared libraries. For example,
5816 script.<footnote>
5817 The package management system requires the library to be
5818 placed before the symbolic link pointing to it in the
5821 (overwriting the previous symlink pointing at an older
5822 version of the library), the new shared library is already
5823 in place. In the past, this was achieved by creating the
5824 library in the temporary packaging directory before
5825 creating the symlink. Unfortunately, this was not always
5826 effective, since the building of the tar file in the
5828 file system. Some file systems (such as reiserfs) reorder
5829 the files so that the order of creation is forgotten.
5831 reorders the files itself as necessary when building a
5832 package. Thus it is no longer important to concern
5833 oneself with the order of file creation.
5834 </footnote>
5835 </p>
5840 <p>
5841 Any package installing shared libraries in one of the default
5842 library directories of the dynamic linker (which are currently
5847 matching the multiarch triplet for the system architecture.
5848 </footnote>
5850 system.
5851 </p>
5853 <p>
5854 The package maintainer scripts must only call
5861 </item>
5865 </item>
5866 </list>
5867 <footnote>
5868 <p>
5869 During install or upgrade, the preinst is called before
5870 the new files are unpacked, so calling "ldconfig" is
5871 pointless. The preinst of an existing package can also be
5872 called if an upgrade fails. However, this happens during
5873 the critical time when a shared libs may exist on-disk
5874 under a temporary name. Thus, it is dangerous and
5875 forbidden by current policy to call "ldconfig" at this
5876 time.
5877 </p>
5879 <p>
5880 When a package is installed or upgraded, "postinst
5881 configure" runs after the new files are safely on-disk.
5882 Since it is perfectly safe to invoke ldconfig
5883 unconditionally in a postinst, it is OK for a package to
5884 simply put ldconfig in its postinst without checking the
5885 argument. The postinst can also be called to recover from
5886 a failed upgrade. This happens before any new files are
5887 unpacked, so there is no reason to call "ldconfig" at this
5888 point.
5889 </p>
5891 <p>
5892 For a package that is being removed, prerm is
5893 called with all the files intact, so calling ldconfig is
5894 useless. The other calls to "prerm" happen in the case of
5895 upgrade at a time when all the files of the old package
5896 are on-disk, so again calling "ldconfig" is pointless.
5897 </p>
5899 <p>
5900 postrm, on the other hand, is called with the "remove"
5901 argument just after the files are removed, so this is
5902 the proper time to call "ldconfig" to notify the system
5903 of the fact that the shared libraries from the package
5904 are removed. The postrm can be called at several other
5907 "ldconfig" is useless because the shared lib files are
5908 not on-disk. However, when "postrm" is invoked with
5910 shared lib may exist on-disk under a temporary filename.
5911 </p>
5912 </footnote>
5913 </p>
5914 </sect1>
5916 </sect>
5921 <p>
5922 If your package contains files whose names do not change with
5923 each change in the library shared object version, you must not
5924 put them in the shared library package. Otherwise, several
5925 versions of the shared library cannot be installed at the same
5926 time without filename clashes, making upgrades and transitions
5927 unnecessarily difficult.
5928 </p>
5930 <p>
5931 It is recommended that supporting files and run-time support
5932 programs that do not need to be invoked manually by users, but
5933 are nevertheless required for the package to function, be placed
5936 If the program or file is architecture independent, the
5937 recommendation is for it to be placed in a subdirectory of
5941 names change when the shared object version changes.
5942 </p>
5944 <p>
5945 Run-time support programs that use the shared library but are
5946 not required for the library to function or files used by the
5947 shared library that can be used by any version of the shared
5948 library package should instead be put in a separate package.
5949 This package might typically be named
5952 </p>
5954 <p>
5955 Files and support programs only useful when compiling software
5956 against the library should be included in the development
5957 package for the library.<footnote>
5960 </footnote>
5961 </p>
5962 </sect>
5967 <p>
5969 is usually provided in addition to the shared version.
5970 It is placed into the development package (see below).
5971 </p>
5973 <p>
5974 In some cases, it is acceptable for a library to be
5975 available in static form only; these cases include:
5976 <list>
5977 <item>libraries for languages whose shared library support
5978 is immature or unstable</item>
5979 <item>libraries whose interfaces are in flux or under
5980 development (commonly the case when the library's
5981 major version number is zero, or where the ABI breaks
5982 across patchlevels)</item>
5983 <item>libraries which are explicitly intended to be
5984 available only in static form by their upstream
5985 author(s)</item>
5986 </list>
5987 </p>
5992 <p>
5993 If there are development files associated with a shared library,
5994 the source package needs to generate a binary development package
5996 or if you prefer only to support one development version at a
5998 the development package must result in installation of all the
5999 development files necessary for compiling programs against that
6000 shared library.<footnote>
6001 This wording allows the development files to be split into
6002 several packages, such as a separate architecture-independent
6004 the development package depends on all the required additional
6005 packages.
6006 </footnote>
6007 </p>
6009 <p>
6010 In case several development versions of a library exist, you may
6013 development version at a time (as different development versions are
6014 likely to have the same header files in them, which would cause a
6015 filename clash if both were unpacked).
6016 </p>
6018 <p>
6019 The development package should contain a symlink for the associated
6020 shared library without a version number. For example, the
6026 </p>
6028 <p>
6029 If the package provides Ada Library Information
6031 installed read-only (mode 0444) so that GNAT will not attempt to
6032 recompile them. This overrides the normal file mode requirements
6034 </p>
6035 </sect>
6040 <p>
6041 Typically the development version should have an exact
6042 version dependency on the runtime library, to make sure that
6043 compilation and linking happens correctly. The
6045 useful for this purpose.
6046 <footnote>
6048 was confusing and it has been deprecated since dpkg 1.13.19.
6049 </footnote>
6050 </p>
6051 </sect>
6054 <heading>Dependencies between the library and other
6055 packages</heading>
6057 <p>
6058 If a package contains a binary or library which links to a
6059 shared library, we must ensure that, when the package is
6060 installed on the system, all of the libraries needed are also
6061 installed. These dependencies must be added to the binary
6062 package when it is built, since they may change based on which
6063 version of a shared library the binary or library was linked
6064 with even if there are no changes to the source of the binary
6065 (for example, symbol versions change, macros become functions or
6066 vice versa, or the binary package may determine at compile-time
6067 whether new library interfaces are available and can be called).
6068 To allow these dependencies to be constructed, shared libraries
6071 package dependencies required to ensure the presence of
6072 interfaces provided by this library. Any package with binaries
6073 or libraries linking to a shared library must use these files to
6074 determine the required dependencies when it is built. Other
6075 packages which use a shared library (for example using
6077 using these files at build time as well.
6078 </p>
6080 <p>
6081 The two mechanisms differ in the degree of detail that they
6083 exported by a library, the minimal version of the package any
6084 binary using this symbol will need. This is typically the
6085 version of the package in which the symbol was introduced. This
6086 information permits detailed analysis of the symbols used by a
6087 particular package and construction of an accurate dependency,
6088 but it requires the package maintainer to track more information
6089 about the shared library.
6090 </p>
6092 <p>
6094 time the library ABI changed in any way. It only provides
6095 information about the library as a whole, not individual
6096 symbols. When a package is built using a shared library with
6098 require a version of the shared library equal to or newer than
6099 the version of the last ABI change. This generates
6100 unnecessarily restrictive dependencies compared
6102 package have changed. This, in turn, may make upgrades
6103 needlessly complex and unnecessarily restrict use of the package
6104 on systems with older versions of the shared libraries.
6105 </p>
6107 <p>
6110 files in some unusual corner cases.<footnote>
6113 instead of recording the actual SONAME. If the SONAME doesn't
6114 match one of the two expected formats
6116 cannot be represented.
6117 </footnote>
6118 </p>
6120 <p>
6122 shared library packages since they provide more accurate
6123 dependencies. For most C libraries, the additional detail
6125 maintain. However, maintaining exhaustive symbols information
6127 files may be more appropriate for most C++ libraries. Libraries
6128 with a corresponding udeb must also provide
6131 </p>
6136 <p>
6137 When a package that contains any shared libraries or compiled
6139 each shared library and compiled binary to determine the
6140 libraries used and hence the dependencies needed by the
6141 package.<footnote>
6144 the libraries and the symbols in those libraries directly
6145 needed by the binaries or shared libraries in the package.
6146 </footnote>
6149 List all of the compiled binaries, libraries, or loadable
6150 modules in your package.<footnote>
6152 correctly is to use a package helper framework such
6156 you. It will also correctly handle multi-binary packages.
6157 </footnote>
6160 to generate dependency information. The package must then
6161 provide a substitution variable into which the discovered
6162 dependency information can be placed.
6163 </p>
6165 <p>
6166 If you are creating a udeb for use in the Debian Installer,
6171 will automatically add this option if it knows it is
6172 processing a udeb.
6173 </footnote>. If there is no dependency line of
6176 regular dependency line.
6177 </p>
6179 <p>
6185 package built by this source package that contains compiled
6186 binaries, libraries, or loadable modules. If you have
6187 multiple binary packages, you will need to
6189 compiled libraries or binaries. For example, you could use
6192 binary package.<footnote>
6195 the addition of the variable to the control file for you if
6199 the appropriate flags.
6200 </footnote>
6201 </p>
6203 <p>
6206 </p>
6208 <p>
6211 library (that is, the library is listed in the
6213 to the link line when the binary is created). Other libraries
6216 linker will load them automatically when it
6218 libraries it directly uses, but not the libraries it only uses
6219 indirectly. The dependencies for the libraries used
6220 directly will automatically pull in the indirectly-used
6222 automatically, but package maintainers need to be aware of
6223 this distinction between directly and indirectly using a
6224 library if they have to override its results for some reason.
6225 <footnote>
6226 A good example of where this helps is the following. We
6228 supports a new revision of a graphics format called dgf (but
6229 retaining the same major version number) and depends on a
6233 directly or indirectly linked with a binary, every package
6237 Since dependencies are only added based on
6240 having the dependency on an appropriate version
6242 </footnote>
6243 </p>
6244 </sect1>
6249 <p>
6250 Maintaining a shared library package using
6252 requires being aware of the exposed ABI of the shared library
6257 the last change for the entire library.
6258 </p>
6260 <p>
6261 There are two types of ABI changes: ones that are
6262 backward-compatible and ones that are not. An ABI change is
6263 backward-compatible if any reasonable program or library that
6264 was linked with the previous version of the shared library
6265 will still work correctly with the new version of the shared
6266 library.<footnote>
6267 An example of an "unreasonable" program is one that uses
6268 library interfaces that are documented as internal and
6269 unsupported. If the only programs or libraries affected by
6270 a change are "unreasonable" ones, other techniques, such as
6272 packages or treating their usage of the library as bugs in
6273 those packages, may be appropriate instead of changing the
6274 SONAME. However, the default approach is to change the
6275 SONAME for any change to the ABI that could break a program.
6276 </footnote>
6277 Adding new symbols to the shared library is a
6278 backward-compatible change. Removing symbols from the shared
6279 library is not. Changing the behavior of a symbol may or may
6280 not be backward-compatible depending on the change; for
6281 example, changing a function to accept a new enum constant not
6282 previously used by the library is generally
6283 backward-compatible, but changing the members of a struct that
6284 is passed into library functions is generally not unless the
6285 library takes special precautions to accept old versions of
6286 the data structure.
6287 </p>
6289 <p>
6290 ABI changes that are not backward-compatible normally require
6292 shared library package name, which forces rebuilding all
6293 packages using that shared library to update their
6294 dependencies and allow them to use the new version of the
6295 shared library. For more information,
6297 section will deal with backward-compatible changes.
6298 </p>
6300 <p>
6301 Backward-compatible changes require either updating or
6305 more information on how to do this in the two formats, see
6307 rules that apply to both files.
6308 </p>
6310 <p>
6311 The easy case is when a public symbol is added. Simply add
6312 the version at which the symbol was introduced
6315 should be taken to update dependency versions when the
6316 behavior of a public symbol changes. This is easy to neglect,
6317 since there is no automated method of determining such
6318 changes, but failing to update versions in this case may
6319 result in binary packages with too-weak dependencies that will
6320 fail at runtime, possibly in ways that can cause security
6321 vulnerabilities. If the package maintainer believes that a
6322 symbol behavior change may have occurred but isn't sure, it's
6323 safer to update the version rather than leave it unmodified.
6324 This may result in unnecessarily strict dependencies, but it
6325 ensures that packages whose dependencies are satisfied will
6326 work properly.
6327 </p>
6329 <p>
6330 A common example of when a change to the dependency version
6331 is required is a function that takes an enum or struct
6332 argument that controls what the function does. For example:
6333 <example>
6334 enum library_op { OP_FOO, OP_BAR };
6335 int library_do_operation(enum library_op);
6336 </example>
6340 files) or the version in the dependency for the shared library
6343 binary built against the new version of the library (having
6344 detected at compile-time that the library
6348 function.
6349 </p>
6351 <p>
6354 Debian revision of the package, since the library behavior is
6355 normally fixed for a particular upstream version and any
6356 Debian packaging of that upstream version will have the same
6357 behavior. In the rare case that the library behavior was
6359 to the end of the version that includes the Debian revision is
6360 recommended, since this allows backports of the shared library
6361 package using the normal backport versioning convention to
6362 satisfy the dependency.
6363 </p>
6364 </sect1>
6369 <p>
6370 In the following sections, we will first describe where the
6374 shared library.
6375 </p>
6379 system</heading>
6381 <p>
6383 provided by the shared library package as a control file,
6384 but there are several override paths that are checked first
6385 in case that information is wrong or missing. The following
6386 list gives them in the order in which they are read
6388 the required information is used.
6389 <list>
6390 <item>
6393 <p>
6394 During the package build, if the package itself
6396 files, they will be generated in these staging
6399 files found in the build tree take precedence
6401 packages.
6402 </p>
6404 <p>
6405 These files must exist
6407 dependencies of binaries and libraries from a source
6408 package on other libraries from that same source
6409 package will not be correct. In practice, this means
6412 build.<footnote>
6413 An example may clarify. Suppose the source
6416 When building the binary packages, the contents of
6417 the packages are staged in the
6425 eventually to be included as a control file in that
6427 the
6429 it will examine
6432 dependencies are satisfied by any of the libraries
6434 were linked against the just-built shared library as
6439 the system.
6440 </footnote>
6441 </p>
6442 </item>
6444 <item>
6445 <p>
6448 </p>
6450 <p>
6451 Per-system overrides of shared library dependencies.
6452 These files normally do not exist. They are
6453 maintained by the local system administrator and must
6454 not be created by any Debian package.
6455 </p>
6456 </item>
6458 <item>
6460 installed on the system</p>
6462 <p>
6464 packages currently installed on the system are
6465 searched last. This will be the most common source of
6466 shared library dependency information. These files
6467 can be read with <tt>dpkg-query
6469 </p>
6470 </item>
6471 </list>
6472 </p>
6474 <p>
6476 in the source package, it will override
6481 </p>
6482 </sect2>
6487 <p>
6488 The following documents the format of
6490 packages. These files are built from
6494 do some of the tedious work involved in
6496 symbols or optional symbols that may not exist on particular
6498 a shared library package, refer
6500 richer syntax.
6501 </p>
6503 <p>
6505 for each shared library contained in the package
6507 the following format:
6508 </p>
6510 <p>
6511 <example>
6514 [...]
6516 [...]
6518 </example>
6519 </p>
6521 <p>
6523 package as an example, which (at the time of writing)
6524 installs the shared
6526 lines will be described first, followed by optional lines.
6527 </p>
6529 <p>
6533 This can be determined by using the command
6535 readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME
6536 </example>
6537 </footnote>
6538 </p>
6540 <p>
6542 dependency field in a binary package control file, except
6545 nothing if an unversioned dependency is deemed sufficient.
6546 The version restriction will be based on which symbols from
6547 the shared library are referenced and the version at which
6548 they were introduced (see below). In nearly all
6552 containing the shared library. This adds a simple,
6553 possibly-versioned dependency on the shared library package.
6554 In some rare cases, such as when multiple packages provide
6555 the same shared library ABI, the dependency template may
6556 need to be more complex.
6557 </p>
6559 <p>
6560 In our example, the first line of
6563 libz.so.1 zlib1g #MINVER#
6564 </example>
6565 </p>
6567 <p>
6568 Each public symbol exported by the shared library must have
6569 a corresponding symbol line, indented by one
6574 recent version of the shared library that changed the
6575 behavior of that symbol, whether by adding it, changing its
6576 function signature (the parameters, their types, or the
6577 return type), or changing its behavior in a way that is
6578 visible to a caller.
6580 field that references
6582 a full description.
6583 </p>
6585 <p>
6589 version and last changed its behavior in upstream
6594 the lines:
6598 </example>
6603 </p>
6605 <p>
6607 may be provided. These are used in cases where some symbols
6608 in the shared library should use one dependency template
6609 while others should use a different template. The
6610 alternative dependency templates are used only if a symbol
6612 field. The first alternative dependency template is
6614 An example of where this may be needed is with a library
6615 that implements the libGL interface. All GL
6616 implementations provide the same set of base interfaces,
6617 and then may provide some additional interfaces only used
6618 by programs that require that specific GL implementation.
6619 So, for example, libgl1-mesa-glx may use the
6621 <example>
6622 libGL.so.1 libgl1
6623 | libgl1-mesa-glx #MINVER#
6625 [...]
6627 [...]
6628 </example>
6629 Binaries or shared libraries using
6632 packages), but ones
6635 </footnote>
6636 </p>
6638 <p>
6639 Finally, the entry for the library may contain one or more
6640 metadata fields. Currently, the only
6644 package</qref> on which packages using this shared library
6645 declare a build dependency. If this field is
6647 the resulting binary package dependency on the shared
6648 library is at least as strict as the source package
6649 dependency on the shared library development
6650 package.<footnote>
6651 This field should normally not be necessary, since if the
6652 behavior of any symbol has changed, the corresponding
6655 system more robust by tightening the dependency in cases
6656 where the package using the shared library specifically
6657 requires at least a particular version of the shared
6658 library development package for some reason.
6659 </footnote>
6661 file would contain:
6663 * Build-Depends-Package: zlib1g-dev
6664 </example>
6665 </p>
6667 <p>
6669 </p>
6670 </sect2>
6675 <p>
6676 If your package provides a shared library, you should
6678 following the format described above in that package. You
6681 </p>
6683 <p>
6685 the source package
6689 information varies by architecture. This file may use the
6692 part of the package build process. It will
6694 area based on the binaries and libraries in the package
6696 source package.<footnote>
6697 If you are
6701 </footnote>
6702 </p>
6704 <p>
6706 them up-to-date to ensure correct dependencies in packages
6707 that use the shared libraries. This means updating
6710 whenever a symbol changes behavior or signature in a
6717 provided by the library normally requires changing
6721 </p>
6722 </sect2>
6723 </sect1>
6728 <p>
6731 shared libraries. It may be more appropriate for C++
6732 libraries and other cases where tracking individual symbols is
6734 therefore frequently seen in older packages. It is also
6736 </p>
6738 <p>
6739 In the following sections, we will first describe where the
6743 </p>
6747 system</heading>
6749 <p>
6751 found. The following list gives them in the order in which
6753 one which gives the required information is used.)
6754 <list>
6755 <item>
6758 <p>
6759 This lists overrides for this package. This file
6760 should normally not be used, but may be needed
6761 temporarily in unusual situations to work around bugs
6762 in other packages, or in unusual cases where the
6763 normally declared dependency information in the
6765 cannot be used. This file overrides information
6766 obtained from any other source.
6767 </p>
6768 </item>
6770 <item>
6773 <p>
6774 This lists global overrides. This list is normally
6775 empty. It is maintained by the local system
6776 administrator.
6777 </p>
6778 </item>
6780 <item>
6784 <p>
6785 These files are generated as part of the package build
6786 process and staged for inclusion as control files in
6787 the binary packages being built. They provide details
6788 of any shared libraries included in the same package.
6789 </p>
6790 </item>
6792 <item>
6794 installed on the system</p>
6796 <p>
6798 packages currently installed on the system. These
6799 files can be read using <tt>dpkg-query
6801 </p>
6802 </item>
6804 <item>
6807 <p>
6808 This file lists any shared libraries whose packages
6811 was first introduced, but it is now normally empty.
6813 </p>
6814 </item>
6815 </list>
6816 </p>
6818 <p>
6824 </p>
6825 </sect2>
6830 <p>
6833 are ignored. Each line is of the form:
6835 [<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
6836 </example>
6837 </p>
6839 <p>
6840 We will explain this by reference to the example of the
6842 installs the shared
6844 </p>
6846 <p>
6848 type of package for which the line is valid. The only type
6850 after the type are required.
6851 </p>
6853 <p>
6856 of the soname, see below.)
6857 </p>
6859 <p>
6863 recommended shared library package name is determined.
6865 </p>
6867 <p>
6869 field in a binary package control file. It should give
6870 details of which packages are required to satisfy a binary
6871 built against the version of the library contained in the
6874 to maintain the dependency version constraint.
6875 </p>
6877 <p>
6879 package that could change behavior for a client of that
6884 </example>
6885 This version restriction must be new enough that any binary
6886 built against the current version of the library will work
6887 with any version of the shared library that satisfies that
6888 dependency.
6889 </p>
6891 <p>
6892 As zlib1g also provides a udeb containing the shared
6893 library, there would also be a second line:
6896 </example>
6897 </p>
6898 </sect2>
6900 <sect2>
6903 <p>
6906 the format described above and place it in
6908 the build. It will then be included as a control file for
6909 that package<footnote>
6912 package also has a udeb that provides a shared
6916 </footnote>.
6917 </p>
6919 <p>
6922 packages being built from this source package, all of
6925 binary packages.
6926 </p>
6927 </sect2>
6928 </sect1>
6929 </sect>
6930 </chapt>
6935 <sect>
6942 <p>
6943 The location of all files and directories must comply with the
6944 Filesystem Hierarchy Standard (FHS), version 2.3, with the
6945 exceptions noted below, and except where doing so would
6946 violate other terms of Debian Policy. The following
6947 exceptions to the FHS apply:
6949 <enumlist>
6950 <item>
6951 <p>
6952 The FHS requirement that architecture-independent
6953 application-specific static files be located in
6957 be used by a package (or a collection of packages) to hold a
6958 mixture of architecture-independent and
6959 architecture-dependent files. However, when a directory is
6960 entirely composed of architecture-independent files, it
6962 </p>
6963 </item>
6964 <item>
6965 <p>
6966 The optional rules related to user specific
6967 configuration files for applications are stored in
6968 the user's home directory are relaxed. It is
6969 recommended that such files start with the
6971 application needs to create more than one dot file
6972 then the preferred placement is in a subdirectory
6973 with a name starting with a '.' character, (a "dot
6974 directory"). In this case it is recommended the
6975 configuration files not start with the '.'
6976 character.
6977 </p>
6978 </item>
6979 <item>
6980 <p>
6982 for 64 bit binaries is removed.
6983 </p>
6984 </item>
6985 <item>
6986 <p>
6987 The requirement for object files, internal binaries, and
6991 to instead be installed to
6998 than the one matching the architecture of that package;
7000 containing 32-bit x86 libraries may not install these
7002 <footnote>
7003 This is necessary in order to reserve the directories for
7004 use in cross-installation of library packages from other
7006 </footnote>
7007 </p>
7008 <p>
7009 The requirement for C and C++ headers files to be
7010 accessible through the search path
7012 be accessible through the search path
7015 This is necessary for architecture-dependent headers
7017 </footnote>
7018 </p>
7019 <p>
7020 Applications may also use a single subdirectory under
7022 </p>
7023 <p>
7024 The execution time linker/loader, ld*, must still be made
7025 available in the existing location under /lib or /lib64
7026 since this is part of the ELF ABI for the architecture.
7027 </p>
7028 </item>
7029 <item>
7030 <p>
7031 The requirement that
7034 recommendation</p>
7035 </item>
7036 <item>
7037 <p>
7038 The requirement that windowmanagers with a single
7040 is removed, as is the restriction that the window
7041 manager subdirectory be named identically to the
7042 window manager name itself.
7043 </p>
7044 </item>
7045 <item>
7046 <p>
7047 The requirement that boot manager configuration
7049 symlinked there, is relaxed to a recommendation.
7050 </p>
7051 </item>
7052 <item>
7053 <p>
7064 naming conventions, file format requirements, or the
7065 requirement that files be cleared during the boot
7066 process. Files and directories residing
7068 file system.
7069 </p>
7070 <p>
7072 directory exists or is usable without a dependency
7075 </p>
7076 </item>
7077 <item>
7078 <p>
7080 additionally allowed. <footnote>This directory is used as
7081 mount point to mount virtual filesystems to get access to
7082 kernel information.</footnote>
7083 </p>
7084 </item>
7085 <item>
7086 <p>
7088 </p>
7089 </item>
7090 <item>
7091 <p>
7098 </p>
7099 </item>
7100 <item>
7101 <p>
7102 On GNU/Hurd systems, the following additional
7103 directories are allowed in the root
7106 These directories are used to store translators and as
7107 a set of standard names for mount points,
7108 respectively.
7109 </footnote>
7110 </p>
7111 </item>
7112 </enumlist>
7113 </p>
7115 <p>
7116 The version of this document referred here can be
7121 you can try <url
7124 latest version, which may be a more recent version, may
7125 be found on
7127 Specific questions about following the standard may be
7129 referred to the FHS mailing list (see the
7131 more information).
7132 </p>
7133 </sect1>
7135 <sect1>
7138 <p>
7139 As mandated by the FHS, packages must not place any
7142 or by manipulating them in their maintainer scripts.
7143 </p>
7145 <p>
7146 However, the package may create empty directories below
7148 where to place site-specific files. These are not
7152 should be removed on package removal if they are
7153 empty.
7154 </p>
7156 <p>
7157 Note that this applies only to
7160 not create sub-directories in the
7162 listed in FHS, section 4.5. However, you may create
7163 directories below them as you wish. You must not remove
7164 any of the directories listed in 4.5, even if you created
7165 them.
7166 </p>
7168 <p>
7170 remote server, these directories must be created and
7172 maintainer scripts and not be included in the
7174 either of these operations fail.
7175 </p>
7177 <p>
7179 contain something like
7181 if [ ! -e /usr/local/share/emacs ]; then
7183 if chown root:staff /usr/local/share/emacs; then
7184 chmod 2775 /usr/local/share/emacs || true
7185 fi
7186 fi
7187 fi
7188 </example>
7193 </example>
7195 used to ensure that if the script is interrupted, the
7197 removed.)
7198 </p>
7200 <p>
7202 local additions to a package, you should ensure that
7205 </p>
7207 <p>
7209 for exclusive use of the local administrator, a package
7210 must not rely on the presence or absence of files or
7212 </p>
7214 <p>
7216 subdirectories created by the package should (by default) have
7217 permissions 2775 (group-writable and set-group-id) and be
7219 </p>
7220 </sect1>
7222 <sect1>
7224 <p>
7225 The system-wide mail directory
7227 base system and should not be owned by any particular mail
7228 agents. The use of the old
7230 though the spool may still be physically located there.
7231 </p>
7232 </sect1>
7237 <p>
7239 by being a mount point for a temporary file system. Packages
7240 therefore must not assume that any files or directories
7242 exist unless the package has arranged to create those files or
7243 directories since the last reboot. Normally, this is done by
7245 for more information.
7246 </p>
7248 <p>
7249 Packages must not include files or directories
7252 The latter paths will normally be symlinks or other
7254 </p>
7255 </sect1>
7256 </sect>
7258 <sect>
7261 <sect1>
7263 <p>
7264 The Debian system can be configured to use either plain or
7265 shadow passwords.
7266 </p>
7268 <p>
7269 Some user ids (UIDs) and group ids (GIDs) are reserved
7270 globally for use by certain packages. Because some
7271 packages need to include files which are owned by these
7272 users or groups, or need the ids compiled into binaries,
7273 these ids must be used on any Debian system only for the
7274 purpose for which they are allocated. This is a serious
7275 restriction, and we should avoid getting in the way of
7276 local administration policies. In particular, many sites
7277 allocate users and/or local system groups starting at 100.
7278 </p>
7280 <p>
7281 Apart from this we should have dynamically allocated ids,
7282 which should by default be arranged in some sensible
7283 order, but the behavior should be configurable.
7284 </p>
7286 <p>
7290 </p>
7291 </sect1>
7293 <sect1>
7295 <p>
7296 The UID and GID numbers are divided into classes as
7297 follows:
7298 <taglist>
7300 <item>
7301 <p>
7302 Globally allocated by the Debian project, the same
7303 on every Debian system. These ids will appear in
7305 Debian systems, new ids in this range being added
7307 updated.
7308 </p>
7310 <p>
7311 Packages which need a single statically allocated
7312 uid or gid should use one of these; their
7314 maintainer for ids.
7315 </p>
7316 </item>
7319 <item>
7320 <p>
7321 Dynamically allocated system users and groups.
7322 Packages which need a user or group, but can have
7323 this user or group allocated dynamically and
7324 differently on each system, should use <tt>adduser
7325 --system</tt> to create the group and/or user.
7327 the user or group, and if necessary choose an unused
7328 id based on the ranges specified in
7330 </p>
7331 </item>
7334 <item>
7335 <p>
7336 Dynamically allocated user accounts. By default
7338 user accounts in this range, though
7340 behavior.
7341 </p>
7342 </item>
7345 <item>
7346 <p>
7347 Globally allocated by the Debian project, but only
7348 created on demand. The ids are allocated centrally
7349 and statically, but the actual accounts are only
7350 created on users' systems on demand.
7351 </p>
7353 <p>
7354 These ids are for packages which are obscure or
7355 which require many statically-allocated ids. These
7356 packages should check for and create the accounts in
7359 necessary. Packages which are likely to require
7360 further allocations should have a "hole" left after
7361 them in the allocation, to give them room to
7362 grow.
7363 </p>
7364 </item>
7367 <item>
7369 </item>
7372 <item>
7373 <p>
7376 </p>
7377 </item>
7380 <item>
7381 <p>
7384 was 16 bits.
7385 </p>
7386 </item>
7389 <item>
7390 <p>
7391 Dynamically allocated user accounts. By
7393 and GIDs in this range, to ease compatibility with
7395 bits.
7396 </p>
7397 </item>
7400 <item>
7401 <p>
7403 used, because it is used as the anonymous, unauthenticated
7404 user by some NFS implementations.
7405 </p>
7406 </item>
7409 <item>
7410 <p>
7412 not</em> be used, because it is the error return
7413 sentinel value.
7414 </p>
7415 </item>
7416 </taglist>
7417 </p>
7418 </sect1>
7419 </sect>
7427 <p>
7432 </p>
7434 <p>
7435 There are at least two different, yet functionally
7436 equivalent, ways of handling these scripts. For the sake
7437 of simplicity, this document describes only the symbolic
7438 link method. However, it must not be assumed by maintainer
7439 scripts that this method is being used, and any automated
7440 manipulation of the various runlevel behaviors by
7441 maintainer scripts must be performed using
7443 manually installing or removing symlinks. For information
7444 on the implementation details of the other method,
7446 to the documentation of that package.
7447 </p>
7449 <p>
7450 These scripts are referenced by symbolic links in the
7456 scripts.
7457 </p>
7459 <p>
7460 The names of the links all have the form
7464 is the name of the script (this should be the same as the
7466 </p>
7468 <p>
7477 link for starting services upon entering the runlevel.
7478 </p>
7480 <p>
7481 For example, if we are changing from runlevel 2 to
7486 referred-to file to be executed with an argument of
7489 </p>
7491 <p>
7493 the order in which to run the scripts: low-numbered links
7494 have their scripts run first. For example, the
7497 must be started before another. For example, the name
7500 can set up its access lists. In this case, the script
7503 runs first:
7505 /etc/rc2.d/S17bind
7506 /etc/rc2.d/S70inn
7507 </example>
7508 </p>
7510 <p>
7512 different. In these runlevels, the links with an
7516 </p>
7517 </sect1>
7522 <p>
7523 Packages that include daemons for system services should
7525 services at boot time or during a change of runlevel.
7526 These scripts should be named
7528 accept one argument, saying what to do:
7530 <taglist>
7538 <item>stop and restart the service if it's already running,
7539 otherwise start the service</item>
7542 <item><p>cause the configuration of the service to be
7543 reloaded without actually stopping and restarting
7544 the service,</item>
7547 <item>cause the configuration to be reloaded if the
7548 service supports this, otherwise restart the
7549 service.</item>
7550 </taglist>
7555 option is optional.
7556 </p>
7558 <p>
7560 behave sensibly (i.e., returning success and not starting
7563 when it isn't, and that they don't kill unfortunately-named
7564 user processes. The best way to achieve this is usually to
7566 option.
7567 </p>
7569 <p>
7572 accepting various error exit statuses when daemons are already
7573 running or already stopped without aborting
7576 in effect<footnote>
7579 in effect and echoing status messages to the console fails,
7580 for example.
7583 each command separately.
7584 </p>
7586 <p>
7587 If a service reloads its configuration automatically (as
7590 should behave as if the configuration has been reloaded
7591 successfully.
7592 </p>
7594 <p>
7596 configuration files, either (if they are present in the
7597 package, that is, in the .deb file) by marking them as
7599 by managing them correctly in the maintainer scripts (see
7601 to give the local system administrator the chance to adapt
7602 the scripts to the local system, e.g., to disable a
7603 service without de-installing the package, or to specify
7604 some special command line options when starting a service,
7605 while making sure their changes aren't lost during the next
7606 package upgrade.
7607 </p>
7609 <p>
7610 These scripts should not fail obscurely when the
7611 configuration files remain but the package has been
7612 removed, as configuration files remain on the system after
7615 configuration files be removed. In particular, as the
7618 if the package is removed but not purged. Therefore, you
7620 script, like this:
7623 </example>
7624 </p>
7626 <p>
7628 scripts whose values control the behavior of the scripts,
7629 and which a system administrator is likely to want to
7630 change. As the scripts themselves are frequently
7632 administrator merge in their changes each time the package
7634 the burden on the system administrator, such configurable
7635 values should not be placed directly in the script.
7636 Instead, they should be placed in a file in
7639 should be sourced by the script when the script runs. It
7640 must contain only variable settings and comments in SUSv3
7644 for more details.
7645 </p>
7647 <p>
7648 To ensure that vital configurable values are always
7650 values for each of the shell variables it uses, either
7652 afterwards using something like the <tt>:
7654 script must behave sensibly and not fail if the
7656 </p>
7658 <p>
7662 filesystem and are normally not persistent across a reboot.
7664 This will typically mean creating any required subdirectories
7667 </p>
7668 </sect1>
7670 <sect1>
7673 <p>
7674 Maintainers should use the abstraction layer provided by
7676 programs to deal with initscripts in their packages'
7679 </p>
7681 <p>
7682 Directly managing the /etc/rc?.d links and directly
7684 be done only by packages providing the initscript
7687 </p>
7689 <sect2>
7692 <p>
7694 package maintainers to arrange for the proper creation and
7696 or their functional equivalent if another method is being
7697 used. This may be used by maintainers in their packages'
7699 </p>
7701 <p>
7703 symbolic links in the actual archive or manually create or
7704 remove the symbolic links in maintainer scripts; you must
7706 former will fail if an alternative method of maintaining
7707 runlevel information is being used.) You must not include
7710 package may do so.)
7711 </p>
7713 <p>
7716 and stop them in the halt runlevel (0), the single-user
7718 administrator will have the opportunity to customize
7719 runlevels by simply adding, moving, or removing the
7721 symbolic links are being used, or by modifying
7723 is being used.
7724 </p>
7726 <p>
7727 To get the default behavior for your package, put in your
7731 </example>
7734 if [ "$1" = purge ]; then
7736 fi
7737 </example>. Note that if your package changes runlevels
7738 or priority, you may have to remove and recreate the links,
7739 since otherwise the old links may persist. Refer to the
7741 </p>
7743 <p>
7744 This will use a default sequence number of 20. If it does
7746 script is run, use this default. If it does, then you
7749 help you choose a number.
7750 </p>
7752 <p>
7756 </p>
7757 </sect2>
7759 <sect2>
7761 <p>
7763 it easier for package maintainers to properly invoke an
7764 initscript, obeying runlevel and other locally-defined
7765 constraints that might limit a package's right to start,
7766 stop and otherwise manage services. This program may be
7767 used by maintainers in their packages' scripts.
7768 </p>
7770 <p>
7771 The package maintainer scripts must use
7774 calling them directly.
7775 </p>
7777 <p>
7779 action requests (start, stop, reload, restart...) to the
7781 to start or restart a service out of its intended
7782 runlevels.
7783 </p>
7785 <p>
7786 Most packages will simply need to change:
7793 else
7795 fi
7796 </example>
7797 </p>
7799 <p>
7800 A package should register its initscript services using
7803 unregistered services may fail.
7804 </p>
7806 <p>
7807 For more information about using
7810 </p>
7811 </sect2>
7812 </sect1>
7814 <sect1>
7817 <p>
7819 which contained scripts which were run once per machine
7820 boot. This has been deprecated in favour of links from
7824 </p>
7825 </sect1>
7827 <sect1>
7830 <p>
7831 An example on which you can base your
7834 </p>
7836 </sect1>
7837 </sect>
7839 <sect>
7842 <p>
7843 This section describes the formats to be used for messages
7845 scripts. The intent is to improve the consistency of
7846 Debian's startup and shutdown look and feel. For this
7847 reason, please look very carefully at the details. We want
7848 the messages to have the same format in terms of wording,
7849 spaces, punctuation and case of letters.
7850 </p>
7852 <p>
7853 Here is a list of overall rules that should be used for
7855 </p>
7857 <p>
7858 <list>
7859 <item>
7860 The message should fit in one line (fewer than 80
7861 characters), start with a capital letter and end with
7863 </item>
7865 <item>
7866 If the script is performing some time consuming task in
7867 the background (not merely starting or stopping a
7868 program, for instance), an ellipsis (three dots:
7870 leading or tailing whitespace or line feeds.
7871 </item>
7873 <item>
7874 The messages should appear as if the computer is telling
7875 the user what it is doing (politely :-), but should not
7876 mention "it" directly. For example, instead of:
7878 I'm starting network daemons: nfsd mountd.
7879 </example>
7880 the message should say
7882 Starting network daemons: nfsd mountd.
7883 </example>
7884 </item>
7885 </list>
7886 </p>
7888 <p>
7890 message formats for the situations enumerated below.
7891 </p>
7893 <p>
7894 <list>
7895 <item>
7898 <p>
7899 If the script starts one or more daemons, the output
7900 should look like this (a single line, no leading
7901 spaces):
7904 </example>
7906 subsystem the daemon or set of daemons are part of,
7908 denote each daemon's name (typically the file name of
7909 the program).
7910 </p>
7912 <p>
7914 would look like:
7916 Starting printer spooler: lpd.
7917 </example>
7918 </p>
7920 <p>
7921 This can be achieved by saying
7923 echo -n "Starting printer spooler: lpd"
7924 start-stop-daemon --start --quiet --exec /usr/sbin/lpd
7925 echo "."
7926 </example>
7927 in the script. If there are more than one daemon to
7928 start, the output should look like this:
7930 echo -n "Starting remote file system services:"
7931 echo -n " nfsd"; start-stop-daemon --start --quiet nfsd
7932 echo -n " mountd"; start-stop-daemon --start --quiet mountd
7933 echo -n " ugidd"; start-stop-daemon --start --quiet ugidd
7934 echo "."
7935 </example>
7936 This makes it possible for the user to see what is
7937 happening and when the final daemon has been started.
7938 Care should be taken in the placement of white spaces:
7939 in the example above the system administrators can
7940 easily comment out a line if they don't want to start
7941 a specific daemon, while the displayed message still
7942 looks good.
7943 </p>
7944 </item>
7946 <item>
7949 <p>
7950 If you have to set up different system parameters
7951 during the system boot, you should use this format:
7954 </example>
7955 </p>
7957 <p>
7958 You can use a statement such as the following to get
7959 the quotes right:
7962 </example>
7963 </p>
7965 <p>
7967 for the left and right quotation marks. A grave accent
7970 </p>
7971 </item>
7973 <item>
7976 <p>
7977 When you stop or restart a daemon, you should issue a
7978 message identical to the startup message, except that
7981 </p>
7983 <p>
7984 For example, stopping the printer daemon will look like
7985 this:
7987 Stopping printer spooler: lpd.
7988 </example>
7989 </p>
7990 </item>
7992 <item>
7995 <p>
7996 There are several examples where you have to run a
7997 program at system startup or shutdown to perform a
7998 specific task, for example, setting the system's clock
8000 when the system shuts down. Your message should look
8001 like this:
8003 Doing something very useful...done.
8004 </example>
8006 the job has been completed, so that the user is
8007 informed why they have to wait. You can get this
8008 behavior by saying
8010 echo -n "Doing something very useful..."
8011 do_something
8012 echo "done."
8013 </example>
8014 in your script.
8015 </p>
8016 </item>
8018 <item>
8021 <p>
8022 When a daemon is forced to reload its configuration
8023 files you should use the following format:
8026 </example>
8028 daemon starting message.
8029 </p>
8030 </item>
8031 </list>
8032 </p>
8033 </sect>
8038 <p>
8039 Packages must not modify the configuration file
8042 </p>
8044 <p>
8045 If a package wants to install a job that has to be executed via
8046 cron, it should place a file named as specified
8048 directories:
8050 /etc/cron.hourly
8051 /etc/cron.daily
8052 /etc/cron.weekly
8053 /etc/cron.monthly
8054 </example>
8055 As these directory names imply, the files within them are
8056 executed on an hourly, daily, weekly, or monthly basis,
8057 respectively. The exact times are listed in
8059 </p>
8061 <p>
8062 All files installed in any of these directories must be
8063 scripts (e.g., shell scripts or Perl scripts) so that they
8064 can easily be modified by the local system administrator.
8065 In addition, they must be treated as configuration files.
8066 </p>
8068 <p>
8069 If a certain job has to be executed at some other frequency or
8070 at a specific time, the package should install a file in
8075 treated as a configuration file. (Note that entries in the
8078 directory for jobs which may be skipped if the system is not
8079 running.)
8080 </p>
8082 <p>
8089 <enumlist>
8097 </enumlist>
8098 Ranges of numbers are allowed. Ranges are two numbers
8099 separated with a hyphen. The specified range is inclusive.
8100 Lists are allowed. A list is a set of numbers (or ranges)
8101 separated by commas. Step values can be used in conjunction
8102 with ranges.
8103 </p>
8105 <p>
8107 check if all necessary programs are installed before they
8108 try to execute them. Otherwise, problems will arise when a
8109 package was removed but not purged since configuration files
8110 are kept on the system in this situation.
8111 </p>
8113 <p>
8117 must also support names for days and months, ranges, and
8119 and correctly execute the scripts in
8121 execute scripts in
8123 </p>
8128 <p>
8129 The file name of a cron job file should normally match the
8130 name of the package from which it comes.
8131 </p>
8133 <p>
8134 If a package supplies multiple cron job files files in the
8135 same directory, the file names should all start with the name
8136 of the package (possibly modified as described below) followed
8138 </p>
8140 <p>
8141 A cron job file name must not include any period or plus
8145 characters.
8146 </p>
8147 </sect1>
8148 </sect>
8153 <p>
8154 Packages shipping applications that comply with minimal requirements
8155 described below for integration with desktop environments should
8156 register these applications in the desktop menu, following the
8161 and complementary information can be found in the
8164 </p>
8166 <p>
8167 The desktop entry files are installed by the packages in the
8170 not necessary to depend on packages providing FreeDesktop menu
8171 systems.
8172 </p>
8174 <p>
8175 Entries displayed in the FreeDesktop menu should conform to the
8176 following minima for relevance and visual integration.
8178 <list>
8179 <item>
8180 Unless hidden by default, the desktop entry must point to a PNG
8181 or SVG icon with a transparent background, providing at least
8183 should be neutral enough to integrate well with the default icon
8184 themes. It is encouraged to ship the icon in the default
8187 </item>
8189 <item>
8190 If the menu entry is not useful in the general case as a
8191 standalone application, the desktop entry should set the
8193 configured to be displayed only by those who need it.
8194 </item>
8196 <item>
8197 In doubt, the package maintainer should coordinate with the
8198 maintainers of menu implementations through the
8200 with categories or bad interactions with other icons. Especially
8201 for packages which are part of installation tasks, the contents
8203 validated by the maintainers of the relevant environments.
8204 </item>
8205 </list>
8206 </p>
8208 <p>
8209 Since the FreeDesktop menu is a cross-distribution standard, the
8210 desktop entries written for Debian should be forwarded upstream,
8211 where they will benefit to other users and are more likely to
8212 receive extra contributions such as translations.
8213 </p>
8215 <p>
8216 Packages can, to be compatible with Debian additions to some window
8217 managers that do not support the FreeDesktop standard, also provide a
8223 </p>
8224 </sect>
8229 <p>
8230 Media types (formerly known as MIME types, Multipurpose Internet Mail
8232 data streams and providing meta-information about them, in particular
8235 </p>
8237 <p>
8238 Registration of media type handlers allows programs like mail
8239 user agents and web browsers to invoke these handlers to
8240 view, edit or display media types they don't support directly.
8241 </p>
8243 <p>
8244 There are two overlapping systems to associate media types to programs
8247 aimed at Desktop environments. In Debian, FreeDesktop entries are
8248 automatically translated in mailcap entries, therefore packages
8249 already using desktop entries should not use the mailcap system
8250 directly.
8251 </p>
8256 <p>
8257 Packages shipping an application able to view, edit or point to
8258 files of a given media type, or open links with a given URI scheme,
8263 </p>
8264 </sect1>
8269 <p>
8270 Packages that are not using desktop entries for registration should
8273 file name should be the binary package's name.
8274 </p>
8276 <p>
8280 triggers<footnote>
8281 Creating, modifying or removing a file in
8283 not activate the trigger. In that case, it can be done by calling
8285 the maintainer script after creating, modifying, or removing
8286 the file.
8287 </footnote>.
8289 <p>
8290 Packages installing desktop entries should not install mailcap
8291 entries for the same program, because the
8293 entries.
8294 </p>
8296 <p>
8299 </p>
8300 </sect1>
8305 <p>
8306 The media type of a file is discovered by inspecting the file's
8308 interrogating a database associating them with media types.
8309 </p>
8311 <p>
8312 To support new associations between media types and files, their
8313 characteristic file extensions and magic patterns should be
8314 registered to the IANA (Internet Assigned Numbers Authority). See
8316 for details. This information will then propagate to the systems
8317 discovering file media types in Debian, provided by the
8320 packages. If registration and propagation can not be waited for,
8321 support can be asked to the maintainers of the packages mentioned
8322 above.
8323 </p>
8325 <p>
8326 For files that are produced and read by a single application, it
8327 is also possible to declare this association to the
8331 </p>
8332 </sect1>
8333 </sect>
8335 <sect>
8338 <p>
8339 To achieve a consistent keyboard configuration so that all
8340 applications interpret a keyboard event the same way, all
8341 programs in the Debian distribution must be configured to
8342 comply with the following guidelines.
8343 </p>
8345 <p>
8346 The following keys must have the specified interpretations:
8348 <taglist>
8357 </taglist>
8359 The interpretation of any keyboard events should be
8360 independent of the terminal that is used, be it a virtual
8361 console, an X terminal emulator, an rlogin/telnet session,
8362 etc.
8363 </p>
8365 <p>
8366 The following list explains how the different programs
8367 should be set up to achieve this:
8368 </p>
8370 <p>
8371 <list>
8372 <item>
8374 </item>
8376 <item>
8378 </item>
8380 <item>
8381 X translations are set up to make
8384 is the vt220 escape code for the "delete character"
8385 key). This must be done by loading the X resources
8387 using the application defaults, so that the
8388 translation resources used correspond to the
8390 </item>
8392 <item>
8393 The Linux console is configured to make
8396 </item>
8398 <item>
8401 applications already work like this.
8402 </item>
8404 <item>
8406 </item>
8408 <item>
8412 </item>
8414 <item>
8420 </item>
8422 <item>
8425 with ASCII DEL being "delete previous character" and
8427 cursor".
8428 </item>
8430 </list>
8431 </p>
8433 <p>
8434 This will solve the problem except for the following
8435 cases:
8436 </p>
8438 <p>
8439 <list>
8440 <item>
8443 these terminals Emacs help will be unavailable on
8445 character takes precedence in Emacs, and has been set
8447 available) can be used instead.
8448 </item>
8450 <item>
8452 erase</tt>. However, modern telnet versions and all
8456 correctly, things can be made to work by using
8458 </item>
8460 <item>
8461 Some systems (including previous Debian versions) use
8465 their X clients using the same X resources that we use
8466 to do it for our own clients, or configure our clients
8467 using their resources when things are the other way
8468 around. On displays configured like this
8470 will.
8471 </item>
8473 <item>
8478 log in from a system conforming to our policy, but
8480 </item>
8481 </list>
8482 </p>
8483 </sect>
8485 <sect>
8488 <p>
8489 A program must not depend on environment variables to get
8490 reasonable defaults. (That's because these environment
8491 variables would have to be set in a system-wide
8493 supported by all shells.)
8494 </p>
8496 <p>
8497 If a program usually depends on environment variables for its
8498 configuration, the program should be changed to fall back to
8499 a reasonable default configuration if these environment
8500 variables are not present. If this cannot be done easily
8501 (e.g., if the source code of a non-free program is not
8502 available), the program must be replaced by a small
8503 "wrapper" shell script which sets the environment variables
8504 if they are not already defined, and calls the original program.
8505 </p>
8507 <p>
8508 Here is an example of a wrapper script for this purpose:
8511 #!/bin/sh
8512 BAR=${BAR:-/var/lib/fubar}
8513 export BAR
8514 exec /usr/lib/foo/foo "$@"
8515 </example>
8516 </p>
8518 <p>
8521 not put any environment variables or other commands into that
8522 file.
8523 </p>
8524 </sect>
8529 <p>
8531 flexible mechanism for handling and presenting
8532 documentation. The recommended practice is for every Debian
8533 package that provides online documentation (other than just
8534 manual pages) to register these documents with
8538 </p>
8539 <p>
8540 Please refer to the documentation that comes with the
8542 details.
8543 </p>
8544 </sect>
8548 <p>
8549 A number of other init systems are available now in Debian that
8551 init implementations must support running SysV init scripts as
8553 </p>
8554 <p>
8555 Packages may integrate with these replacement init systems by
8556 providing implementation-specific configuration information about
8557 how and when to start a service or in what order to run certain
8558 tasks at boot time. However, any package integrating with other
8559 init systems must also be backwards-compatible with
8561 with the same name as and equivalent functionality to any
8562 init-specific job, as this is the only start-up configuration
8563 method guaranteed to be supported by all init implementations. An
8564 exception to this rule is scripts or jobs provided by the init
8565 implementation itself; such jobs may be required for an
8567 scripts and may not have a one-to-one correspondence with the init
8568 scripts.
8569 </p>
8573 <p>
8575 boot system by installing job files in the
8577 an equivalent upstart job is available must query the output of
8580 upstart job, using a test such as this:
8583 then
8584 exit 1
8585 fi
8586 </example>
8587 </p>
8588 <p>
8589 Because packages shipping upstart jobs may be installed on
8590 systems that are not using upstart, maintainer scripts must
8593 and for starting and stopping services. These maintainer
8596 interfaces directly. Instead, implementations of
8598 when an upstart job with the same name as an init script is
8599 present, and perform the requested action using the upstart job
8600 instead of the init script.
8601 </p>
8602 <p>
8603 Dependency-based boot managers for SysV init scripts, such as
8605 entirely when an equivalent upstart job is present, to avoid
8606 unnecessary forking of no-op init scripts. In this case, the
8607 boot manager should integrate with upstart to detect when the
8608 upstart job in question is started or stopped to know when the
8609 dependency has been satisfied.
8610 </p>
8611 </sect1>
8612 </sect>
8614 </chapt>
8623 <p>
8624 Two different packages must not install programs with
8625 different functionality but with the same filenames. (The
8626 case of two programs having the same functionality but
8627 different implementations is handled via "alternatives" or
8630 one of the programs must be renamed. The maintainers should
8632 try to find a consensus about which program will have to be
8634 programs must be renamed.
8635 </p>
8636 <p>
8637 Binary executables must not be statically linked with the GNU C
8638 library, since this prevents the binary from benefiting from
8639 fixes and improvements to the C library without being rebuilt
8640 and complicates security updates. This requirement may be
8641 relaxed for binary executables whose intended purpose is to
8642 diagnose and fix the system in situations where the GNU C
8643 library may not be usable (such as system recovery shells or
8644 utilities like ldconfig) or for binary executables where the
8645 security benefits of static linking outweigh the drawbacks.
8646 </p>
8647 <p>
8648 By default, when a package is being built, any binaries
8649 created should include debugging information, as well as
8650 being compiled with optimization. You should also turn on
8651 as many reasonable compilation warnings as possible; this
8652 makes life easier for porters, who can then look at build
8653 logs for possible problems. For the C programming language,
8654 this means the following compilation parameters should be
8655 used:
8657 CC = gcc
8658 CFLAGS = -O2 -g -Wall # sane warning options vary between programs
8659 LDFLAGS = # none
8660 INSTALL = install -s # (or use strip on the files in debian/tmp)
8661 </example>
8662 </p>
8664 <p>
8665 Note that by default all installed binaries should be stripped,
8668 the binaries after they have been copied into
8670 package.
8671 </p>
8673 <p>
8674 Although binaries in the build tree should be compiled with
8675 debugging information by default, it can often be difficult to
8676 debug programs if they are also subjected to compiler
8677 optimization. For this reason, it is recommended to support the
8680 several flags to change how a package is compiled and built.
8681 </p>
8683 <p>
8684 It is up to the package maintainer to decide what
8685 compilation options are best for the package. Certain
8686 binaries (such as computationally-intensive programs) will
8688 example); feel free to use them. Please use good judgment
8689 here. Don't use flags for the sake of it; only use them
8690 if there is good reason to do so. Feel free to override
8691 the upstream author's ideas about which compilation
8692 options are best: they are often inappropriate for our
8693 environment.
8694 </p>
8695 </sect>
8701 <p>
8703 the shared library compilation and linking flags must have
8705 the supported architectures<footnote>
8706 <p>
8708 relocatable position independent code, which is required for
8709 most architectures to create a shared library, with i386 and
8710 perhaps some others where non position independent code is
8711 permitted in a shared library.
8712 </p>
8713 <p>
8714 Position independent code may have a performance penalty,
8716 speed penalty must be measured against the memory wasted on
8717 the few architectures where non position independent code is
8718 even possible.
8719 </p>
8720 </footnote>. Any exception to this rule must be discussed on
8722 a rough consensus obtained. The reasons for not compiling
8726 be used on architectures where it is required.<footnote>
8727 <p>
8728 Some of the reasons why this might be required is if the
8729 library contains hand crafted assembly code that is not
8730 relocatable, the speed penalty is excessive for compute
8731 intensive libs, and similar reasons.
8732 </p>
8733 </footnote>
8734 </p>
8735 <p>
8736 As to the static libraries, the common case is not to have
8737 relocatable code, since there is no benefit, unless in specific
8738 cases; therefore the static version must not be compiled
8740 should be discussed on the mailing list
8744 <p>
8745 Some of the reasons for linking static libraries with
8747 Perl API for a library that is under rapid development,
8748 and has an unstable API, so shared libraries are
8749 pointless at this phase of the library's development. In
8750 that case, since Perl needs a library with relocatable
8751 code, it may make sense to create a static library with
8752 relocatable code. Another reason cited is if you are
8753 distilling various libraries into a common shared
8755 installer project.
8756 </p>
8757 </footnote>
8758 </p>
8759 <p>
8760 In other words, if both a shared and a static library is
8762 for C files) will need to be compiled twice, for the normal
8763 case.
8764 </p>
8766 <p>
8767 Libraries should be built with threading support and to be
8768 thread-safe if the library supports this.
8769 </p>
8771 <p>
8772 Although not enforced by the build tools, shared libraries
8773 must be linked against all libraries that they use symbols from
8774 in the same way that binaries are. This ensures the correct
8777 systems and guarantees that all libraries can be safely opened
8780 Since this option enforces symbol resolution at build time,
8781 a missing library reference will be caught early as a fatal
8782 build error.
8783 </p>
8785 <p>
8786 All installed shared libraries should be stripped with
8789 </example>
8792 needed for relocation processing.) Shared libraries can
8793 function perfectly well when stripped, since the symbols for
8794 dynamic linking are in a separate part of the ELF object
8795 file.<footnote>
8796 You might also want to use the options
8800 libraries.
8801 </footnote>
8802 </p>
8804 <p>
8805 Note that under some circumstances it may be useful to
8806 install a shared library unstripped, for example when
8807 building a separate package to support debugging.
8808 </p>
8810 <p>
8812 public libraries, that is, they are not meant to be linked
8813 to by third party executables (binaries of other packages),
8814 should be installed in subdirectories of the
8816 rules that govern ordinary shared libraries, except that
8817 they must not be installed executable and should be
8818 stripped.<footnote>
8819 A common example are the so-called "plug-ins",
8820 internal shared objects that are dynamically loaded by
8822 </footnote>
8823 </p>
8825 <p>
8827 their shared libraries install a file containing additional
8829 For public libraries intended for use by other packages, these
8830 files normally should not be included in the Debian package,
8831 since the information they include is not necessary to link with
8832 the shared library on Debian and can add unnecessary additional
8833 dependencies to other programs or libraries.<footnote>
8834 These files store, among other things, all libraries on which
8835 that shared library depends. Unfortunately, if
8838 linking against that library will cause the resulting program
8839 or library to be linked against those dependencies as well,
8840 even if this is unnecessary. This can create unneeded
8841 dependencies on shared library packages that would otherwise
8842 be hidden behind the library ABI, and can make library
8843 transitions to new SONAMEs unnecessarily complicated and
8844 difficult to manage.
8845 </footnote>
8850 the empty string. If the shared library development package has
8853 emptied) until all libraries that depend on it have removed or
8855 files to prevent linking with those other libraries
8857 </p>
8859 <p>
8865 package.
8866 </p>
8868 <p>
8870 apply to loadable modules or libraries not installed in
8871 directories searched by default by the dynamic linker. Packages
8872 installing loadable modules will frequently need to install
8875 does not need to be modified for libraries or modules that are
8876 not installed in directories searched by the dynamic linker by
8877 default and not intended for use by other packages.
8878 </p>
8880 <p>
8881 You must make sure that you use only released versions of
8882 shared libraries to build your packages; otherwise other
8883 users will not be able to run your binaries
8884 properly. Producing source packages that depend on
8885 unreleased compilers is also usually a bad
8886 idea.
8887 </p>
8888 </sect>
8891 <sect>
8893 <p>
8895 </p>
8896 </sect>
8902 <p>
8903 All command scripts, including the package maintainer
8906 to interpret them.
8907 </p>
8909 <p>
8910 In the case of Perl scripts this should be
8912 </p>
8914 <p>
8915 When scripts are installed into a directory in the system
8916 PATH, the script name should not include an extension such
8918 language currently used to implement it.
8919 </p>
8920 <p>
8925 to how frequently they need to call commands that are allowed to
8926 fail, and it may instead be easier to check the exit status of
8929 </p>
8930 <p>
8933 </p>
8934 <p>
8936 SUSv3 Shell Command Language<footnote>
8937 Single UNIX Specification, version 3, which is also IEEE
8941 registration.</footnote>
8942 plus the following additional features not mandated by
8943 SUSv3:<footnote>
8944 These features are in widespread use in the Linux community
8945 and are implemented in all of bash, dash, and ksh, the most
8947 </footnote>
8948 <list>
8950 must not generate a newline.</item>
8953 operators.</item>
8955 supported, including listing multiple variables in a single
8956 local command and assigning a value to a variable at the
8958 may not preserve the variable value from an outer scope if
8959 no assignment is present. Uses such as:
8961 fname () {
8962 local a b c=delta d
8963 # ... use a, b, c, d ...
8964 }
8965 </example>
8968 </item>
8971 the name of a signal or one of the numeric signals listed in
8974 built-in.
8975 </item>
8977 signals must be supported. In addition to the signal
8978 numbers listed in the extension, which are the same as for
8980 </item>
8981 </list>
8982 If a shell script requires non-SUSv3 features from the shell
8983 interpreter other than those listed above, the appropriate shell
8984 must be specified in the first line of the script (e.g.,
8986 providing the shell (unless the shell package is marked
8988 </p>
8990 <p>
8991 You may wish to restrict your script to SUSv3 features plus the
8993 as its interpreter. Checking your script
8997 uncover violations of the above requirements. If in doubt
8998 whether a script complies with these requirements,
9000 </p>
9002 <p>
9003 Perl scripts should check for errors when making any
9006 </p>
9008 <p>
9010 scripting languages. See <em>Csh Programming Considered
9014 then you must make sure that they start with
9017 </p>
9019 <p>
9020 Any scripts which create files in world-writeable
9022 mechanism which will fail atomically if a file with the same
9023 name already exists.
9024 </p>
9026 <p>
9029 this purpose.
9030 </p>
9031 </sect>
9034 <sect>
9037 <p>
9038 In general, symbolic links within a top-level directory should
9039 be relative, and symbolic links pointing from one top-level
9040 directory to or into another should be absolute. (A top-level
9041 directory is a sub-directory of the root
9046 absolute.<footnote>
9047 This is necessary to allow top-level directories to be
9053 target.
9054 </footnote>
9055 Symbolic links must not traverse above the root directory.
9056 </p>
9058 <p>
9059 In addition, symbolic links should be specified as short as
9061 deprecated.
9062 </p>
9064 <p>
9065 Note that when creating a relative link using
9067 link to exist relative to the working directory you're
9069 directory to the directory where the link is to be made.
9070 Simply include the string that should appear as the target
9071 of the link (this will be a pathname relative to the
9072 directory in which the link resides) as the first argument
9074 </p>
9076 <p>
9080 ln -fs gcc $(prefix)/bin/cc
9081 ln -fs gcc debian/tmp/usr/bin/cc
9082 ln -fs ../sbin/sendmail $(prefix)/bin/runq
9083 ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
9084 </example>
9085 </p>
9087 <p>
9088 A symbolic link pointing to a compressed file (in the sense
9091 have the same file extension as the referenced file. (For
9093 symbolic link, the filename of the link has to end with
9095 </p>
9096 </sect>
9098 <sect>
9101 <p>
9102 Packages must not include device files or named pipes in the
9103 package file tree.
9104 </p>
9106 <p>
9107 If a package needs any special device files that are not
9108 included in the base system, it must call
9110 after notifying the user<footnote>
9111 This notification could be done via a (low-priority)
9112 debconf message, or an echo (printf) statement.
9113 </footnote>.
9114 </p>
9116 <p>
9117 Packages must not remove any device files in the
9119 system administrator.
9120 </p>
9122 <p>
9123 Debian uses the serial devices
9127 </p>
9129 <p>
9130 Named pipes needed by the package must be created in
9134 automated checks for packages incorrectly creating device
9136 </footnote> and removed in
9138 appropriate.
9139 </p>
9140 </sect>
9145 <sect1>
9148 <p>
9149 <taglist>
9151 <item>
9152 A file that affects the operation of a program, or
9153 provides site- or host-specific information, or
9154 otherwise customizes the behavior of a program.
9155 Typically, configuration files are intended to be
9156 modified by the system administrator (if needed or
9157 desired) to conform to local policy or to provide
9158 more useful site-specific behavior.
9159 </item>
9162 <item>
9166 </item>
9167 </taglist>
9168 </p>
9170 <p>
9171 The distinction between these two is important; they are
9172 not interchangeable concepts. Almost all
9175 </p>
9177 <p>
9182 treated as configuration files. In general, any script that
9183 embeds configuration information is de-facto a configuration
9184 file and should be treated as such.
9185 </p>
9186 </sect1>
9188 <sect1>
9191 <p>
9192 Any configuration files created or used by your package
9195 named after your package.
9196 </p>
9198 <p>
9199 If your package creates or uses configuration files
9203 from the location that the package requires.
9204 </p>
9205 </sect1>
9207 <sect1>
9210 <p>
9211 Configuration file handling must conform to the following
9212 behavior:
9214 <item>
9215 local changes must be preserved during a package
9216 upgrade, and
9217 </item>
9218 <item>
9219 configuration files must be preserved when the
9220 package is removed, and only deleted when the
9221 package is purged.
9222 </item>
9223 </list>
9224 Obsolete configuration files without local changes should be
9225 removed by the package during upgrade.<footnote>
9228 </p>
9230 <p>
9231 The easy way to achieve this behavior is to make the
9233 appropriate only if it is possible to distribute a default
9234 version that will work for most installations, although
9235 some system administrators may choose to modify it. This
9236 implies that the default version will be part of the
9237 package distribution, and must not be modified by the
9238 maintainer scripts during installation (or at any other
9239 time).
9240 </p>
9242 <p>
9243 In order to ensure that local changes are preserved
9244 correctly, no package may contain or make hard links to
9245 conffiles.<footnote>
9246 Rationale: There are two problems with hard links.
9247 The first is that some editors break the link while
9248 editing one of the files, so that the two files may
9249 unwittingly become unlinked and different. The second
9252 </footnote>
9253 </p>
9255 <p>
9256 The other way to do it is via the maintainer scripts. In
9257 this case, the configuration file must not be listed as a
9259 distribution. If the existence of a file is required for
9260 the package to be sensibly configured it is the
9261 responsibility of the package maintainer to provide
9262 maintainer scripts which correctly create, update and
9263 maintain the file and remove it on purge. (See <ref
9265 scripts must be idempotent (i.e., must work correctly if
9267 during installation or removal), must cope with all the
9269 scripts, must not overwrite or otherwise mangle the user's
9270 configuration without asking, must not ask unnecessary
9271 questions (particularly during upgrades), and must
9272 otherwise be good citizens.
9273 </p>
9275 <p>
9276 The scripts are not required to configure every possible
9277 option for the package, but only those necessary to get
9278 the package running on a given system. Ideally the
9279 sysadmin should not have to do any configuration other
9280 than that done (semi-)automatically by the
9282 </p>
9284 <p>
9285 A common practice is to create a script called
9288 configuration file does not already exist. In certain
9289 cases it is useful for there to be an example or template
9290 file which the maintainer scripts use. Such files should
9293 they are architecture-independent or not). There should
9294 be symbolic links to them from
9296 they are examples, and should be perfectly ordinary
9298 configuration files).
9299 </p>
9301 <p>
9302 These two styles of configuration file handling must
9303 not be mixed, for that way lies madness:
9305 every time the package is upgraded.
9306 </p>
9307 </sect1>
9309 <sect1>
9312 <p>
9313 If two or more packages use the same configuration file
9314 and it is reasonable for both to be installed at the same
9315 time, one of these packages must be defined as
9317 the package which handles that file as a configuration
9318 file. Other packages that use the configuration file must
9319 depend on the owning package if they require the
9320 configuration file to operate. If the other package will
9321 use the configuration file if present, but is capable of
9322 operating without it, no dependency need be declared.
9323 </p>
9325 <p>
9326 If it is desirable for two or more related packages to
9328 related packages to be able to modify that configuration
9329 file, then the following should be done:
9331 <item>
9332 One of the related packages (the "owning" package)
9333 will manage the configuration file with maintainer
9334 scripts as described in the previous section.
9335 </item>
9336 <item>
9337 The owning package should also provide a program
9338 that the other packages may use to modify the
9339 configuration file.
9340 </item>
9341 <item>
9342 The related packages must use the provided program
9343 to make any desired modifications to the
9344 configuration file. They should either depend on
9345 the core package to guarantee that the configuration
9346 modifier program is available or accept gracefully
9347 that they cannot modify the configuration file if it
9348 is not. (This is in addition to the fact that the
9349 configuration file may not even be present in the
9350 latter scenario.)
9351 </item>
9352 </enumlist>
9353 </p>
9355 <p>
9356 Sometimes it's appropriate to create a new package which
9357 provides the basic infrastructure for the other packages
9358 and which manages the shared configuration files. (The
9360 </p>
9362 <p>
9363 If the configuration file cannot be shared as described above,
9364 the packages must be marked as conflicting with each other.
9365 Two packages that specify the same file as
9367 general rule about not sharing files. Neither alternatives
9368 nor diversions are likely to be appropriate in this case; in
9371 </p>
9373 <p>
9375 may see left-over configuration files from each other even
9376 though they conflict with each other. If a user removes
9377 (without purging) one of the packages and installs the other,
9379 old package. If the file was modified by the user, it will be
9380 treated the same as any other locally
9382 </p>
9384 <p>
9387 belong to.
9388 </p>
9389 </sect1>
9391 <sect1>
9394 <p>
9397 No other program should reference the files in
9399 </p>
9401 <p>
9402 Therefore, if a program needs a dotfile to exist in
9405 configuration file.
9406 </p>
9408 <p>
9409 However, programs that require dotfiles in order to
9410 operate sensibly are a bad thing, unless they do create
9411 the dotfiles themselves automatically.
9412 </p>
9414 <p>
9415 Furthermore, programs should be configured by the Debian
9416 default installation to behave as closely to the upstream
9417 default behavior as possible.
9418 </p>
9420 <p>
9421 Therefore, if a program in a Debian package needs to be
9422 configured in some way in order to operate sensibly, that
9423 should be done using a site-wide configuration file placed
9425 site-wide default configuration and the package maintainer
9426 doesn't have time to add it may a default per-user file be
9428 </p>
9430 <p>
9432 This is particularly true because there is no easy (or
9433 necessarily desirable) mechanism for ensuring that the
9434 appropriate dotfiles are copied into the accounts of
9435 existing users when a package is installed.
9436 </p>
9437 </sect1>
9438 </sect>
9440 <sect>
9442 <p>
9443 Log files should usually be named
9445 log files, or need a separate directory for permission
9449 files there.
9450 </p>
9452 <p>
9453 Log files must be rotated occasionally so that they don't grow
9454 indefinitely. The best way to do this is to install a log
9455 rotation configuration file in the
9459 <footnote>
9460 <p>
9461 The traditional approach to log files has been to set up
9463 scripts and cron. While this approach is highly
9464 customizable, it requires quite a lot of sysadmin work.
9465 Even though the original Debian system helped a little
9466 by automatically installing a system which can be used
9467 as a template, this was deemed not enough.
9468 </p>
9470 <p>
9472 by Red Hat, is better, as it centralizes log management.
9473 It has both a configuration file
9475 packages can drop their individual log rotation
9477 </p>
9478 </footnote>
9479 Here is a good example for a logrotate config
9483 /var/log/foo/*.log {
9484 rotate 12
9485 weekly
9486 compress
9487 missingok
9488 postrotate
9489 start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
9490 endscript
9491 }
9492 </example>
9494 compressed generations, and tells the daemon to reopen its log
9495 files after the log rotation. It skips this log rotation
9497 avoids errors if the package is removed but not purged.
9498 </p>
9500 <p>
9501 Log files should be removed when the package is
9502 purged (but not when it is only removed). This should be
9506 </p>
9507 </sect>
9512 <p>
9513 The rules in this section are guidelines for general use.
9514 If necessary you may deviate from the details below.
9515 However, if you do so you must make sure that what is done
9516 is secure and you should try to be as consistent as possible
9517 with the rest of the system. You should probably also
9519 </p>
9521 <p>
9523 writable only by the owner and universally readable (and
9525 </p>
9527 <p>
9528 Directories should be mode 755 or (for group-writability)
9529 mode 2775. The ownership of the directory should be
9530 consistent with its mode: if a directory is mode 2775, it
9531 should be owned by the group that needs write access to
9532 it.<footnote>
9533 <p>
9534 When a package is upgraded, and the owner or permissions
9535 of a file included in the package has changed, dpkg
9536 arranges for the ownership and permissions to be
9537 correctly set upon installation. However, this does not
9538 extend to directories; the permissions and ownership of
9539 directories already on the system does not change on
9540 install or upgrade of packages. This makes sense, since
9542 always be in flux. To correctly change permissions of a
9543 directory the package owns, explicit action is required,
9545 taken to handle downgrades as well, in that case.
9546 </p>
9547 </footnote>
9548 </p>
9550 <p>
9554 scripts</qref>).
9555 </p>
9557 <p>
9559 respectively, and owned by the appropriate user or group.
9560 They should not be made unreadable (modes like 4711 or
9562 because anyone can find the binary in the freely available
9563 Debian package; it is merely inconvenient. For the same
9564 reason you should not restrict read or execute permissions
9565 on non-set-id executables.
9566 </p>
9568 <p>
9569 Some setuid programs need to be restricted to particular
9570 sets of users, using file permissions. In this case they
9571 should be owned by the uid to which they are set-id, and by
9572 the group which should be allowed to execute them. They
9573 should have mode 4754; again there is no point in making
9574 them unreadable to those users who must not be allowed to
9575 execute them.
9576 </p>
9578 <p>
9579 It is possible to arrange that the system administrator can
9580 reconfigure the package to correspond to their local
9581 security policy by changing the permissions on a binary:
9583 described below.<footnote>
9586 normally have their permissions reset to the distributed
9587 permissions when the package is reinstalled. However,
9589 default behavior.
9590 </footnote>
9591 Another method you should consider is to create a group for
9592 people allowed to use the program(s) and make any setuid
9593 executables executable only by that group.
9594 </p>
9596 <p>
9597 If you need to create a new user or group for your package
9598 there are two possibilities. Firstly, you may need to
9599 make some files in the binary package be owned by this
9600 user or group, or you may need to compile the user or
9601 group id (rather than just the name) into the binary
9602 (though this latter should be avoided if possible, as in
9603 this case you need a statically allocated id).</p>
9605 <p>
9606 If you need a statically allocated id, you must ask for a
9608 and must not release the package until you have been
9609 allocated one. Once you have been allocated one you must
9610 either make the package depend on a version of the
9613 your package to create the user or group itself with the
9617 possible, otherwise a pre-dependency will be needed on the
9619 </p>
9621 <p>
9622 On the other hand, the program might be able to determine the
9623 uid or gid from the user or group name at runtime, so that a
9624 dynamically allocated id can be used. In this case you should
9625 choose an appropriate user or group name, discussing this
9627 When this has been checked you must arrange for your package to
9628 create the user or group if necessary using
9631 preferred if it is possible).
9632 </p>
9634 <p>
9635 Note that changing the numeric value of an id associated
9636 with a name is very difficult, and involves searching the
9637 file system for all appropriate files. You need to think
9638 carefully whether a static or dynamic id is required, since
9639 changing your mind later will cause problems.
9640 </p>
9643 <p>
9644 This section is not intended as policy, but as a
9646 </p>
9648 <p>
9649 If a system administrator wishes to have a file (or
9650 directory or other such thing) installed with owner and
9651 permissions different from those in the distributed Debian
9654 settings every time the file is installed. Thus the
9655 package maintainer should distribute the files with their
9656 normal permissions, and leave it for the system
9657 administrator to make any desired changes. For example, a
9658 daemon which is normally required to be setuid root, but
9659 in certain situations could be used without being setuid,
9661 local system administrator can change this if they wish.
9662 If there are two standard ways of doing it, the package
9665 maintainer script if necessary to accommodate the system
9666 administrator's choice. Care must be taken during
9667 upgrades to not override an existing setting.
9668 </p>
9670 <p>
9672 essentially a tool for system administrators and would not
9673 normally be needed in the maintainer scripts. There is
9674 one type of situation, though, where calls to
9676 maintainer scripts, and that involves packages which use
9677 dynamically allocated user or group ids. In such a
9678 situation, something like the following idiom can be very
9681 <example>
9682 for i in /usr/bin/foo /usr/sbin/bar
9683 do
9684 # only do something when no setting exists
9686 then
9687 #include: debconf processing, question about foo and bar
9689 dpkg-statoverride --update --add sysuser root 4755 $i
9690 fi
9691 fi
9692 done
9693 </example>
9694 The corresponding code to remove the override when the package
9695 is purged would be:
9696 <example>
9697 for i in /usr/bin/foo /usr/sbin/bar
9698 do
9700 then
9701 dpkg-statoverride --remove $i
9702 fi
9703 done
9704 </example>
9705 </p>
9706 </sect1>
9707 </sect>
9712 <p>
9713 The name of the files installed by binary packages in the system PATH
9716 ASCII.
9717 </p>
9719 <p>
9720 The name of the files and directories installed by binary packages
9721 outside the system PATH must be encoded in UTF-8 and should be
9722 restricted to ASCII when it is possible to do so.
9723 </p>
9724 </sect>
9725 </chapt>
9734 <p>
9735 If a program needs to specify an <em>architecture specification
9736 string</em> in some place, it should select one of the strings
9739 part is sometimes elided, as when the OS is Linux.
9740 </p>
9742 <p>
9743 Note that we don't want to use
9746 since this would make our programs incompatible with other
9747 Linux distributions. We also don't use something like
9750 </p>
9755 <p>
9756 A package may specify an architecture wildcard. Architecture
9760 Internally, the package system normalizes the GNU triplets
9761 and the Debian arches into Debian arch triplets (which are
9762 kind of inverted GNU triplets), with the first component of
9763 the triplet representing the libc and ABI in use, and then
9764 does matching against those triplets. However, such
9765 triplets are an internal implementation detail that should
9766 not be used by packages directly. The libc and ABI portion
9767 is handled internally by the package system based on
9769 </footnote>
9770 </p>
9771 </sect1>
9772 </sect>
9774 <sect>
9777 <p>
9781 by other packages.
9782 </p>
9784 <p>
9785 If a package requires a new entry in one of these files, the
9786 maintainer should get in contact with the
9789 package.
9790 </p>
9792 <p>
9794 modified by the package's scripts except via the
9797 for details on how to add entries.
9798 </p>
9800 <p>
9801 If a package wants to install an example entry into
9804 treated as "commented out by user" by the
9806 activated during package updates.
9807 </p>
9808 </sect>
9810 <sect>
9811 <heading>Using pseudo-ttys and modifying wtmp, utmp and
9812 lastlog</heading>
9814 <p>
9815 Some programs need to create pseudo-ttys. This should be done
9816 using Unix98 ptys if the C library supports it. The resulting
9817 program must not be installed setuid root, unless that
9818 is required for other functionality.
9819 </p>
9821 <p>
9826 </p>
9827 </sect>
9829 <sect>
9832 <p>
9833 Some programs have the ability to launch an editor or pager
9834 program to edit or display a text document. Since there are
9835 lots of different editors and pagers available in the Debian
9836 distribution, the system administrator and each user should
9837 have the possibility to choose their preferred editor and
9838 pager.
9839 </p>
9841 <p>
9842 In addition, every program should choose a good default
9843 editor/pager if none is selected by the user or system
9844 administrator.
9845 </p>
9847 <p>
9848 Thus, every program that launches an editor or pager must
9849 use the EDITOR or PAGER environment variable to determine
9850 the editor or pager the user wishes to use. If these
9853 </p>
9855 <p>
9857 "alternatives" mechanism. Every package providing an editor or
9861 should have a slave alternative
9864 corresponding manual page.
9865 </p>
9867 <p>
9868 If it is very hard to adapt a program to make use of the
9869 EDITOR or PAGER variables, that program may be configured to
9872 program respectively. These are two scripts provided in the
9874 and PAGER variables and launch the appropriate program, and fall
9877 </p>
9879 <p>
9880 A program may also use the VISUAL environment variable to
9881 determine the user's choice of editor. If it exists, it
9882 should take precedence over EDITOR. This is in fact what
9884 </p>
9886 <p>
9887 It is not required for a package to depend on
9889 package to provide such virtual packages.<footnote>
9890 The Debian base system already provides an editor and a
9891 pager program.
9892 </footnote>
9893 </p>
9894 </sect>
9899 <p>
9900 This section describes the locations and URLs that should
9901 be used by all web servers and web applications in the
9902 Debian system.
9903 </p>
9905 <p>
9906 <enumlist>
9907 <item>
9908 Cgi-bin executable files are installed in the
9909 directory
9911 /usr/lib/cgi-bin
9912 </example>
9913 or a subdirectory of that directory, and the script
9916 </example>
9917 should be referred to as
9920 </example>
9921 </item>
9923 <item>
9925 </item>
9927 <item>
9929 <p>
9930 It is recommended that images for a package be stored
9933 as
9934 <example>
9936 </example>
9938 </p>
9939 </item>
9941 <item>
9944 <p>
9945 Web Applications should try to avoid storing files in
9946 the Web Document Root. Instead they should use the
9948 documents and register the Web Application via the
9950 web document root is unavoidable then use
9952 /var/www/html
9953 </example>
9954 as the Document Root. This might be just a symbolic
9955 link to the location where the system administrator
9956 has put the real document root.
9957 </p>
9958 </item>
9960 <p>
9961 All web servers should provide the virtual package
9964 </p>
9965 <p>
9966 All web applications which do not contain CGI scripts should
9970 </p>
9971 </item>
9972 </enumlist>
9973 </p>
9974 </sect>
9979 <p>
9980 Debian packages which process electronic mail, whether mail
9981 user agents (MUAs) or mail transport agents (MTAs), must
9982 ensure that they are compatible with the configuration
9983 decisions below. Failure to do this may result in lost
9985 damage!
9986 </p>
9988 <p>
9991 the FHS). On older systems, the mail spool may be
9993 access to the mail spool should be via the
9995 base system and not part of the MTA package.
9996 </p>
9998 <p>
9999 All Debian MUAs, MTAs, MDAs and other mailbox accessing
10000 programs (such as IMAP daemons) must lock the mailbox in an
10002 be combined with dot locking. To avoid deadlocks, a program
10004 this, or alternatively implement the two locking methods in
10005 a non blocking way<footnote>
10006 If it is not possible to establish both locks, the
10007 system shouldn't wait for the second lock to be
10008 established, but remove the first lock, wait a (random)
10009 time, and start over locking again.
10013 accomplish this.
10014 </p>
10016 <p>
10017 Mailboxes are generally either mode 600 and owned by
10020 There are two traditional permission schemes for mail spools:
10021 mode 600 with all mail delivery done by processes running as
10022 the destination user, or mode 660 and owned by group mail with
10023 mail delivery done by a process running as a system user in
10024 group mail. Historically, Debian required mode 660 mail
10025 spools to enable the latter model, but that model has become
10026 increasingly uncommon and the principle of least privilege
10027 indicates that mail systems that use the first model should
10028 use permissions of 600. If delivery to programs is permitted,
10029 it's easier to keep the mail system secure if the delivery
10030 agent runs as the destination user. Debian Policy therefore
10031 permits either scheme.
10032 </footnote>. The local system administrator may choose a
10033 different permission scheme; packages should not make
10034 assumptions about the permission and ownership of mailboxes
10035 unless required (such as when creating a new mailbox). A MUA
10036 may remove a mailbox (unless it has nonstandard permissions) in
10037 which case the MTA or another MUA must recreate it if needed.
10038 </p>
10040 <p>
10042 be setgid mail to do the locking mentioned above (and
10043 must obviously avoid accessing other users' mailboxes
10044 using this privilege).</p>
10046 <p>
10048 aliases (e.g., postmaster, usenet, etc.), it is the one
10053 even if it does nothing, but older MTA packages did not do
10055 cannot be found. Note that because of this, all MTA
10058 </p>
10060 <p>
10061 The convention of writing <tt>forward to
10065 <p>
10070 is supported.</p>
10072 <p>
10073 If your package needs to know what hostname to use on (for
10074 example) outgoing news and mail messages which are generated
10077 (at) sign for email addresses of users on the machine
10078 (followed by a newline).
10079 </p>
10081 <p>
10082 Such a package should check for the existence of this file
10083 when it is being configured. If it exists, it should be
10084 used without comment, although an MTA's configuration script
10085 may wish to prompt the user even if it finds that this file
10086 exists. If the file does not exist, the package should
10087 prompt the user for the value (preferably using
10089 as well as using it in the package's configuration. The
10090 prompt should make it clear that the name will not just be
10091 used by that package. For example, in this situation the
10094 Please enter the "mail name" of your system. This is the
10095 hostname portion of the address to be shown on outgoing
10096 news and mail messages. The default is
10098 name ["<var>syshostname</var>"]:
10099 </example>
10101 --fqdn</tt>.
10102 </p>
10103 </sect>
10105 <sect>
10108 <p>
10109 All the configuration files related to the NNTP (news)
10110 servers and clients should be located under
10113 <p>
10114 There are some configuration issues that apply to a number
10115 of news clients and server packages on the machine. These
10116 are:
10118 <taglist>
10120 <item>
10121 A string which should appear as the
10122 organization header for all messages posted
10123 by NNTP clients on the machine
10124 </item>
10127 <item>
10128 Contains the FQDN of the upstream NNTP
10129 server, or localhost if the local machine is
10130 an NNTP server.
10131 </item>
10132 </taglist>
10134 Other global files may be added as required for cross-package news
10135 configuration.
10136 </p>
10137 </sect>
10140 <sect>
10143 <sect1>
10146 <p>
10147 Programs that can be configured with support for the X
10148 Window System must be configured to do so and must declare
10149 any package dependencies necessary to satisfy their
10150 runtime requirements when using the X Window System. If
10151 such a package is of higher priority than the X packages
10152 on which it depends, it is required that either the
10153 X-specific components be split into a separate package, or
10154 that an alternative version of the package, which includes
10155 X support, be provided, or that the package's priority be
10156 lowered.
10157 </p>
10158 </sect1>
10160 <sect1>
10163 <p>
10164 Packages that provide an X server that, directly or
10165 indirectly, communicates with real input and display
10167 field that they provide the virtual
10169 This implements current practice, and provides an
10171 virtual package which appears in the virtual packages
10172 list. In a nutshell, X servers that interface
10173 directly with the display and input hardware or via
10174 another subsystem (e.g., GGI) should provide
10177 </footnote>
10178 </p>
10179 </sect1>
10181 <sect1>
10184 <p>
10185 Packages that provide a terminal emulator for the X Window
10186 System which meet the criteria listed below should declare in
10189 also register themselves as an alternative for
10191 20. That alternative should have a slave alternative
10193 pointing to the corresponding manual page.
10194 </p>
10196 <p>
10199 <item>
10200 Be able to emulate a DEC VT100 terminal, or a
10201 compatible terminal.
10202 </item>
10204 <item>
10205 Support the command-line option <tt>-e
10207 terminal window<footnote>
10208 "New terminal window" does not necessarily mean
10209 a new top-level X window directly parented by
10210 the window manager; it could, if the terminal
10211 emulator application were so coded, be a new
10212 "view" in a multiple-document interface (MDI).
10213 </footnote>
10215 interpreting the entirety of the rest of the command
10216 line as a command to pass straight to exec, in the
10218 </item>
10220 <item>
10221 Support the command-line option <tt>-T
10224 </item>
10225 </list>
10226 </p>
10227 </sect1>
10229 <sect1>
10232 <p>
10233 Packages that provide a window manager should declare in
10236 register themselves as an alternative for
10238 calculated as follows:
10240 <item>
10241 Start with a priority of 20.
10242 </item>
10244 <item>
10245 If the window manager supports the Debian menu
10246 system, add 20 points if this support is available
10247 in the package's default configuration (i.e., no
10248 configuration files belonging to the system or user
10249 have to be edited to activate the feature); if
10250 configuration files must be modified, add only 10
10251 points.
10252 </p>
10253 </item>
10255 <item>
10256 If the window manager complies with <url
10261 </item>
10263 <item>
10264 If the window manager permits the X session to be
10266 (without killing the X server) in its default
10267 configuration, add 10 points; otherwise add none.
10268 </item>
10269 </list>
10270 That alternative should have a slave alternative
10272 pointing to the corresponding manual page.
10273 </p>
10274 </sect1>
10276 <sect1>
10279 <p>
10280 Packages that provide fonts for the X Window
10281 System<footnote>
10282 For the purposes of Debian Policy, a "font for the X
10283 Window System" is one which is accessed via X protocol
10284 requests. Fonts for the Linux console, for PostScript
10285 renderer, or any other purpose, do not fit this
10286 definition. Any tool which makes such fonts available
10287 to the X Window System, however, must abide by this
10288 font policy.
10289 </footnote>
10290 must do a number of things to ensure that they are both
10291 available without modification of the X or font server
10292 configuration, and that they do not corrupt files used by
10293 other font packages to register information about
10294 themselves.
10295 <enumlist>
10296 <item>
10297 Fonts of any type supported by the X Window System
10298 must be in a separate binary package from any
10299 executables, libraries, or documentation (except
10300 that specific to the fonts shipped, such as their
10301 license information). If one or more of the fonts
10302 so packaged are necessary for proper operation of
10303 the package with which they are associated the font
10304 package may be Recommended; if the fonts merely
10305 provide an enhancement, a Suggests relationship may
10306 be used. Packages must not Depend on font
10307 packages.<footnote>
10308 This is because the X server may retrieve fonts
10309 from the local file system or over the network
10310 from an X font server; the Debian package system
10311 is empowered to deal only with the local
10312 file system.
10313 </footnote>
10314 </item>
10316 <item>
10317 BDF fonts must be converted to PCF fonts with the
10320 placed in a directory that corresponds to their
10321 resolution:
10323 <item>
10324 100 dpi fonts must be placed in
10326 </item>
10328 <item>
10329 75 dpi fonts must be placed in
10331 </item>
10333 <item>
10334 Character-cell fonts, cursor fonts, and other
10335 low-resolution fonts must be placed in
10337 </item>
10338 </list>
10339 </item>
10341 <item>
10342 Type 1 fonts must be placed in
10344 metric files are available, they must be placed here
10345 as well.
10346 </item>
10348 <item>
10350 other than those listed above must be neither
10353 are excepted for historical reasons, but installation of
10354 files into these directories remains discouraged.)
10355 </item>
10357 <item>
10358 Font packages may, instead of placing files directly
10359 in the X font directories listed above, provide
10360 symbolic links in that font directory pointing to
10361 the files' actual location in the filesystem. Such
10362 a location must comply with the FHS.
10363 </item>
10365 <item>
10366 Font packages should not contain both 75dpi and
10367 100dpi versions of a font. If both are available,
10368 they should be provided in separate binary packages
10370 the names of the packages containing the
10371 corresponding fonts.
10372 </item>
10374 <item>
10376 should not be included in the same package as 75dpi
10377 or 100dpi fonts; instead, they should be provided in
10379 its name.
10380 </item>
10382 <item>
10383 Font packages must not provide the files
10386 <list>
10387 <item>
10389 </item>
10391 <item>
10393 files, if needed, should be provided in the
10394 directory
10397 subdirectory of
10399 package's corresponding fonts are stored
10402 that provides these fonts, and
10405 the file contents.
10406 </item>
10407 </list>
10408 </item>
10410 <item>
10411 Font packages must declare a dependency on
10414 </item>
10416 <item>
10417 Font packages that provide one or more
10420 directory into which they installed fonts
10423 This invocation must occur in both the
10427 </item>
10429 <item>
10430 Font packages that provide one or more
10433 directory into which they installed fonts. This
10434 invocation must occur in both the
10438 </item>
10440 <item>
10441 Font packages must invoke
10443 which they installed fonts. This invocation must
10447 </item>
10449 <item>
10450 Font packages must not provide alias names for the
10451 fonts they include which collide with alias names
10452 already in use by fonts already packaged.
10453 </item>
10455 <item>
10456 Font packages must not provide fonts with the same
10457 XLFD registry name as another font already packaged.
10458 </item>
10459 </enumlist>
10460 </p>
10461 </sect1>
10466 <p>
10467 Application defaults files must be installed in the
10470 in the <em>X Toolkit Intrinsics - C Language
10471 Interface</em> manual is also permitted). They must be
10473 configuration files.
10474 </p>
10476 <p>
10477 Customization of programs' X resources may also be
10478 supported with the provision of a file with the same name
10479 as that of the package placed in
10482 configuration file.<footnote>
10483 Note that this mechanism is not the same as using
10484 app-defaults; app-defaults are tied to the client
10485 binary on the local file system, whereas X resources
10486 are stored in the X server and affect all connecting
10487 clients.
10488 </footnote>
10489 </p>
10490 </sect1>
10492 <sect1>
10495 <p>
10496 Historically, packages using the X Window System used a
10497 separate set of installation directories from other packages.
10498 This practice has been discontinued and packages using the X
10499 Window System should now generally be installed in the same
10500 directories as any other package. Specifically, packages must
10503 regarded as obsolete.
10504 </p>
10506 <p>
10507 Include files previously installed under
10510 installed into subdirectories of
10515 </p>
10517 <p>
10518 Configuration files for window, display, or session managers
10519 or other applications that are tightly integrated with the X
10520 Window System may be placed in a subdirectory
10522 Other X Window System applications should use
10525 </p>
10526 </sect1>
10527 </sect>
10532 <p>
10533 Perl programs and modules should follow the current Perl policy.
10534 </p>
10536 <p>
10539 It is also available from the Debian web mirrors at
10542 </p>
10543 </sect>
10548 <p>
10549 Please refer to the "Debian Emacs Policy" for details of how to
10550 package emacs lisp programs.
10551 </p>
10553 <p>
10554 The Emacs policy is available in
10557 It is also available from the Debian web mirrors at
10560 </p>
10561 </sect>
10563 <sect>
10566 <p>
10569 </p>
10571 <p>
10572 Each game decides on its own security policy.</p>
10574 <p>
10575 Games which require protected, privileged access to
10576 high-score files, saved games, etc., may be made
10580 example). They must not be made
10582 an attacker can subvert any set-user-id game they can
10583 overwrite the executable of any other, causing other players
10584 of these games to run a Trojan horse program. With a
10585 set-group-id game the attacker only gets access to less
10586 important game data, and if they can get at the other
10587 players' accounts at all it will take considerably more
10588 effort.)</p>
10590 <p>
10591 Some packages, for example some fortune cookie programs, are
10592 configured by the upstream authors to install with their
10593 data files or other static information made unreadable so
10594 that they can only be accessed through set-id programs
10595 provided. You should not do this in a Debian package: anyone can
10597 so there is no point making the files unreadable. Not
10598 making the files unreadable also means that you don't have
10599 to make so many programs set-id, which reduces the risk of a
10600 security hole.</p>
10602 <p>
10603 As described in the FHS, binaries of games should be
10605 applies to games that use the X Window System. Manual pages
10606 for games (X and non-X games) should be installed in
10608 </sect>
10609 </chapt>
10615 <sect>
10618 <p>
10622 details). You must not install a pre-formatted "cat page".
10623 </p>
10625 <p>
10626 Each program, utility, and function should have an
10627 associated manual page included in the same package. It is
10628 suggested that all configuration files also have a manual
10629 page included as well. Manual pages for protocols and other
10630 auxiliary things are optional.
10631 </p>
10633 <p>
10634 If no manual page is available, this is considered as a bug
10635 and should be reported to the Debian Bug Tracking System (the
10636 maintainer of the package is allowed to write this bug report
10637 themselves, if they so desire). Do not close the bug report
10638 until a proper man page is available.<footnote>
10639 It is not very hard to write a man page. See the
10646 </footnote>
10647 </p>
10649 <p>
10650 You may forward a complaint about a missing man page to the
10651 upstream authors, and mark the bug as forwarded in the
10652 Debian bug tracking system. Even though the GNU Project do
10653 not in general consider the lack of a man page to be a bug,
10654 we do; if they tell you that they don't consider it a bug
10655 you should leave the bug in our bug tracking system open
10656 anyway.
10657 </p>
10659 <p>
10661 </p>
10663 <p>
10664 If one man page needs to be accessible via several names it
10666 feature, but there is no need to fiddle with the relevant
10668 symlinks: don't do it unless it's easy. You should not
10669 create hard links in the manual page directories, nor put
10672 base of the man page tree (usually
10675 in the file system to the alternate names of the man page,
10677 man page under those names based solely on the information in
10678 the man page's header.<footnote>
10680 unreasonable processing time to find a manual page or to
10681 report that none exists, and moves knowledge into man's
10682 database that would be better left in the file system.
10683 This support is therefore deprecated and will cease to
10684 be present in the future.
10685 </footnote>
10686 </p>
10688 <p>
10689 Manual pages in locale-specific subdirectories of
10691 legacy encoding for that language (normally the one corresponding
10692 to the shortest relevant locale name in
10697 use. In future, all manual pages will be required to use
10698 UTF-8.
10699 </footnote>
10700 </p>
10702 <p>
10704 included in the subdirectory name unless it indicates a
10705 significant difference in the language, as this excludes
10706 speakers of the language in other countries.<footnote>
10707 At the time of writing, Chinese and Portuguese are the main
10710 </footnote>
10711 </p>
10713 <p>
10714 If a localized version of a manual page is provided, it should
10715 either be up-to-date or it should be obvious to the reader that
10716 it is outdated and the original manual page should be used
10717 instead. This can be done either by a note at the beginning of
10718 the manual page or by showing the missing or changed portions in
10719 the original language instead of the target language.
10720 </p>
10721 </sect>
10723 <sect>
10726 <p>
10729 </p>
10731 <p>
10734 use of info readers. This file must not be included in packages
10736 </p>
10738 <p>
10740 appropriate using dpkg triggers. Packages other than
10744 for this purpose.
10745 </p>
10747 <p>
10750 </p>
10752 <p>
10753 Info documents should contain section and directory entry
10754 information in the document for the use
10757 space and the section of this info page. The directory entry or
10758 entries should be included between
10761 <example>
10762 INFO-DIR-SECTION Individual utilities
10763 START-INFO-DIR-ENTRY
10764 * example: (example). An example info directory entry.
10765 END-INFO-DIR-ENTRY
10766 </example>
10767 To determine which section to use, you should look
10769 the most relevant (or create a new section if none of the
10770 current sections are relevant).<footnote>
10771 Normally, info documents are generated from Texinfo source.
10772 To include this information in the generated info document, if
10773 it is absent, add commands like:
10774 <example>
10775 @dircategory Individual utilities
10776 @direntry
10777 * example: (example). An example info directory entry.
10778 @end direntry
10779 </example>
10780 to the Texinfo source of the document and ensure that the info
10781 documents are rebuilt from source during the package build.
10782 </footnote>
10783 </p>
10784 </sect>
10789 <p>
10790 Any additional documentation that comes with the package may be
10791 installed at the discretion of the package maintainer. It is
10792 often a good idea to include text information files
10794 source package in the binary package. However, you don't need
10795 to install the instructions for building and installing the
10796 package, of course!
10797 </p>
10799 <p>
10800 Plain text documentation should be compressed with <tt>gzip
10802 </p>
10804 <p>
10805 If a package comes with large amounts of documentation that many
10806 users of the package will not require, you should create a
10807 separate binary package to contain it so that it does not take
10808 up disk space on the machines of users who do not need or want
10809 it installed. As a special case of this rule, shared library
10810 documentation of any appreciable size should always be packaged
10812 or in a separate documentation package, since shared libraries
10813 are frequently installed as dependencies of other packages by
10814 users who have little interest in documentation of the library
10815 itself. The documentation package for the
10819 separate documentation packages for multiple languages).
10820 </p>
10822 <p>
10823 Additional documentation included in the package should be
10825 If the documentation is packaged separately,
10827 either that path or into the documentation directory for the
10828 separate documentation package
10830 example). However, installing the documentation into the
10831 documentation directory of the main package is preferred since
10832 it is independent of the packaging method and will be easier for
10833 users to find.
10834 </p>
10836 <p>
10837 Any separate package providing documentation must still install
10838 standard documentation files in its
10842 </p>
10844 <p>
10845 Packages must not require the existence of any files in
10847 <footnote>
10848 The system administrator should be able to delete files
10850 to break.
10851 </footnote>. Any files that are used or read by programs but
10852 are also useful as stand alone documentation should be installed
10853 elsewhere, such as
10855 included via symbolic links
10857 </p>
10859 <p>
10862 the two packages both come from the same source and the
10863 first package Depends on the second.<footnote>
10864 <p>
10865 Please note that this does not override the section on
10866 changelog files below, so the file
10868 must refer to the changelog for the current version of
10870 that the sources of the target and the destination of the
10871 symlink must be the same (same source package and
10872 version).
10873 </p>
10874 </footnote>
10875 </p>
10876 </sect>
10878 <sect>
10881 <p>
10882 The unification of Debian documentation is being carried out
10883 via HTML.</p>
10885 <p>
10886 If the package comes with extensive documentation in a
10887 markup format that can be converted to various other formats
10888 you should if possible ship HTML versions in a binary
10889 package.<footnote>
10890 Rationale: The important thing here is that HTML
10892 binary package.
10893 </footnote>
10894 The documentation must be installed as specified in
10896 </p>
10898 <p>
10899 Other formats such as PostScript may be provided at the
10900 package maintainer's discretion.
10901 </p>
10902 </sect>
10907 <p>
10908 Every package must be accompanied by a verbatim copy of its
10909 copyright information and distribution license in the file
10911 file must neither be compressed nor be a symbolic link.
10912 </p>
10914 <p>
10915 In addition, the copyright file must say where the upstream
10916 sources (if any) were obtained, and should name the original
10917 authors.
10918 </p>
10920 <p>
10922 areas should state in the copyright file that the package is not
10923 part of the Debian distribution and briefly explain why.
10924 </p>
10926 <p>
10927 A copy of the file which will be installed in
10930 </p>
10932 <p>
10935 the two packages both come from the same source and the
10936 first package Depends on the second. These rules are important
10938 mechanical means.
10939 </p>
10941 <p>
10942 Packages distributed under the Apache license (version 2.0), the
10946 to the corresponding files under
10948 <p>
10949 In particular,
10962 respectively. The University of California BSD license is
10965 brevity of this license, its specificity to code whose
10966 copyright is held by the Regents of the University of
10967 California, and the frequency of minor wording changes, its
10968 text should be included in the copyright file rather than
10969 referencing this file.
10970 </p>
10971 </footnote> rather than quoting them in the copyright
10972 file.
10973 </p>
10975 <p>
10977 file. If your package has such a file it should be
10980 </p>
10982 <p>
10983 All copyright files must be encoded in UTF-8.
10984 </p>
10989 <p>
10990 A specification for a standard, machine-readable format
10995 also available from the Debian web mirrors at
10998 </p>
11000 <p>
11001 Use of this format is optional.
11002 </p>
11003 </sect1>
11004 </sect>
11006 <sect>
11009 <p>
11010 Any examples (configurations, source files, whatever),
11011 should be installed in a directory
11013 files should not be referenced by any program: they're there
11014 for the benefit of the system administrator and users as
11015 documentation only. Architecture-specific example files
11016 should be installed in a directory
11018 links to them from
11020 latter directory itself may be a symbolic link to the
11021 former.
11022 </p>
11024 <p>
11025 If the purpose of a package is to provide examples, then the
11026 example files may be installed into
11028 </p>
11029 </sect>
11034 <p>
11035 Packages that are not Debian-native must contain a
11037 the Debian source tree in
11040 </p>
11042 <p>
11043 If an upstream changelog is available, it should be accessible as
11045 plain text. If the upstream changelog is distributed in
11046 HTML, it should be made available in that form as
11050 the upstream changelog files do not already conform to this
11051 naming convention, then this may be achieved either by
11052 renaming the files, or by adding a symbolic link, at the
11053 maintainer's discretion.<footnote>
11054 Rationale: People should not have to look in places for
11055 upstream changelogs merely because they are given
11056 different names or are distributed in HTML format.
11057 </footnote>
11058 </p>
11060 <p>
11061 All of these files should be installed compressed using
11063 if they start out small.
11064 </p>
11066 <p>
11067 If the package has only one changelog which is used both as
11068 the Debian changelog and the upstream one because there is
11069 no separate upstream maintainer then that changelog should
11070 usually be installed as
11072 there is a separate upstream maintainer, but no upstream
11073 changelog, then the Debian changelog should still be called
11075 </p>
11077 <p>
11078 For details about the format and contents of the Debian
11080 </p>
11081 </sect>
11082 </chapt>
11087 <p>
11088 These appendices are taken essentially verbatim from the
11089 now-deprecated Packaging Manual, version 3.2.1.0. They are
11090 the chapters which are likely to be of use to package
11091 maintainers and which have not already been included in the
11092 policy document itself. Most of these sections are very likely
11093 not relevant to policy; they should be treated as
11094 documentation for the packaging system. Please note that these
11095 appendices are included for convenience, and for historical
11096 reasons: they used to be part of policy package, and they have
11097 not yet been incorporated into dpkg documentation. However,
11098 they still have value, and hence they are presented here.
11099 </p>
11101 <p>
11102 They have not yet been checked to ensure that they are
11103 compatible with the contents of policy, and if there are any
11104 contradictions, the version in the main policy document takes
11105 precedence. The remaining chapters of the old Packaging
11106 Manual have also not been read in detail to ensure that there
11107 are not parts which have been left out. Both of these will be
11108 done in due course.
11109 </p>
11111 <p>
11112 Certain parts of the Packaging manual were integrated into the
11113 Policy Manual proper, and removed from the appendices. Links
11114 have been placed from the old locations to the new ones.
11115 </p>
11117 <p>
11119 package files and installing and removing them on Unix
11120 systems.<footnote>
11122 work on or be ported to other systems.
11123 </footnote>
11124 </p>
11126 <p>
11127 The binary packages are designed for the management of
11128 installed executable programs (usually compiled binaries) and
11129 their associated data, though source code examples and
11130 documentation are provided as part of some packages.</p>
11132 <p>
11133 This manual describes the technical aspects of creating Debian
11135 behavior of the package management programs
11137 they interact with packages.</p>
11139 <p>
11140 This manual does not go into detail about the options and
11141 usage of the package building and installation tools. It
11142 should therefore be read in conjunction with those programs'
11143 man pages.
11144 </p>
11146 <p>
11148 not described in detail here, are documented in their man pages.
11149 </p>
11151 <p>
11152 It is assumed that the reader is reasonably familiar with the
11154 Unfortunately this manual does not yet exist.
11155 </p>
11157 <p>
11158 The Debian version of the FSF's GNU hello program is provided as
11159 an example for people wishing to create Debian packages. However,
11160 while the examples are helpful, they do not replace the need to
11161 read and follow the Policy and Programmer's Manual.</p>
11162 </appendix>
11167 <p>
11169 </p>
11173 </heading>
11175 <p>
11176 All manipulation of binary package files is done by
11180 will spot that the options requested are appropriate to
11182 arguments.)
11183 </p>
11185 <p>
11186 In order to create a binary package, you must make a directory
11187 tree which contains all the files and directories you want to
11188 have in the file system data part of the package. In
11189 Debian-format source packages, this directory is usually
11192 the package's source tree.
11193 </p>
11195 <p>
11196 They should have the locations (relative to the root of the
11197 directory tree you're constructing) ownerships and
11198 permissions which you want them to have on the system when
11199 they are installed.
11200 </p>
11202 <p>
11204 and gid/groupname mappings for the users and groups being
11205 used should be the same on the system where the package is
11206 built and the one where it is installed.
11207 </p>
11209 <p>
11210 You need to add one special directory to the root of the
11211 miniature file system tree you're creating:
11213 information files, notably the binary package control file
11215 </p>
11217 <p>
11219 file system archive of the package, and so won't be installed
11221 </p>
11223 <p>
11224 When you've prepared the package, you should invoke:
11225 <example>
11227 </example>
11228 </p>
11230 <p>
11231 This will build the package in
11235 build the package.)
11236 </p>
11238 <p>
11240 to examine the contents of this newly-created file. You may find the
11241 output of following commands enlightening:
11242 <example>
11246 </example>
11247 To view the copyright file for a package you could use this command:
11248 <example>
11250 </example>
11251 </p>
11252 </sect>
11257 <p>
11258 The control information portion of a binary package is a
11260 It will treat the contents of these files specially - some
11262 installing or removing the package; others are scripts which
11264 </p>
11266 <p>
11267 It is possible to put other files in the package control
11268 information file area, but this is not generally a good idea
11269 (though they will largely be ignored).
11270 </p>
11272 <p>
11273 Here is a brief list of the control information files supported
11275 </p>
11277 <p>
11278 <taglist>
11280 <item>
11281 <p>
11282 This is the key description file used by
11284 and version, gives its description for the user,
11285 states its relationships with other packages, and so
11288 </p>
11290 <p>
11291 It is usually generated automatically from information
11292 in the source package by the
11296 </p>
11297 </item>
11301 </tag>
11302 <item>
11303 <p>
11304 These are executable files (usually scripts) which
11306 and removal of packages. They allow the package to
11307 deal with matters which are particular to that package
11308 or require more complicated processing than that
11311 </p>
11313 <p>
11314 It is very important to make these scripts idempotent.
11316 </p>
11318 <p>
11319 The maintainer scripts are not guaranteed to run with a
11320 controlling terminal and may not be able to interact with
11322 </p>
11323 </item>
11326 </tag>
11327 <item>
11328 This file contains a list of configuration files which
11331 every configuration file should be listed here.
11332 </item>
11335 </tag>
11336 <item>
11337 This file contains a list of the shared libraries
11338 supplied by the package, with dependency details for
11340 when it determines what dependencies are required in a
11343 </item>
11344 </taglist>
11345 </p>
11350 <p>
11351 The most important control information file used by
11354 statistics".
11355 </p>
11357 <p>
11358 The binary package control files of packages built from
11359 Debian sources are made by a special tool,
11363 more details.
11364 </p>
11366 <p>
11367 The fields in binary package control files are listed in
11369 </p>
11371 <p>
11372 A description of the syntax of control files and the purpose
11374 </p>
11375 </sect>
11377 <sect>
11380 <p>
11382 </p>
11383 </sect>
11384 </appendix>
11389 <p>
11390 The Debian binary packages in the distribution are generated
11391 from Debian sources, which are in a special format to assist
11392 the easy and automatic building of binaries.
11393 </p>
11398 <p>
11399 Various tools are provided for manipulating source packages;
11400 they pack and unpack sources and help build of binary
11401 packages and help manage the distribution of new versions.
11402 </p>
11404 <p>
11405 They are introduced and typical uses described here; see
11407 documentation about their arguments and operation.
11408 </p>
11410 <p>
11411 For examples of how to construct a Debian source package,
11412 and how to use those utilities that are used by Debian
11414 package.
11415 </p>
11418 <heading>
11420 packages
11421 </heading>
11423 <p>
11424 This program is frequently used by hand, and is also
11425 called from package-independent automated building scripts
11427 </p>
11429 <p>
11430 To unpack a package it is typically invoked with
11431 <example>
11433 </example>
11434 </p>
11436 <p>
11439 the same directory. It unpacks into
11441 applicable
11443 the current directory.
11444 </p>
11446 <p>
11447 To create a packed source archive it is typically invoked:
11448 <example>
11450 </example>
11451 </p>
11453 <p>
11457 source tree first - this must be done separately if it is
11458 required.
11459 </p>
11461 <p>
11463 </sect1>
11467 <heading>
11469 control script
11470 </heading>
11472 <p>
11474 </p>
11475 </sect1>
11478 <heading>
11480 control files
11481 </heading>
11483 <p>
11486 tree.
11487 </p>
11489 <p>
11490 This is usually done just before the files and directories in the
11491 temporary directory tree where the package is being built have their
11492 permissions and ownerships set and the package is constructed using
11494 <footnote>
11495 This is so that the control file which is produced has
11496 the right permissions
11497 </footnote>.
11498 </p>
11500 <p>
11502 files which are to go into the package have been placed in
11503 the temporary build directory, so that its calculation of
11504 the installed size of a package is correct.
11505 </p>
11507 <p>
11510 variable substitutions created by
11512 are available.
11513 </p>
11515 <p>
11516 For a package which generates only one binary package, and
11518 of the source package, it is usually sufficient to call
11520 </p>
11522 <p>
11523 Sources which build several binaries will typically need
11524 something like:
11525 <example>
11530 tells it which package's control file should be generated.
11531 </p>
11533 <p>
11536 (for example) a future invocation of
11538 </sect1>
11541 <heading>
11543 dependencies
11544 </heading>
11546 <p>
11548 </p>
11549 </sect1>
11552 <heading>
11555 </heading>
11557 <p>
11558 Some packages' uploads need to include files other than
11559 the source and binary package files.
11560 </p>
11562 <p>
11567 </p>
11569 <p>
11572 <example>
11574 </example>
11577 is usually the directory above the top level of the source
11579 file there just before or just after calling
11581 </p>
11583 <p>
11586 </p>
11587 </sect1>
11591 <heading>
11593 upload control file
11594 </heading>
11596 <p>
11598 </p>
11599 </sect1>
11602 <heading>
11604 representation of a changelog
11605 </heading>
11607 <p>
11609 </p>
11610 </sect1>
11613 <heading>
11615 host system
11616 </heading>
11618 <p>
11620 </p>
11621 </sect1>
11622 </sect>
11627 <p>
11628 The source archive scheme described later is intended to
11629 allow a Debian package source tree with some associated
11630 control information to be reproduced and transported easily.
11631 The Debian package source tree is a version of the original
11632 program with certain files added for the benefit of the
11633 packaging process, and with any other changes required
11634 made to the rest of the source code and installation
11635 scripts.
11636 </p>
11638 <p>
11639 The extra files created for Debian are in the subdirectory
11641 source tree. They are described below.
11642 </p>
11647 <p>
11649 </p>
11650 </sect1>
11655 <p>
11657 </p>
11659 </sect1>
11661 <sect1>
11664 <p>
11666 </p>
11667 </sect1>
11670 </heading>
11672 <p>
11673 This is the default temporary location for the construction of
11676 system tree as it is being constructed (for example, by using
11677 the package's upstream makefiles install targets and
11678 redirecting the output there), and it also contains
11681 </p>
11683 <p>
11684 This is only a default and can be easily overridden. Most
11687 case of a source package building only one binary package.
11689 temporary staging area for built files and do not construct
11690 packages from it.
11691 </p>
11693 <p>
11694 If several binary packages are generated from the same source
11695 tree, it is usual to use a separate
11697 package as the temporary construction locations.
11698 </p>
11700 <p>
11701 Whatever temporary directories are created and used by the
11704 </p>
11705 </sect1>
11706 </sect>
11710 </heading>
11712 <p>
11713 As it exists on the FTP site, a Debian source package
11714 consists of three related files. You must have the right
11715 versions of all three to be able to use them.
11716 </p>
11718 <p>
11719 <taglist>
11721 <item>
11723 to extract a source package.
11725 </item>
11727 <tag>
11728 Original source archive -
11729 <file>
11731 </file>
11732 </tag>
11734 <item>
11735 <p>
11738 the upstream authors of the program.
11739 </p>
11740 </item>
11742 <tag>
11743 Debian package diff -
11744 <file>
11746 </file>
11747 </tag>
11748 <item>
11750 <p>
11752 giving the changes which are required to turn the
11753 original source into the Debian source. These changes
11754 may only include editing and creating plain files.
11755 The permissions of files, the targets of symbolic
11756 links and the characteristics of special files or
11757 pipes may not be changed and no files may be removed
11758 or renamed.
11759 </p>
11761 <p>
11762 All the directories in the diff must exist, except the
11764 tree, which will be created by
11766 </p>
11768 <p>
11771 executable (see below).</p></item>
11772 </taglist>
11773 </p>
11775 <p>
11776 If there is no original source code - for example, if the
11777 package is specially prepared for Debian or the Debian
11778 maintainer is the same as the upstream maintainer - the
11779 format is slightly different: then there is no diff, and the
11780 tarfile is named
11782 and preferably contains a directory named
11784 </p>
11785 </sect>
11787 <sect>
11790 <p>
11792 Debian source package. However, if it is not available it
11793 is possible to unpack a Debian source archive as follows:
11795 <item>
11796 <p>
11798 directory.</p>
11799 </item>
11800 <item>
11803 </item>
11804 <item>
11805 <p>
11807 the source tree.</p>
11808 </item>
11810 </item>
11811 <item><p>Untar the tarfile again if you want a copy of the original
11812 source code alongside the Debian version.</p>
11813 </item>
11814 </enumlist>
11816 <p>
11817 It is not possible to generate a valid Debian source archive
11821 </p>
11823 <sect1>
11826 <p>
11827 The source package may not contain any hard links
11828 <footnote>
11829 This is not currently detected when building source
11830 packages, but only when extracting
11831 them.
11832 </footnote>
11833 <footnote>
11834 Hard links may be permitted at some point in the
11835 future, but would require a fair amount of
11836 work.
11837 </footnote>, device special files, sockets or setuid or
11838 setgid files.
11839 <footnote>
11840 Setgid directories are allowed.
11841 </footnote>
11842 </p>
11844 <p>
11845 The source packaging tools manage the changes between the
11849 package source must not involve any changes which cannot be
11850 handled by these tools. Problematic changes which cause
11852 building the source package are:
11855 </item>
11857 </item>
11859 </item>
11862 print a warning but continue anyway are:
11864 <item>
11865 <p>
11866 Removing files, directories or symlinks.
11867 <footnote>
11868 Renaming a file is not treated specially - it is
11869 seen as the removal of the old file (which
11870 generates a warning, but is otherwise ignored),
11871 and the creation of the new one.
11872 </footnote>
11873 </p>
11874 </item>
11875 <item>
11876 <p>
11877 Changed text files which are missing the usual final
11878 newline (either in the original or the modified
11879 source tree).
11880 </p>
11881 </item>
11882 </list>
11883 Changes which are not represented, but which are not detected by
11886 <item><p>Changing the permissions of files (other than
11888 </list>
11889 </p>
11891 <p>
11895 directory, and afterwards it will make
11897 </p>
11898 </sect1>
11899 </sect>
11900 </appendix>
11905 <p>
11907 data in a common format, known as control files. Binary and
11909 files which control the installation of uploaded files, and
11911 format.
11912 </p>
11914 <sect>
11917 <p>
11919 </p>
11921 <p>
11922 It is important to note that there are several fields which
11924 tools are concerned, but which must appear in every Debian
11925 package, or whose omission may cause problems.
11926 </p>
11927 </sect>
11929 <sect>
11932 <p>
11934 </p>
11936 <p>
11937 This section now contains only the fields that didn't belong
11938 to the Policy manual.
11939 </p>
11944 <p>
11946 filename(s) of (the parts of) a package in the
11947 distribution directories, relative to the root of the
11948 Debian hierarchy. If the package has been split into
11949 several parts the parts are all listed in order, separated
11950 by spaces.
11951 </p>
11952 </sect1>
11957 <p>
11959 bytes, expressed in decimal) and MD5 checksum of the
11960 file(s) which make(s) up a binary package in the
11961 distribution. If the package is split into several parts
11962 the values for the parts are listed in order, separated by
11963 spaces.
11964 </p>
11965 </sect1>
11970 <p>
11972 whether the user wants a package installed, removed or
11973 left alone, whether it is broken (requiring
11974 re-installation) or not and what its current state on the
11975 system is. Each of these pieces of information is a
11976 single word.
11977 </p>
11978 </sect1>
11983 <p>
11984 If a package is not installed or not configured, this
11986 version of the package which was successfully
11987 configured.
11988 </p>
11989 </sect1>
11994 <p>
11996 information about the automatically-managed configuration
11998 appear anywhere in a package!
11999 </p>
12000 </sect1>
12002 <sect1>
12005 <p>
12007 not appear anywhere any more.
12014 <item>
12015 The Debian revision part of the package version was
12016 at one point in a separate control field. This
12017 field went through several names.
12018 </item>
12029 </taglist>
12030 </p>
12031 </sect1>
12032 </sect>
12034 </appendix>
12039 <p>
12041 handling of package configuration files.
12042 </p>
12044 <p>
12045 Whether this mechanism is appropriate depends on a number of
12046 factors, but basically there are two approaches to any
12047 particular configuration file.
12048 </p>
12050 <p>
12051 The easy method is to ship a best-effort configuration in the
12053 handle updates. If the user is unlikely to want to edit the
12054 file, but you need them to be able to without losing their
12055 changes, and a new package with a changed version of the file
12056 is only released infrequently, this is a good approach.
12057 </p>
12059 <p>
12060 The hard method is to build the configuration file from
12062 responsibility for fixing any mistakes made in earlier
12063 versions of the package automatically. This will be
12064 appropriate if the file is likely to need to be different on
12065 each system.
12066 </p>
12068 <sect><heading>Automatic handling of configuration files by
12070 </heading>
12072 <p>
12073 A package may contain a control information file called
12075 of configuration files needing automatic handling, separated
12076 by newlines. The filenames should be absolute pathnames,
12077 and the files referred to should actually exist in the
12078 package.
12079 </p>
12081 <p>
12083 the configuration files during the configuration stage,
12085 script,
12086 </p>
12088 <p>
12089 For each file it checks to see whether the version of the
12090 file included in the package is the same as the one that was
12091 included in the last version of the package (the one that is
12092 being upgraded from); it also compares the version currently
12093 installed on the system with the one shipped with the last
12094 version.
12095 </p>
12097 <p>
12098 If neither the user nor the package maintainer has changed
12099 the file, it is left alone. If one or the other has changed
12100 their version, then the changed version is preferred - i.e.,
12101 if the user edits their file, but the package maintainer
12102 doesn't ship a different version, the user's changes will
12103 stay, silently, but if the maintainer ships a new version
12104 and the user hasn't edited it the new version will be
12105 installed (with an informative message). If both have
12106 changed their version the user is prompted about the problem
12107 and must resolve the differences themselves.
12108 </p>
12110 <p>
12111 The comparisons are done by calculating the MD5 message
12112 digests of the files, and storing the MD5 of the file as it
12113 was included in the most recent version of the package.
12114 </p>
12116 <p>
12117 When a package is installed for the first time
12119 unless that would mean overwriting a file already on the
12120 file system.
12121 </p>
12123 <p>
12125 replace a conffile that was removed by the user (or by a
12126 script). This is necessary because with some programs a
12127 missing file produces an effect hard or impossible to
12128 achieve in another way, so that a missing file needs to be
12129 kept that way if the user did it.
12130 </p>
12132 <p>
12136 the user confusing and possibly dangerous options for
12137 conffile update when the package is upgraded.</p>
12138 </sect>
12140 <sect><heading>Fully-featured maintainer script configuration
12141 handling
12142 </heading>
12144 <p>
12145 For files which contain site-specific information such as
12146 the hostname and networking details and so forth, it is
12147 better to create the file in the package's
12149 </p>
12151 <p>
12152 This will typically involve examining the state of the rest
12153 of the system to determine values and other information, and
12154 may involve prompting the user for some information which
12155 can't be obtained some other way.
12156 </p>
12158 <p>
12159 When using this method there are a couple of important
12160 issues which should be considered:
12161 </p>
12163 <p>
12164 If you discover a bug in the program which generates the
12165 configuration file, or if the format of the file changes
12166 from one version to the next, you will have to arrange for
12167 the postinst script to do something sensible - usually this
12168 will mean editing the installed configuration file to remove
12169 the problem or change the syntax. You will have to do this
12170 very carefully, since the user may have changed the file,
12171 perhaps to fix the very problem that your script is trying
12172 to deal with - you will have to detect these situations and
12173 deal with them correctly.
12174 </p>
12176 <p>
12177 If you do go down this route it's probably a good idea to
12178 make the program that generates the configuration file(s) a
12181 appropriate from the post-installation script. The
12183 unquestioningly overwrite an existing configuration - if its
12184 mode of operation is geared towards setting up a package for
12185 the first time (rather than any arbitrary reconfiguration
12186 later) you should have it check whether the configuration
12188 overwrite it.</p></sect>
12189 </appendix>
12193 Packaging Manual)
12194 </heading>
12196 <p>
12197 When several packages all provide different versions of the
12198 same program or file it is useful to have the system select a
12199 default, but to allow the system administrator to change it
12200 and have their decisions respected.
12201 </p>
12203 <p>
12205 editor, and there is no reason to prevent all of them from
12206 being installed at once, each under their own name
12209 refer to something, at least by default.
12210 </p>
12212 <p>
12213 If all the packages involved cooperate, this can be done with
12215 </p>
12217 <p>
12218 Each package provides its own version under its own name, and
12220 register its version (and again in its prerm to deregister
12221 it).
12222 </p>
12224 <p>
12227 </p>
12229 <p>
12231 you may wish to consider using diversions instead.</p>
12232 </appendix>
12235 package's version of a file (from old Packaging Manual)
12236 </heading>
12238 <p>
12240 when it reinstalls the package it belongs to, and to have it
12241 put the file from the package somewhere else instead.
12242 </p>
12244 <p>
12245 This can be used locally to override a package's version of a
12246 file, or by one package to override another's version (or
12247 provide a wrapper for it).
12248 </p>
12250 <p>
12251 Before deciding to use a diversion, read <ref
12253 rather than several alternative versions of a program.
12254 </p>
12256 <p>
12260 details of its operation.
12261 </p>
12263 <p>
12264 When a package wishes to divert a file from another, it should
12266 diversion and rename the existing file. For example,
12269 <example>
12270 dpkg-divert --package smailwrapper --add --rename \
12271 --divert /usr/sbin/smail.real /usr/sbin/smail
12274 can bypass the diversion and get installed as the true version.
12275 It's safe to add the diversion unconditionally on upgrades since
12276 it will be left unchanged if it already exists, but
12278 message, make the command conditional on the version from which
12279 the package is being upgraded:
12280 <example>
12282 dpkg-divert --package smailwrapper --add --rename \
12283 --divert /usr/sbin/smail.real /usr/sbin/smail
12284 fi
12286 diversion was first added to the package. Running the command
12287 during abort-upgrade is pointless but harmless.
12288 </p>
12290 <p>
12291 The postrm has to do the reverse:
12292 <example>
12294 dpkg-divert --package smailwrapper --remove --rename \
12295 --divert /usr/sbin/smail.real /usr/sbin/smail
12296 fi
12297 </example> If the diversion was added at a particular version, the
12298 postrm should also handle the failure case of upgrading from an
12299 older version (unless the older version is so old that direct
12300 upgrades are no longer supported):
12301 <example>
12303 dpkg-divert --package smailwrapper --remove --rename \
12304 --divert /usr/sbin/smail.real /usr/sbin/smail
12305 fi
12307 diversion was first added to the package. The postrm should not
12308 remove the diversion on upgrades both because there's no reason to
12309 remove the diversion only to immediately re-add it and since the
12310 postrm of the old package is run after unpacking so the removal of
12311 the diversion will fail.
12312 </p>
12314 <p>
12315 Do not attempt to divert a file which is vitally important for
12317 there is a time, after it has been diverted but before
12319 does not exist.</p>
12321 <p>
12323 handle it well.
12324 </p>
12325 </appendix>
12327 </book>
12328 </debiandoc>
12329 <!-- Local variables: -->
12330 <!-- indent-tabs-mode: t -->
12331 <!-- End: -->
12332 <!-- vim:set ai sts=2 sw=2 tw=76: -->