| blob | 0721f3632e5577e3d1c25bdac5d8f102eed09340 |
1 <!doctype debiandoc system [
2 <!-- include version information so we don't have to hard code it
3 within the document -->
5 <!-- current Debian changes file format -->
7 ]>
8 <debiandoc>
10 <book>
11 <titlepag>
16 <abstract>
17 This manual describes the policy requirements for the Debian
18 distribution. This includes the structure and
19 contents of the Debian archive and several design issues of
20 the operating system, as well as technical requirements that
21 each package must satisfy to be included in the distribution.
22 </abstract>
24 <copyright>
25 <copyrightsummary>
27 and Christian Schwarz.
28 </copyrightsummary>
29 <p>
30 These are the copyright dates of the original Policy manual.
31 Since then, this manual has been updated by many others. No
32 comprehensive collection of copyright notices for subsequent
33 work exists.
34 </p>
36 <p>
37 This manual is free software; you may redistribute it and/or
38 modify it under the terms of the GNU General Public License
39 as published by the Free Software Foundation; either version
40 2, or (at your option) any later version.
41 </p>
43 <p>
44 This is distributed in the hope that it will be useful, but
46 warranty of merchantability or fitness for a particular
47 purpose. See the GNU General Public License for more
48 details.
49 </p>
51 <p>
52 A copy of the GNU General Public License is available as
54 distribution or on the World Wide Web at
57 obtain it by writing to the Free Software Foundation, Inc.,
59 </p>
60 </copyright>
61 </titlepag>
67 <sect>
69 <p>
70 This manual describes the policy requirements for the Debian
71 distribution. This includes the structure and
72 contents of the Debian archive and several design issues of the
73 operating system, as well as technical requirements that
74 each package must satisfy to be included in the
75 distribution.
76 </p>
78 <p>
79 This manual also describes Debian policy as it relates to
80 creating Debian packages. It is not a tutorial on how to build
81 packages, nor is it exhaustive where it comes to describing
82 the behavior of the packaging system. Instead, this manual
83 attempts to define the interface to the package management
84 system that the developers have to be conversant with.<footnote>
85 Informally, the criteria used for inclusion is that the
86 material meet one of the following requirements:
89 <item>
90 The material presented represents an interface to
91 the packaging system that is mandated for use, and
92 is used by, a significant number of packages, and
93 therefore should not be changed without peer
94 review. Package maintainers can then rely on this
95 interface not changing, and the package management
96 software authors need to ensure compatibility with
97 this interface definition. (Control file and
98 changelog file formats are examples.)
99 </item>
101 <item>
102 If there are a number of technically viable choices
103 that can be made, but one needs to select one of
104 these options for inter-operability. The version
105 number format is one example.
106 </item>
107 </taglist>
108 Please note that these are not mutually exclusive;
109 selected conventions often become parts of standard
110 interfaces.
111 </footnote>
112 </p>
114 <p>
115 The footnotes present in this manual are
116 merely informative, and are not part of Debian policy itself.
117 </p>
119 <p>
120 The appendices to this manual are not necessarily normative,
122 </p>
124 <p>
125 In the normative part of this manual,
129 distinguish the significance of the various guidelines in
130 this policy document. Packages that do not conform to the
132 will generally not be considered acceptable for the Debian
133 distribution. Non-conformance with guidelines denoted by
135 considered a bug, but will not necessarily render a package
136 unsuitable for distribution. Guidelines denoted by
138 adherence is left to the maintainer's discretion.
139 </p>
141 <p>
142 These classifications are roughly equivalent to the bug
148 items).
149 <footnote>
150 Compare RFC 2119. Note, however, that these words are
151 used in a different way in this document.
152 </footnote>
153 </p>
155 <p>
156 Much of the information presented in this manual will be
157 useful even when building a package which is to be
158 distributed in some other way or is intended for local use
159 only.
160 </p>
162 <p>
163 udebs (stripped-down binary packages used by the Debian Installer) do
164 not comply with all of the requirements discussed here. See the
167 information about them.
168 </p>
169 </sect>
171 <sect>
174 <p>
175 This manual is distributed via the Debian package
180 </p>
182 <p>
183 The current version of this document is also available from
184 the Debian web mirrors at
187 (
190 Also available from the same directory are several other
197 </p>
199 <p>
202 changes between versions of this document.
203 </p>
204 </sect>
209 <p>
210 Originally called "Debian GNU/Linux Policy Manual", this
211 manual was initially written in 1996 by Ian Jackson.
214 and reworked/restructured it in April-July 1997.
215 Christoph Lameter contributed the "Web Standard".
216 Julian Gilbey largely restructured it in 2001.
217 </p>
219 <p>
220 Since September 1998, the responsibility for the contents of
223 are discussed there and inserted into policy after a certain
224 consensus is established.
225 <!-- insert shameless policy-process plug here eventually -->
226 The actual editing is done by a group of maintainers that have
227 no editorial powers. These are the current maintainers:
229 <enumlist>
234 </enumlist>
235 </p>
237 <p>
238 While the authors of this document have tried hard to avoid
239 typos and other errors, these do still occur. If you discover
240 an error in this manual or if you want to give any
241 comments, suggestions, or criticisms please send an email to
242 the Debian Policy List,
245 </p>
247 <p>
248 Please do not try to reach the individual authors or maintainers
249 of the Policy Manual regarding changes to the Policy.
250 </p>
251 </sect>
256 <p>
257 There are several other documents other than this Policy Manual
258 that are necessary to fully understand some Debian policies and
259 procedures.
260 </p>
262 <p>
263 The external "sub-policy" documents are referred to in:
271 </list>
272 </p>
274 <p>
275 In addition to those, which carry the weight of policy, there
276 is the Debian Developer's Reference. This document describes
277 procedures and resources for Debian developers, but it is
279 belong in the Policy, such as best practices for developers.
280 </p>
282 <p>
283 The Developer's Reference is available in the
285 It's also available from the Debian web mirrors at
288 </p>
290 <p>
292 machine-readable copyright files</qref> is maintained as part of
294 procedure as the other policy documents. Use of this format is
295 optional.
296 </p>
297 </sect>
302 <p>
303 The following terms are used in this Policy Manual:
304 <taglist>
306 <item>
307 The character encoding specified by ANSI X3.4-1986 and its
308 predecessor standards, referred to in MIME as US-ASCII, and
309 corresponding to an encoding in eight bits per character of
312 </item>
314 <item>
315 The transformation format (sometimes called encoding) of
319 ASCII as a subset, so any text encoded in ASCII is trivially
320 also valid UTF-8.
321 </item>
322 </taglist>
323 </p>
324 </sect>
325 </chapt>
331 <p>
332 The Debian system is maintained and distributed as a
334 them (currently well over 15000), they are split into
336 the handling of them.
337 </p>
339 <p>
340 The effort of the Debian project is to build a free operating
341 system, but not every package we want to make accessible is
343 Guidelines, below), or may be imported/exported without
344 restrictions. Thus, the archive is split into areas<footnote>
345 The Debian archive software uses the term "component" internally
346 and in the Release file format to refer to the division of an
347 archive. The Debian Social Contract simply refers to "areas."
348 This document uses terminology similar to the Social Contract.
349 </footnote> based on their licenses and other restrictions.
350 </p>
352 <p>
353 The aims of this are:
357 <item>to allow us to encourage everyone to write free software,
358 and</item>
359 <item>to allow us to make it easy for people to produce
360 CD-ROMs of our system without violating any licenses,
361 import/export restrictions, or any other laws.</item>
362 </list>
363 </p>
365 <p>
367 </p>
369 <p>
372 distribution, although we support their use and provide
373 infrastructure for them (such as our bug-tracking system and
374 mailing lists). This Debian Policy Manual applies to these
375 packages as well.
376 </p>
380 <p>
381 The Debian Free Software Guidelines (DFSG) form our
382 definition of "free software". These are:
383 <taglist>
385 </tag>
386 <item>
387 The license of a Debian component may not restrict any
388 party from selling or giving away the software as a
389 component of an aggregate software distribution
390 containing programs from several different
391 sources. The license may not require a royalty or
392 other fee for such sale.
393 </item>
395 </tag>
396 <item>
397 The program must include source code, and must allow
398 distribution in source code as well as compiled form.
399 </item>
401 </tag>
402 <item>
403 The license must allow modifications and derived
404 works, and must allow them to be distributed under the
405 same terms as the license of the original software.
406 </item>
408 </tag>
409 <item>
410 The license may restrict source-code from being
412 license allows the distribution of "patch files"
413 with the source code for the purpose of modifying the
414 program at build time. The license must explicitly
415 permit distribution of software built from modified
416 source code. The license may require derived works to
417 carry a different name or version number from the
418 original software. (This is a compromise. The Debian
419 Project encourages all authors to not restrict any
420 files, source or binary, from being modified.)
421 </item>
423 </tag>
424 <item>
425 The license must not discriminate against any person
426 or group of persons.
427 </item>
429 </tag>
430 <item>
431 The license must not restrict anyone from making use
432 of the program in a specific field of endeavor. For
433 example, it may not restrict the program from being
434 used in a business, or from being used for genetic
435 research.
436 </item>
438 </tag>
439 <item>
440 The rights attached to the program must apply to all
441 to whom the program is redistributed without the need
442 for execution of an additional license by those
443 parties.
444 </item>
446 </tag>
447 <item>
448 The rights attached to the program must not depend on
449 the program's being part of a Debian system. If the
450 program is extracted from Debian and used or
451 distributed without Debian but otherwise within the
452 terms of the program's license, all parties to whom
453 the program is redistributed must have the same
454 rights as those that are granted in conjunction with
455 the Debian system.
456 </item>
458 </tag>
459 <item>
460 The license must not place restrictions on other
461 software that is distributed along with the licensed
462 software. For example, the license must not insist
463 that all other programs distributed on the same medium
464 must be free software.
465 </item>
467 </tag>
468 <item>
471 </item>
472 </taglist>
473 </p>
474 </sect>
482 <p>
484 distribution. Only the packages in this area are considered
485 part of the distribution. None of the packages in
487 that area to function. Anyone may use, share, modify and
488 redistribute the packages in this archive area
489 freely<footnote>
492 more about what we mean by free software.
493 </footnote>.
494 </p>
496 <p>
498 (Debian Free Software Guidelines).
499 </p>
501 <p>
504 <item>
505 must not require or recommend a package outside
510 </item>
511 <item>
512 must not be so buggy that we refuse to support them,
513 and
514 </item>
515 <item>
516 must meet all policy requirements presented in this
517 manual.
518 </item>
519 </list>
520 </p>
522 </sect1>
527 <p>
529 packages intended to work with the Debian distribution, but
530 which require software outside of the distribution to either
531 build or function.
532 </p>
534 <p>
536 </p>
538 <p>
541 <item>
542 must not be so buggy that we refuse to support them,
543 and
544 </item>
545 <item>
546 must meet all policy requirements presented in this
547 manual.
548 </item>
549 </list>
550 </p>
552 <p>
553 Examples of packages which would be included in
556 <item>
559 in our archive at all for compilation or execution,
560 and
561 </item>
562 <item>
563 wrapper packages or other sorts of free accessories for
564 non-free programs.
565 </item>
566 </list>
567 </p>
568 </sect1>
573 <p>
575 packages intended to work with the Debian distribution that do
576 not comply with the DFSG or have other problems that make
577 their distribution problematic. They may not comply with all
578 of the policy requirements in this manual due to restrictions
579 on modifications or other limitations.
580 </p>
582 <p>
584 not compliant with the DFSG or are encumbered by patents
585 or other legal issues that make their distribution
586 problematic.
587 </p>
589 <p>
592 <item>
593 must not be so buggy that we refuse to support them,
594 and
595 </item>
596 <item>
597 must meet all policy requirements presented in this
598 manual that it is possible for them to meet.
599 <footnote>
600 It is possible that there are policy
601 requirements which the package is unable to
602 meet, for example, if the source is
603 unavailable. These situations will need to be
604 handled on a case-by-case basis.
605 </footnote>
606 </item>
607 </list>
608 </p>
609 </sect1>
611 </sect>
616 <p>
617 Every package must be accompanied by a verbatim copy of its
618 copyright information and distribution license in the file
621 </p>
623 <p>
624 We reserve the right to restrict files from being included
625 anywhere in our archives if
627 <item>
628 their use or distribution would break a law,
629 </item>
630 <item>
631 there is an ethical conflict in their distribution or
632 use,
633 </item>
634 <item>
635 we would have to sign a license for them, or
636 </item>
637 <item>
638 their distribution would conflict with other project
639 policies.
640 </item>
641 </list>
642 </p>
644 <p>
645 Programs whose authors encourage the user to make
646 donations are fine for the main distribution, provided
647 that the authors do not claim that not donating is
648 immoral, unethical, illegal or something similar; in such
650 </p>
652 <p>
653 Packages whose copyright permission notices (or patent
654 problems) do not even allow redistribution of binaries
655 only, and where no special permission has been obtained,
656 must not be placed on the Debian FTP site and its mirrors
657 at all.
658 </p>
660 <p>
661 Note that under international copyright law (this applies
663 modification of a work is allowed without an explicit
664 notice saying so. Therefore a program without a copyright
666 to it without risking being sued! Likewise if a program
667 has a copyright notice but no statement saying what is
668 permitted then nothing is permitted.
669 </p>
671 <p>
672 Many authors are unaware of the problems that restrictive
673 copyrights (or lack of copyright notices) can cause for
674 the users of their supposedly-free software. It is often
675 worthwhile contacting such authors diplomatically to ask
676 them to modify their license terms. However, this can be a
677 politically difficult thing to do and you should ask for
679 explained below.
680 </p>
682 <p>
683 When in doubt about a copyright, send mail to
685 to provide us with the copyright statement. Software
686 covered by the GPL, public domain software and BSD-like
687 copyrights are safe; be wary of the phrases "commercial
689 </p>
690 </sect>
695 <p>
699 </p>
701 <p>
702 The archive area and section for each package should be
705 archive may override this selection to ensure the consistency of
707 of the form:
709 <item>
712 </item>
713 <item>
716 archive areas.
717 </item>
718 </list>
719 </p>
721 <p>
722 The Debian archive maintainers provide the authoritative
723 list of sections. At present, they are:
724 admin,
725 cli-mono,
726 comm,
727 database,
728 debug,
729 devel,
730 doc,
731 editors,
732 education,
733 electronics,
734 embedded,
735 fonts,
736 games,
737 gnome,
738 gnu-r,
739 gnustep,
740 graphics,
741 hamradio,
742 haskell,
743 httpd,
744 interpreters,
745 introspection,
746 java,
747 kde,
748 kernel,
749 libdevel,
750 libs,
751 lisp,
752 localization,
753 mail,
754 math,
755 metapackages,
756 misc,
757 net,
758 news,
759 ocaml,
760 oldlibs,
761 otherosfs,
762 perl,
763 php,
764 python,
765 ruby,
766 science,
767 shells,
768 sound,
769 tasks,
770 tex,
771 text,
772 utils,
773 vcs,
774 video,
775 web,
776 x11,
777 xfce,
778 zope.
780 contains special packages used by the installer and is not used
781 for normal Debian packages.
782 </p>
784 <p>
785 For more information about the sections and their definitions,
788 </p>
789 </sect>
794 <p>
798 This information is used by the Debian package management tools to
799 separate high-priority packages from less-important packages.
800 </p>
802 <p>
804 Debian package management tools.
805 <taglist>
807 <item>
808 Packages which are necessary for the proper
809 functioning of the system (usually, this means that
810 dpkg functionality depends on these packages).
812 system to become totally broken and you may not even
814 so only do so if you know what you are doing. Systems
816 unusable, but they do have enough functionality to
817 allow the sysadmin to boot and install more software.
818 </item>
820 <item>
821 Important programs, including those which one would
822 expect to find on any Unix-like system. If the
823 expectation is that an experienced Unix person who
824 found it missing would say "What on earth is going on,
825 where is <prgn>foo</prgn>?", it must be an
827 This is an important criterion because we are
828 trying to produce, amongst other things, a free
829 Unix.
830 </footnote>
831 Other packages without which the system will not run
832 well or be usable must also have priority
835 or any other large applications. The
837 commonly-expected and necessary tools.
838 </item>
840 <item>
841 These packages provide a reasonably small but not too
842 limited character-mode system. This is what will be
843 installed by default if the user doesn't select anything
844 else. It doesn't include many large applications.
845 </item>
847 <item>
848 (In a sense everything that isn't required is
849 optional, but that's not what is meant here.) This is
850 all the software that you might reasonably want to
851 install if you didn't know what it was and don't have
852 specialized requirements. This is a much larger system
853 and includes the X Window System, a full TeX
854 distribution, and many applications. Note that
855 optional packages should not conflict with each other.
856 </item>
858 <item>
859 This contains all packages that conflict with others
860 with required, important, standard or optional
861 priorities, or are only likely to be useful if you
862 already know what they are or have specialized
863 requirements (such as packages containing only detached
864 debugging symbols).
865 </item>
866 </taglist>
867 </p>
869 <p>
870 Packages must not depend on packages with lower priority
871 values (excluding build-time dependencies). In order to
872 ensure this, the priorities of one or more packages may need
873 to be adjusted.
874 </p>
875 </sect>
877 </chapt>
883 <p>
884 The Debian distribution is based on the Debian
886 all packages in the Debian distribution must be provided
888 </p>
890 <p>
892 to install on the system when the package is installed, and a set
893 of files that provide additional metadata about the package or
894 which are executed when the package is installed or removed. This
896 Among those files are the package maintainer scripts
898 package control file</qref> that contains the control fields for
899 the package. Other control information files include
902 used to store shared library dependency information and
905 </p>
907 <p>
908 There is unfortunately a collision of terminology here between
909 control information files and files in the Debian control file
911 to a file in the Debian control file format. These files are
914 included in the control information file member of
916 control information files are not in the Debian control file
917 format.
918 </p>
920 <sect>
923 <p>
924 Every package must have a name that's unique within the Debian
925 archive.
926 </p>
928 <p>
929 The package name is included in the control field
932 The package name is also included as a part of the file name
934 </p>
935 </sect>
940 <p>
941 Every package has a version number recorded in its
944 </p>
946 <p>
947 The package management system imposes an ordering on version
948 numbers, so that it can tell whether packages are being up- or
949 downgraded and so that package system front end applications
950 can tell whether a package it finds available is newer than
951 the one installed on the system. The version number format
952 has the most significant parts (as far as comparison is
953 concerned) at the beginning.
954 </p>
956 <p>
957 If an upstream package has problematic version numbers they
958 should be converted to a sane form for use in the
960 </p>
962 <sect1>
965 <p>
966 In general, Debian packages should use the same version
967 numbers as the upstream sources. However, upstream version
968 numbers based on some date formats (sometimes used for
969 development or "snapshot" releases) will not be ordered
970 correctly by the package management software. For
972 greater than "96Dec24".
973 </p>
975 <p>
976 To prevent having to use epochs for every new upstream
977 version, the date-based portion of any upstream version number
978 should be given in a way that sorts correctly: four-digit year
979 first, followed by a two-digit numeric month, followed by a
980 two-digit numeric date, possibly with punctuation between the
981 components.
982 </p>
984 <p>
985 Native Debian packages (i.e., packages which have been written
986 especially for Debian) whose version numbers include dates
987 should also follow these rules. If punctuation is desired
989 cannot be used in native package versions. Period
991 </p>
992 </sect1>
994 </sect>
999 <p>
1000 Every package must have a maintainer, except for orphaned
1001 packages as described below. The maintainer may be one person
1002 or a group of people reachable from a common email address, such
1003 as a mailing list. The maintainer is responsible for
1004 maintaining the Debian packaging files, evaluating and
1005 responding appropriately to reported bugs, uploading new
1006 versions of the package (either directly or through a sponsor),
1007 ensuring that the package is placed in the appropriate archive
1008 area and included in Debian releases as appropriate for the
1009 stability and utility of the package, and requesting removal of
1010 the package from the Debian distribution if it is no longer
1011 useful or maintainable.
1012 </p>
1014 <p>
1016 control field with their correct name and a working email
1018 control field must accept mail from those role accounts in
1019 Debian used to send automated mails regarding the package. This
1020 includes non-spam mail from the bug-tracking system, all mail
1021 from the Debian archive maintenance software, and other role
1022 accounts or automated processes that are commonly agreed on by
1023 the project.<footnote>
1024 A sample implementation of such a whitelist written for the
1025 Mailman mailing list management software is used for mailing
1026 lists hosted by alioth.debian.org.
1027 </footnote>
1028 If one person or team maintains several packages, they should
1029 use the same form of their name and email address in
1031 </p>
1033 <p>
1036 </p>
1038 <p>
1039 If the maintainer of the package is a team of people with a
1041 be present and must contain at least one human with their
1043 syntax of that field.
1044 </p>
1046 <p>
1047 An orphaned package is one with no current maintainer. Orphaned
1050 These packages are considered maintained by the Debian project
1051 as a whole until someone else volunteers to take over
1052 maintenance.<footnote>
1053 The detailed procedure for gracefully orphaning a package can
1054 be found in the Debian Developer's Reference
1056 </footnote>
1057 </p>
1058 </sect>
1063 <p>
1065 field which contains a synopsis and extended description of the
1066 package. Technical information about the format of the
1068 </p>
1070 <p>
1071 The description should describe the package (the program) to a
1072 user (system administrator) who has never met it before so that
1073 they have enough information to decide whether they want to
1074 install it. This description should not just be copied verbatim
1075 from the program's documentation.
1076 </p>
1078 <p>
1079 Put important information first, both in the synopsis and
1080 extended description. Sometimes only the first part of the
1081 synopsis or of the description will be displayed. You can
1082 assume that there will usually be a way to see the whole
1083 extended description.
1084 </p>
1086 <p>
1087 The description should also give information about the
1088 significant dependencies and conflicts between this package
1089 and others, so that the user knows why these dependencies and
1090 conflicts have been declared.
1091 </p>
1093 <p>
1094 Instructions for configuring or using the package should
1095 not be included (that is what installation scripts,
1096 manual pages, info files, etc., are for). Copyright
1097 statements and other administrivia should not be included
1098 either (that is what the copyright file is for).
1099 </p>
1103 <p>
1104 The single line synopsis should be kept brief - certainly
1105 under 80 characters.
1106 </p>
1108 <p>
1109 Do not include the package name in the synopsis line. The
1110 display software knows how to display this already, and you
1111 do not need to state it. Remember that in many situations
1112 the user may only see the synopsis line - make it as
1113 informative as you can.
1114 </p>
1116 </sect1>
1120 <p>
1121 Do not try to continue the single line synopsis into the
1122 extended description. This will not work correctly when
1123 the full description is displayed, and makes no sense
1124 where only the summary (the single line synopsis) is
1125 available.
1126 </p>
1128 <p>
1129 The extended description should describe what the package
1130 does and how it relates to the rest of the system (in terms
1131 of, for example, which subsystem it is which part of).
1132 </p>
1134 <p>
1135 The description field needs to make sense to anyone, even
1136 people who have no idea about any of the things the
1137 package deals with.<footnote>
1138 The blurb that comes with a program in its
1140 rarely suitable for use in a description. It is
1141 usually aimed at people who are already in the
1142 community where the package is used.
1143 </footnote>
1144 </p>
1146 </sect1>
1148 </sect>
1153 <p>
1154 Every package must specify the dependency information
1155 about other packages that are required for the first to
1156 work correctly.
1157 </p>
1159 <p>
1160 For example, a dependency entry must be provided for any
1161 shared libraries required by a dynamically-linked executable
1162 binary in a package.
1163 </p>
1165 <p>
1166 Packages are not required to declare any dependencies they
1168 (see below), and should not do so unless they depend on a
1169 particular version of that package.<footnote>
1170 <p>
1171 Essential is needed in part to avoid unresolvable dependency
1172 loops on upgrade. If packages add unnecessary dependencies
1173 on packages in this set, the chances that there
1175 caused by forcing these Essential packages to be configured
1176 first before they need to be is greatly increased. It also
1177 increases the chances that frontends will be unable to
1179 exists.
1180 </p>
1181 <p>
1182 Also, functionality is rarely ever removed from the
1184 the Essential set when the functionality moved to a
1185 different package. So depending on these packages <em>just
1186 in case</em> they stop being essential does way more harm
1187 than good.
1188 </p>
1189 </footnote>
1190 </p>
1192 <p>
1193 Sometimes, unpacking one package requires that another package
1195 depending package must specify this dependency in
1197 </p>
1199 <p>
1201 package before this has been discussed on the
1203 doing that has been reached.
1204 </p>
1206 <p>
1207 The format of the package interrelationship control fields is
1209 </p>
1210 </sect>
1215 <p>
1216 Sometimes, there are several packages which offer
1217 more-or-less the same functionality. In this case, it's
1219 describes that common functionality. (The virtual
1220 packages only exist logically, not physically; that's why
1223 package. Thus, any other package requiring that function
1224 can simply depend on the virtual package without having to
1225 specify all possible packages individually.
1226 </p>
1228 <p>
1229 All packages should use virtual package names where
1230 appropriate, and arrange to create new ones if necessary.
1231 They should not use virtual package names (except privately,
1232 amongst a cooperating group of packages) unless they have
1233 been agreed upon and appear in the list of virtual package
1235 </p>
1237 <p>
1238 The latest version of the authoritative list of virtual
1240 It is also available from the Debian web mirrors at
1243 </p>
1245 <p>
1246 The procedure for updating the list is described in the preface
1247 to the list.
1248 </p>
1250 </sect>
1252 <sect>
1255 <p>
1257 system that is installed before everything else
1258 on a new system. Only very few packages are allowed to form
1259 part of the base system, in order to keep the required disk
1260 usage very small.
1261 </p>
1263 <p>
1264 The base system consists of all those packages with priority
1267 </p>
1268 </sect>
1270 <sect>
1273 <p>
1274 Essential is defined as the minimal set of functionality that
1275 must be available and usable on the system at all times, even
1276 when packages are in the "Unpacked" state.
1281 </p>
1283 <p>
1284 Since these packages cannot be easily removed (one has to
1287 unless absolutely necessary. A shared library package
1289 prevent its premature removal, and we need to be able to
1290 remove it when it has been superseded.
1291 </p>
1293 <p>
1294 Since dpkg will not prevent upgrading of other packages
1297 their core functionality even when unconfigured. If the
1298 package cannot satisfy this requirement it must not be
1299 tagged as essential, and any packages depending on this
1300 package must instead have explicit dependency fields as
1301 appropriate.
1302 </p>
1304 <p>
1305 Maintainers should take great care in adding any programs,
1307 Packages may assume that functionality provided by
1309 declaring explicit dependencies, which means that removing
1310 functionality from the Essential set is very difficult and is
1311 almost never done. Any capability added to an
1313 support that capability as part of the Essential set in
1314 perpetuity.
1315 </p>
1317 <p>
1320 mailing list and a consensus about doing that has been
1321 reached.
1322 </p>
1323 </sect>
1328 <p>
1329 The package installation scripts should avoid producing
1330 output which is unnecessary for the user to see and
1332 the part of a user installing many packages. This means,
1335 </p>
1337 <p>
1338 Errors which occur during the execution of an installation
1339 script must be checked and the installation must not
1340 continue after an error.
1341 </p>
1343 <p>
1345 maintainer scripts, too.
1346 </p>
1348 <p>
1350 to another package without consulting the maintainer of that
1351 package first. When adding or removing diversions, package
1354 </p>
1356 <p>
1357 All packages which supply an instance of a common command
1358 name (or, in general, filename) should generally use
1361 is not used, then each package must use
1363 removed. (In this case, it may be appropriate to
1364 specify a conflict against earlier versions of something
1365 that previously did not use
1367 the usual rule that versioned conflicts should be
1368 avoided.)
1369 </p>
1373 <p>
1374 Package maintainer scripts may prompt the user if
1375 necessary. Prompting must be done by communicating
1377 conforms to the Debian Configuration Management
1378 Specification, version 2 or higher.
1379 </p>
1381 <p>
1382 Packages which are essential, or which are dependencies of
1383 essential packages, may fall back on another prompting method
1384 if no such interface is available when they are executed.
1385 </p>
1387 <p>
1388 The Debian Configuration Management Specification is included
1391 It is also available from the Debian web mirrors at
1394 </p>
1396 <p>
1397 Packages which use the Debian Configuration Management
1398 Specification may contain the additional control information
1401 additional maintainer script used for package configuration,
1405 unpacked or any of its dependencies or pre-dependencies are
1406 satisfied. Therefore it must work using only the tools
1409 implements the Debian Configuration Management
1410 Specification will also be installed, and any
1411 versioned dependencies on it will be satisfied
1412 before preconfiguration begins.
1413 </footnote>
1414 </p>
1416 <p>
1417 Packages which use the Debian Configuration Management
1418 Specification must allow for translation of their user-visible
1419 messages by using a gettext-based system such as the one
1421 </p>
1423 <p>
1424 Packages should try to minimize the amount of prompting
1425 they need to do, and they should ensure that the user
1426 will only ever be asked each question once. This means
1427 that packages should try to use appropriate shared
1431 prompting for their own list of required pieces of
1432 information.
1433 </p>
1435 <p>
1436 It also means that an upgrade should not ask the same
1437 questions again, unless the user has used
1439 The answers to configuration questions should be stored in an
1441 modify them, and how this has been done should be
1442 documented.
1443 </p>
1445 <p>
1446 If a package has a vitally important piece of
1447 information to pass to the user (such as "don't run me
1448 as I am, you must edit the following configuration files
1449 first or you risk your system emitting badly-formatted
1450 messages"), it should display this in the
1452 prompt the user to hit return to acknowledge the
1453 message. Copyright messages do not count as vitally
1454 important (they belong in
1456 neither do instructions on how to use a program (these
1457 should be in on-line documentation, where all the users
1458 can see them).
1459 </p>
1461 <p>
1462 Any necessary prompting should almost always be confined
1465 should be protected with a conditional so that
1466 unnecessary prompting doesn't happen if a package's
1470 </p>
1471 </sect1>
1473 </sect>
1475 </chapt>
1484 <p>
1485 Source packages should specify the most recent version number
1486 of this policy document with which your package complied
1487 when it was last updated.
1488 </p>
1490 <p>
1491 This information may be used to file bug reports
1492 automatically if your package becomes too much out of date.
1493 </p>
1495 <p>
1497 control field.
1500 </p>
1502 <p>
1503 You should regularly, and especially if your package has
1504 become out of date, check for the newest Policy Manual
1505 available and update your package, if necessary. When your
1506 package complies with the new standards you should update the
1508 release it.<footnote>
1510 information about policy which has changed between
1511 different versions of this document.
1512 </footnote>
1513 </p>
1515 </sect>
1520 <p>
1521 Source packages should specify which binary packages they
1522 require to be installed or not to be installed in order to
1523 build correctly. For example, if building a package
1524 requires a certain compiler, then the compiler should be
1525 specified as a build-time dependency.
1526 </p>
1528 <p>
1529 It is not necessary to explicitly specify build-time
1530 relationships on a minimal set of packages that are always
1531 needed to compile, link and put in a Debian package a
1532 standard "Hello World!" program written in C or C++. The
1534 an informational list can be found in
1537 package).<footnote>
1538 Rationale:
1540 <item>
1541 This allows maintaining the list separately
1542 from the policy documents (the list does not
1543 need the kind of control that the policy
1544 documents do).
1545 </item>
1546 <item>
1547 Having a separate package allows one to install
1548 the build-essential packages on a machine, as
1549 well as allowing other packages such as tasks to
1550 require installation of the build-essential
1551 packages using the depends relation.
1552 </item>
1553 <item>
1554 The separate package allows bug reports against
1555 the list to be categorized separately from
1556 the policy management process in the BTS.
1557 </item>
1558 </list>
1559 </footnote>
1560 </p>
1562 <p>
1563 When specifying the set of build-time dependencies, one
1564 should list only those packages explicitly required by the
1565 build. It is not necessary to list packages which are
1566 required merely because some other package in the list of
1567 build-time dependencies depends on them.<footnote>
1568 The reason for this is that dependencies change, and
1571 others need is their business. For example, if you
1577 will automatically ensure that all of its run-time
1578 dependencies are satisfied.
1579 </footnote>
1580 </p>
1582 <p>
1583 If build-time dependencies are specified, it must be
1584 possible to build the package and produce working binaries
1585 on a system with only essential and build-essential
1586 packages installed and also those required to satisfy the
1587 build-time relationships (including any implied
1588 relationships). In particular, this means that version
1589 clauses should be used rigorously in build-time
1590 relationships so that one cannot produce bad or
1591 inconsistently configured packages when the relationships
1592 are properly satisfied.
1593 </p>
1595 <p>
1597 </p>
1598 </sect>
1600 <sect>
1603 <p>
1604 If changes to the source code are made that are not
1605 specific to the needs of the Debian system, they should be
1606 sent to the upstream authors in whatever form they prefer
1607 so as to be included in the upstream version of the
1608 package.
1609 </p>
1611 <p>
1612 If you need to configure the package differently for
1613 Debian or for Linux, and the upstream source doesn't
1614 provide a way to do so, you should add such configuration
1617 authors, with the default set to the way they originally
1618 had it. You can then easily override the default in your
1620 </p>
1622 <p>
1624 detects the correct architecture specification string
1626 </p>
1627 <p>
1632 details how to achieve that). This ensures that these files can
1633 be updated distribution-wide at build time when introducing
1634 new architectures.
1635 </p>
1637 <p>
1642 reconfigure the package if necessary. You should
1645 else to later reconfigure the package without losing the
1646 changes you made.
1647 </p>
1649 </sect>
1654 <p>
1655 Changes in the Debian version of the package should be
1656 briefly explained in the Debian changelog file
1658 <p>
1659 Mistakes in changelogs are usually best rectified by
1660 making a new changelog entry rather than "rewriting
1661 history" by editing old changelog entries.
1662 </p>
1663 </footnote>
1664 This includes modifications
1665 made in the Debian package compared to the upstream one
1666 as well as other changes and updates to the package.
1667 <footnote>
1668 Although there is nothing stopping an author who is also
1669 the Debian maintainer from using this changelog for all
1670 their changes, it will have to be renamed if the Debian
1671 and upstream maintainers become different people. In such
1672 a case, however, it might be better to maintain the package
1673 as a non-native package.
1674 </footnote>
1675 </p>
1677 <p>
1679 package building tools to discover which version of the package
1680 is being built and find out other release-specific information.
1681 </p>
1683 <p>
1684 That format is a series of entries like this:
1688 <var>
1689 [optional blank line(s), stripped]
1690 </var>
1693 <var>
1694 [blank line(s), included in output of dpkg-parsechangelog]
1695 </var>
1697 <var>
1698 [optional blank line(s), stripped]
1699 </var>
1700 -- <var>maintainer name</var> <<var>email address</var>><var>[two spaces]</var> <var>date</var>
1701 </example>
1702 </p>
1704 <p>
1706 package name and version number.
1707 </p>
1709 <p>
1711 this version should be installed when it is uploaded - it
1714 </p>
1716 <p>
1720 an urgency containing commas; commas are used to separate
1725 </p>
1727 <p>
1728 The change details may in fact be any series of lines
1729 starting with at least two spaces, but conventionally each
1730 change starts with an asterisk and a separating space and
1731 continuation lines are indented so as to bring them in
1732 line with the start of the text above. Blank lines may be
1733 used here to separate groups of changes, if desired.
1734 </p>
1736 <p>
1737 If this upload resolves bugs recorded in the Bug Tracking
1738 System (BTS), they may be automatically closed on the
1739 inclusion of this package into the Debian archive by
1741 in the change details.<footnote>
1742 To be precise, the string should match the following
1743 Perl regular expression:
1744 <example>
1745 /closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i
1746 </example>
1747 Then all of the bug numbers listed will be closed by the
1750 </footnote>
1753 </p>
1755 <p>
1756 The maintainer name and email address used in the changelog
1757 should be the details of the person who prepared this release of
1759 uploader or usual package maintainer.<footnote>
1760 In the case of a sponsored upload, the uploader signs the
1761 files, but the changelog maintainer name and address are those
1762 of the person who prepared this release. If the preparer of
1763 the release is not one of the usual maintainers of the package
1764 (as listed in
1767 fields of the package), the first line of the changelog is
1768 conventionally used to explain why a non-maintainer is
1769 uploading the package. The Debian Developer's Reference
1771 used.</footnote>
1775 acknowledgement when the upload has been installed.
1776 </p>
1778 <p>
1780 This is the same as the format generated by <tt>date
1781 -R</tt>.
1782 </footnote> (compatible and with the same semantics of
1785 where:
1787 <item>
1788 day-of week is one of: Mon, Tue, Wed, Thu, Fri, Sat, Sun
1789 </item>
1790 <item>
1792 </item>
1793 <item>
1794 month is one of: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,
1795 Sep, Oct, Nov, Dec
1796 </item>
1801 <item>
1802 +zzzz or -zzzz is the the time zone offset from Coordinated
1803 Universal Time (UTC). "+" indicates that the time is ahead
1804 of (i.e., east of) UTC and "-" indicates that the time is
1805 behind (i.e., west of) UTC. The first two digits indicate
1806 the hour difference from UTC and the last two digits
1807 indicate the number of additional minutes difference from
1809 </item>
1810 </list>
1811 </p>
1813 <p>
1814 The first "title" line with the package name must start
1815 at the left hand margin. The "trailer" line with the
1816 maintainer and date details must be preceded by exactly
1817 one space. The maintainer details and the date must be
1818 separated by exactly two spaces.
1819 </p>
1821 <p>
1822 The entire changelog must be encoded in UTF-8.
1823 </p>
1825 <p>
1826 For more information on placement of the changelog files
1828 </p>
1829 </sect>
1833 <p>
1834 Every package must be accompanied by a verbatim copy of its
1835 copyright information and distribution license in the file
1839 to copyrights for packages.
1840 </p>
1841 </sect>
1842 <sect>
1845 <p>
1847 (including your package's upstream makefiles and
1850 properties apply: if you include a miniature script as one
1851 of the commands in your makefile you'll find that if you
1852 don't do anything about it then errors are not detected
1854 problems.
1855 </p>
1857 <p>
1858 Every time you put more than one shell command (this
1859 includes using a loop) in a makefile command you
1860 must make sure that errors are trapped. For
1861 simple compound commands, such as changing directory and
1863 than semicolon as a command separator is sufficient. For
1864 more complex commands including most loops and
1866 command at the start of every makefile command that's
1867 actually one of these miniature shell scripts.
1868 </p>
1869 </sect>
1873 <p>
1874 Maintainers should preserve the modification times of the
1875 upstream source files in a package, as far as is reasonably
1876 possible.<footnote>
1877 The rationale is that there is some information conveyed
1878 by knowing the age of the file, for example, you could
1879 recognize that some documentation is very old by looking
1880 at the modification time, so it would be nice if the
1881 modification time of the upstream source would be
1882 preserved.
1883 </footnote>
1884 </p>
1885 </sect>
1890 <p>
1891 The source package may not contain any hard links<footnote>
1892 <p>
1893 This is not currently detected when building source
1894 packages, but only when extracting
1895 them.
1896 </p>
1897 <p>
1898 Hard links may be permitted at some point in the
1899 future, but would require a fair amount of
1900 work.
1901 </p>
1902 </footnote>, device special files, sockets or setuid or
1903 setgid files.<footnote>
1904 Setgid directories are allowed.
1905 </footnote>
1906 </p>
1907 </sect>
1912 <p>
1913 This file must be an executable makefile, and contains the
1914 package-specific recipes for compiling the package and
1915 building binary package(s) from the source.
1916 </p>
1918 <p>
1920 so that it can be invoked by saying its name rather than
1924 identical behavior.
1925 </p>
1927 <p>
1928 The following targets are required and must be implemented
1933 </p>
1935 <p>
1937 impossible to auto-compile that package and also makes it hard
1938 for other people to reproduce the same binary package, all
1939 required targets must be non-interactive. It also follows that
1940 any target that these targets depend on must also be
1941 non-interactive.
1942 </p>
1943 <p>
1944 For packages in the main archive, no required targets
1945 may attempt network access.
1946 </p>
1948 <p>
1949 The targets are as follows:
1950 <taglist>
1952 <item>
1953 <p>
1955 configuration and compilation of the package.
1956 If a package has an interactive pre-build
1957 configuration routine, the Debian source package
1958 must either be built after this has taken place (so
1959 that the binary package can be built without rerunning
1960 the configuration) or the configuration routine
1961 modified to become non-interactive. (The latter is
1962 preferable if there are architecture-specific features
1963 detected by the configuration routine.)
1964 </p>
1966 <p>
1967 For some packages, notably ones where the same
1968 source tree is compiled in different ways to produce
1970 does not make much sense. For these packages it is
1971 good enough to provide two (or more) targets
1973 for each of the ways of building the package, and a
1976 package in each of the possible ways and make the
1977 binary package out of each.
1978 </p>
1980 <p>
1982 that might require root privilege.
1983 </p>
1985 <p>
1988 </p>
1990 <p>
1991 When a package has a configuration and build routine
1992 which takes a long time, or when the makefiles are
1996 complete. This will ensure that if <tt>debian/rules
1997 build</tt> is run again it will not rebuild the whole
1998 program.<footnote>
2002 target to do the building and to <tt>touch
2003 build-stamp</tt> on completion. This is
2004 especially useful if the build routine creates a
2007 a phony target (i.e., as a dependency of the
2010 targets.
2011 </footnote>
2012 </p>
2013 </item>
2017 </tag>
2018 <item>
2019 <p>
2021 perform all the configuration and compilation required for
2022 producing all architecture-dependent binary packages
2023 (those packages for which the body of the
2026 target must perform all the configuration
2027 and compilation required for producing all
2028 architecture-independent binary packages (those packages
2032 should either depend on those targets or take the same
2033 actions as invoking those targets would perform.<footnote>
2034 This split allows binary-only builds to not install the
2036 target and skip any resource-intensive build tasks that
2037 are only required when building architecture-independent
2038 binary packages.
2039 </footnote>
2040 </p>
2042 <p>
2044 must not do anything that might require root privilege.
2045 </p>
2046 </item>
2050 </tag>
2051 <item>
2052 <p>
2054 necessary for the user to build the binary package(s)
2055 produced from this source package. It is
2057 the binary packages which are specific to a particular
2059 those which are not.
2060 </p>
2061 <p>
2063 no commands which simply depends on
2065 </p>
2066 <p>
2070 provided, so that the package is built if it has not
2071 been already. It should then create the relevant
2074 build them and place them in the parent of the top
2075 level directory.
2076 </p>
2078 <p>
2081 If one of them has nothing to do (which will always be
2082 the case if the source generates only a single binary
2083 package, whether architecture-dependent or not), it
2084 must still exist and must always succeed.
2085 </p>
2087 <p>
2089 root.<footnote>
2091 to build a package correctly even without being
2092 root.
2093 </footnote>
2094 </p>
2095 </item>
2098 <item>
2099 <p>
2102 that it should leave alone any output files created in
2104 target.
2105 </p>
2107 <p>
2110 should be removed as the first action that
2114 already done.
2115 </p>
2117 <p>
2123 example).
2124 </p>
2125 </item>
2128 <item>
2129 <p>
2130 This target fetches the most recent version of the
2131 original source package from a canonical archive site
2132 (via FTP or WWW, for example), does any necessary
2133 rearrangement to turn it into the original source
2134 tar file format described below, and leaves it in the
2135 current directory.
2136 </p>
2138 <p>
2139 This target may be invoked in any directory, and
2140 should take care to clean up any temporary files it
2141 may have left.
2142 </p>
2144 <p>
2145 This target is optional, but providing it if
2146 possible is a good idea.
2147 </p>
2148 </item>
2151 <item>
2152 <p>
2153 This target performs whatever additional actions are
2154 required to make the source ready for editing (unpacking
2155 additional upstream archives, applying patches, etc.).
2156 It is recommended to be implemented for any package where
2158 for additional modification. See
2160 </p>
2161 </item>
2162 </taglist>
2164 <p>
2167 directory being the package's top-level directory.
2168 </p>
2171 <p>
2173 either as published or undocumented interfaces or for the
2174 package's internal use.
2175 </p>
2177 <p>
2178 The architectures we build on and build for are determined
2181 You can determine the Debian architecture and the GNU style
2182 architecture specification string for the build architecture as
2183 well as for the host architecture. The build architecture is
2185 the package build is performed. The host architecture is the
2186 architecture on which the resulting package will be installed
2187 and run. These are normally the same, but may be different in
2188 the case of cross-compilation (building packages for one
2189 architecture on machines of a different architecture).
2190 </p>
2192 <p>
2195 <item>
2197 </item>
2198 <item>
2200 </item>
2201 <item>
2203 </item>
2204 <item>
2206 specification string)
2207 </item>
2208 <item>
2211 </item>
2212 <item>
2215 </list>
2218 host architecture.
2219 </p>
2221 <p>
2222 Backward compatibility can be provided in the rules file
2223 by setting the needed variables to suitable default
2224 values; please refer to the documentation of
2226 </p>
2228 <p>
2230 string only determines which Debian architecture we are
2231 building on or for. It should not be used to get the CPU
2234 GNU style variables should generally only be used with upstream
2235 build systems.
2236 </p>
2242 <p>
2243 Supporting the standardized environment variable
2245 contain several flags to change how a package is compiled and
2248 given, they must be separated by whitespace.<footnote>
2249 Some packages support any delimiter, but whitespace is the
2250 easiest to parse inside a makefile and avoids ambiguity with
2251 flag values that contain commas.
2252 </footnote>
2258 tag should not be given multiple times with conflicting
2259 values. Package maintainers may assume that
2261 </p>
2263 <p>
2264 The meaning of the following tags has been standardized:
2265 <taglist>
2267 <item>
2268 This tag says to not run any build-time test suite
2269 provided by the package.
2270 </item>
2272 <item>
2273 The presence of this tag means that the package should
2274 be compiled with a minimum of optimization. For C
2277 Some programs might fail to build or run at this level
2278 of optimization; it may be necessary to use
2280 </item>
2282 <item>
2283 This tag means that the debugging symbols should not be
2284 stripped from the binary during installation, so that
2285 debugging information may be included in the package.
2286 </item>
2288 <item>
2289 This tag means that the package should be built using up
2291 system supports this.<footnote>
2295 </footnote>
2296 If the package build system does not support parallel
2297 builds, this string must be ignored. If the package
2298 build system only supports a lower level of concurrency
2300 many parallel processes as the package build system
2301 supports. It is up to the package maintainer to decide
2302 whether the package build times are long enough and the
2303 package build system is robust enough to make supporting
2304 parallel builds worthwhile.
2305 </item>
2306 </taglist>
2307 </p>
2309 <p>
2311 </p>
2313 <p>
2314 The following makefile snippet is an example of how one may
2315 implement the build options; you will probably have to
2316 massage this example in order to make it work for your
2317 package.
2319 CFLAGS = -Wall -g
2320 INSTALL = install
2321 INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
2322 INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
2323 INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755
2324 INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
2326 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
2327 CFLAGS += -O0
2328 else
2329 CFLAGS += -O2
2330 endif
2331 ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
2332 INSTALL_PROGRAM += -s
2333 endif
2334 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2335 NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2336 MAKEFLAGS += -j$(NUMJOBS)
2337 endif
2339 build:
2340 # ...
2341 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
2342 # Code to run the package test suite.
2343 endif
2344 </example>
2345 </p>
2346 </sect1>
2347 </sect>
2349 <!-- FIXME: section pkg-srcsubstvars is the same as substvars -->
2353 <p>
2357 substitutions on its output just before writing it. Variable
2360 variable substitutions to be used; variables can also be set
2362 option to the source packaging commands, and certain predefined
2363 variables are also available.
2364 </p>
2366 <p>
2370 </p>
2372 <p>
2374 details about source variable substitutions, including the
2376 </sect>
2381 <p>
2382 This is an optional, recommended configuration file for the
2384 ftp or http sites for newly available updates of the
2385 package. This is used Debian QA
2386 tools to help with quality control and maintenance of the
2387 distribution as a whole.
2388 </p>
2390 </sect>
2395 <p>
2396 This file is not a permanent part of the source tree; it
2397 is used while building packages to record which files are
2400 </p>
2402 <p>
2403 It should not exist in a shipped source package, and so it
2404 (and any backup files or temporary files such as
2410 to avoid leaving a corrupted copy if an error
2411 occurs.
2412 </footnote>) should be removed by the
2414 ensure a fresh start by emptying or removing it at the
2416 </p>
2418 <p>
2422 --build</tt> is run for that binary package. So for most
2423 packages all that needs to be done with this file is to
2425 </p>
2427 <p>
2428 If a package upload includes files besides the source
2429 package and any binary packages whose control files were
2431 placed in the parent of the package's top-level directory
2434 </sect>
2439 <p>
2440 Some software packages include in their distribution convenience
2441 copies of code from other software packages, generally so that
2442 users compiling from source don't have to download multiple
2443 packages. Debian packages should not make use of these
2444 convenience copies unless the included package is explicitly
2445 intended to be used in this way.<footnote>
2446 For example, parts of the GNU build system work like this.
2447 </footnote>
2448 If the included code is already in the Debian archive in the
2449 form of a library, the Debian packaging should ensure that
2450 binary packages reference the libraries already in Debian and
2451 the convenience copy is not used. If the included code is not
2452 already in Debian, it should be packaged separately as a
2453 prerequisite if possible.
2454 <footnote>
2455 Having multiple copies of the same code in Debian is
2456 inefficient, often creates either static linking or shared
2457 library conflicts, and, most importantly, increases the
2458 difficulty of handling security vulnerabilities in the
2459 duplicated code.
2460 </footnote>
2461 </p>
2462 </sect>
2465 <heading>Source package handling:
2468 <p>
2470 doesn't produce the source of the package, ready for editing,
2471 and allow one to make changes and run
2473 without taking any additional steps, creating a
2475 recommended. This file should explain how to do all of the
2476 following:
2477 <enumlist>
2478 <item>Generate the fully patched source, in a form ready for
2479 editing, that would be built to create Debian
2483 <item>Modify the source and save those modifications so that
2484 they will be applied when building the package.</item>
2485 <item>Remove source modifications that are currently being
2486 applied when building the package.</item>
2487 <item>Optionally, document what steps are necessary to
2488 upgrade the Debian source package to a new upstream version,
2489 if applicable.</item>
2490 </enumlist>
2491 This explanation should include specific commands and mention
2492 any additional required Debian packages. It should not assume
2493 familiarity with any specific Debian packaging system or patch
2494 management tools.
2495 </p>
2497 <p>
2498 This explanation may refer to a documentation file installed by
2499 one of the package's build dependencies provided that the
2500 referenced documentation clearly explains these tasks and is not
2501 a general reference manual.
2502 </p>
2504 <p>
2506 information that would be helpful to someone modifying the
2507 source package. Even if the package doesn't fit the above
2508 description, maintainers are encouraged to document in a
2510 particularly complex or unintuitive source layout or build
2511 system (for example, a package that builds the same source
2512 multiple times to generate different binary packages).
2513 </p>
2514 </sect>
2515 </chapt>
2521 <p>
2522 The package management system manipulates data represented in
2525 Control files are used for source packages, binary packages and
2527 of uploaded files<footnote>
2529 format.
2530 </footnote>.
2531 </p>
2536 <p>
2537 A control file consists of one or more paragraphs of
2538 fields<footnote>
2539 The paragraphs are also sometimes referred to as stanzas.
2540 </footnote>.
2541 The paragraphs are separated by empty lines. Parsers may accept
2542 lines consisting solely of spaces and tabs as paragraph
2543 separators, but control files should use empty lines. Some control
2544 files allow only one paragraph; others allow several, in
2545 which case each paragraph usually refers to a different
2546 package. (For example, in source packages, the first
2547 paragraph refers to the source package, and later paragraphs
2548 refer to binary packages generated from the source.) The
2549 ordering of the paragraphs in control files is significant.
2550 </p>
2552 <p>
2553 Each paragraph consists of a series of data fields. Each field
2554 consists of the field name followed by a colon and then the
2555 data/value associated with that field. The field name is
2556 composed of US-ASCII characters excluding control characters,
2560 </p>
2562 <p>
2563 The field ends at the end of the line or at the end of the last
2564 continuation line (see below). Horizontal whitespace (spaces
2565 and tabs) may occur immediately before or after the value and is
2566 ignored there; it is conventional to put a single space after
2567 the colon. For example, a field might be:
2569 Package: libc6
2570 </example>
2573 </p>
2574 <p> Empty field values are only permitted in source package control files
2576 </p>
2577 <p>
2578 A paragraph must not contain more than one instance of a
2579 particular field name.
2580 </p>
2582 <p>
2583 There are three types of fields:
2584 <taglist>
2586 <item>
2587 The field, including its value, must be a single line. Folding
2588 of the field is not permitted. This is the default field type
2589 if the definition of the field does not specify a different
2590 type.
2591 </item>
2593 <item>
2594 The value of a folded field is a logical line that may span
2595 several lines. The lines after the first are called
2596 continuation lines and must start with a space or a tab.
2597 Whitespace, including any newlines, is not significant in the
2598 field values of folded fields.<footnote>
2599 This folding method is similar to RFC 5322, allowing control
2600 files that contain only one paragraph and no multiline fields
2601 to be read by parsers written for RFC 5322.
2602 </footnote>
2603 </item>
2605 <item>
2606 The value of a multiline field may comprise multiple continuation
2607 lines. The first line of the value, the part on the same line as
2608 the field name, often has special significance or may have to be
2609 empty. Other lines are added following the same syntax as the
2610 continuation lines of the folded fields. Whitespace, including newlines,
2611 is significant in the values of multiline fields.
2612 </item>
2613 </taglist>
2614 </p>
2616 <p>
2617 Whitespace must not appear
2618 inside names (of packages, architectures, files or anything
2619 else) or version numbers, or between the characters of
2620 multi-character version relationships.
2621 </p>
2623 <p>
2624 The presence and purpose of a field, and the syntax of its
2625 value may differ between types of control files.
2626 </p>
2628 <p>
2629 Field names are not case-sensitive, but it is usual to
2630 capitalize the field names using mixed case as shown below.
2631 Field values are case-sensitive unless the description of the
2632 field says otherwise.
2633 </p>
2635 <p>
2636 Paragraph separators (empty lines) and lines consisting only of
2637 spaces and tabs are not allowed within field values or between
2638 fields. Empty lines in field values are usually escaped by
2639 representing them by a space followed by a dot.
2640 </p>
2642 <p>
2643 Lines starting with # without any preceding whitespace are comments
2644 lines that are only permitted in source package control files
2646 between two continuation lines. They do not end logical lines.
2647 </p>
2649 <p>
2650 All control files must be encoded in UTF-8.
2651 </p>
2652 </sect>
2657 <p>
2659 (and version-independent) information about the source package
2660 and about the binary packages it creates.
2661 </p>
2663 <p>
2664 The first paragraph of the control file contains information about
2665 the source package in general. The subsequent sets each describe a
2666 binary package that the source tree builds.
2667 </p>
2669 <p>
2670 The fields in the general paragraph (the first one, for the source
2671 package) are:
2683 </list>
2684 </p>
2686 <p>
2687 The fields in the binary package paragraphs are:
2700 </list>
2701 </p>
2703 <p>
2704 The syntax and semantics of the fields are described below.
2705 </p>
2707 <p>
2709 generate control files for binary packages (see below), by
2715 but not in any other control
2716 file. These tools are responsible for removing the line
2717 breaks from such fields when using fields from
2719 They are also responsible for discarding empty fields.
2720 </p>
2722 <p>
2723 The fields here may contain variable references - their
2726 when they generate output control files.
2728 </p>
2729 </sect>
2734 <p>
2736 (and version-dependent) information about a binary package. It
2737 consists of a single paragraph.
2738 </p>
2740 <p>
2741 The fields in this file are:
2757 </list>
2758 </p>
2759 </sect>
2764 <p>
2765 This file consists of a single paragraph, possibly surrounded by
2766 a PGP signature. The fields of that paragraph are listed below.
2786 </list>
2787 </p>
2789 <p>
2790 The Debian source control file is generated by
2792 archive, from other files in the source package,
2793 described above. When unpacking, it is checked against
2794 the files and directories in the other parts of the
2795 source package.
2796 </p>
2798 </sect>
2803 <p>
2805 maintenance software to process updates to packages. They
2806 consist of a single paragraph, possibly surrounded by a PGP
2807 signature. That paragraph contains information from the
2811 </p>
2813 <p>
2815 incremented whenever the documented fields or their meaning
2816 change. This document describes format &changesversion;.
2817 </p>
2819 <p>
2820 The fields in this file are:
2839 </list>
2840 </p>
2841 </sect>
2849 <p>
2850 This field identifies the source package name.
2851 </p>
2853 <p>
2855 this field must contain only the name of the source package.
2856 </p>
2858 <p>
2860 file, the source package name may be followed by a version
2861 number in parentheses<footnote>
2862 It is customary to leave a space after the package name
2863 if a version number is specified.
2864 </footnote>.
2865 This version number may be omitted (and is, by
2868 question. The field itself may be omitted from a binary
2869 package control file when the source package has the same
2870 name and version as the binary package.
2871 </p>
2873 <p>
2874 Package names (both source and binary,
2879 must start with an alphanumeric character.
2880 </p>
2881 </sect1>
2886 <p>
2887 The package maintainer's name and email address. The name
2888 must come first, then the email address inside angle
2890 </p>
2892 <p>
2893 If the maintainer's name contains a full stop then the
2894 whole field will not work directly as an email address due
2895 to a misfeature in the syntax specified in RFC822; a
2896 program using this field as an address must check for this
2897 and correct the problem if necessary (for example by
2898 putting the name in round brackets and moving it to the
2899 end, and bringing the email address forward).
2900 </p>
2902 <p>
2904 information about package maintainers.
2905 </p>
2906 </sect1>
2911 <p>
2912 List of the names and email addresses of co-maintainers of the
2913 package, if any. If the package has other maintainers besides
2915 field</qref>, their names and email addresses should be listed
2916 here. The format of each entry is the same as that of the
2917 Maintainer field, and multiple entries must be comma
2918 separated.
2919 </p>
2921 <p>
2922 This is normally an optional field, but if
2925 be present and must contain at least one human with their
2926 personal email address.
2927 </p>
2929 <p>
2931 </p>
2932 </sect1>
2937 <p>
2938 The name and email address of the person who prepared this
2939 version of the package, usually a maintainer. The syntax is
2941 field</qref>.
2942 </p>
2943 </sect1>
2948 <p>
2949 This field specifies an application area into which the package
2951 </p>
2953 <p>
2955 it gives the value for the subfield of the same name in
2957 It also gives the default for the same field in the binary
2958 packages.
2959 </p>
2960 </sect1>
2965 <p>
2966 This field represents how important it is that the user
2968 </p>
2970 <p>
2972 it gives the value for the subfield of the same name in
2974 It also gives the default for the same field in the binary
2975 packages.
2976 </p>
2977 </sect1>
2982 <p>
2983 The name of the binary package.
2984 </p>
2986 <p>
2987 Binary package names must follow the same syntax and
2989 for the details.
2990 </p>
2991 </sect1>
2996 <p>
2997 Depending on context and the control file used, the
2999 values:
3000 <list>
3001 <item>
3002 A unique single word identifying a Debian machine
3004 </item>
3005 <item>
3006 An architecture wildcard identifying a set of Debian
3009 and is the most frequently used.
3010 </item>
3011 <item>
3013 architecture-independent package.
3014 </item>
3015 <item>
3017 </item>
3018 </list>
3019 </p>
3021 <p>
3023 package, this field may contain the special
3028 contents of the field. Most packages will use
3030 </p>
3032 <p>
3033 Specifying a specific list of architectures indicates that the
3034 source will build an architecture-dependent package only on
3035 architectures included in the list. Specifying a list of
3036 architecture wildcards indicates that the source will build an
3037 architecture-dependent package on only those architectures
3038 that match any of the specified architecture wildcards.
3039 Specifying a list of architectures or architecture wildcards
3041 program is not portable or is not useful on some
3042 architectures. Where possible, the program should be made
3043 portable instead.
3044 </p>
3046 <p>
3048 field contains a list of architectures and architecture
3049 wildcards separated by spaces. When the list contains the
3052 </p>
3054 <p>
3055 The list may include (or consist solely of) the special
3058 occur in combination with specific architectures.
3063 </p>
3065 <p>
3067 isn't dependent on any particular architecture and should
3068 compile fine on any one. The produced binary package(s)
3069 will be specific to whatever the current build architecture is.
3070 </p>
3072 <p>
3074 will only build architecture-independent packages.
3075 </p>
3077 <p>
3079 isn't dependent on any particular architecture. The set of
3080 produced binary packages will include at least one
3081 architecture-dependent package and one architecture-independent
3082 package.
3083 </p>
3085 <p>
3086 Specifying a list of architectures or architecture wildcards
3087 indicates that the source will build an architecture-dependent
3088 package, and will only work correctly on the listed or
3089 matching architectures. If the source package also builds at
3091 also be included in the list.
3092 </p>
3094 <p>
3096 field lists the architecture(s) of the package(s) currently
3097 being uploaded. This will be a list; if the source for the
3098 package is also being uploaded, the special
3100 present if any architecture-independent packages are being
3104 </p>
3106 <p>
3108 the architecture for the build process.
3109 </p>
3110 </sect1>
3115 <p>
3116 This is a boolean field which may occur only in the
3117 control file of a binary package or in a per-package fields
3118 paragraph of a source package control file.
3119 </p>
3121 <p>
3123 will refuse to remove the package (upgrading and replacing
3125 which is the same as not having the field at all.
3126 </p>
3127 </sect1>
3129 <sect1>
3130 <heading>Package interrelationship fields:
3135 </heading>
3137 <p>
3138 These fields describe the package's relationships with
3139 other packages. Their syntax and semantics are described
3141 </sect1>
3146 <p>
3147 The most recent version of the standards (the policy
3148 manual and associated texts) with which the package
3149 complies.
3150 </p>
3152 <p>
3153 The version number has four components: major and minor
3154 version number and major and minor patch level. When the
3155 standards change in a way that requires every package to
3156 change the major number will be changed. Significant
3157 changes that will require work in many packages will be
3158 signaled by a change to the minor number. The major patch
3159 level will be changed for any change to the meaning of the
3160 standards, however small; the minor patch level will be
3161 changed when only cosmetic, typographical or other edits
3162 are made which neither change the meaning of the document
3163 nor affect the contents of packages.
3164 </p>
3166 <p>
3167 Thus only the first three components of the policy version
3169 field, and so either these three components or all four
3170 components may be specified.<footnote>
3171 In the past, people specified the full version number
3172 in the Standards-Version field, for example "2.3.0.0".
3173 Since minor patch-level changes don't introduce new
3174 policy, it was thought it would be better to relax
3175 policy and only require the first 3 components to be
3176 specified, in this example "2.3.0". All four
3177 components may still be used if someone wishes to do so.
3178 </footnote>
3179 </p>
3181 </sect1>
3186 <p>
3187 The version number of a package. The format is:
3189 </p>
3191 <p>
3192 The three components here are:
3193 <taglist>
3195 <item>
3196 <p>
3197 This is a single (generally small) unsigned integer. It
3198 may be omitted, in which case zero is assumed. If it is
3200 contain any colons.
3201 </p>
3203 <p>
3204 It is provided to allow mistakes in the version numbers
3205 of older versions of a package, and also a package's
3206 previous version numbering schemes, to be left behind.
3207 </p>
3208 </item>
3211 <item>
3212 <p>
3213 This is the main part of the version number. It is
3214 usually the version number of the original ("upstream")
3216 if this is applicable. Usually this will be in the same
3217 format as that specified by the upstream author(s);
3218 however, it may need to be reformatted to fit into the
3219 package management system's format and comparison
3220 scheme.
3221 </p>
3223 <p>
3224 The comparison behavior of the package management system
3227 portion of the version number is mandatory.
3228 </p>
3230 <p>
3232 alphanumerics<footnote>
3234 </footnote>
3237 tilde) and should start with a digit. If there is no
3239 </p>
3240 </item>
3243 <item>
3244 <p>
3245 This part of the version number specifies the version of
3246 the Debian package based on the upstream version. It
3247 may contain only alphanumerics and the characters
3249 tilde) and is compared in the same way as the
3251 </p>
3253 <p>
3254 It is optional; if it isn't present then the
3256 This format represents the case where a piece of
3257 software was written specifically to be a Debian
3258 package, where the Debian package source must always
3259 be identical to the pristine source and therefore no
3260 revision indication is required.
3261 </p>
3263 <p>
3264 It is conventional to restart the
3267 </p>
3269 <p>
3270 The package management system will break the version
3271 number apart at the last hyphen in the string (if there
3276 </p>
3277 </item>
3278 </taglist>
3279 </p>
3281 <p>
3288 parts are compared by the package management system using the
3289 following algorithm:
3290 </p>
3292 <p>
3293 The strings are compared from left to right.
3294 </p>
3296 <p>
3297 First the initial part of each string consisting entirely of
3298 non-digit characters is determined. These two parts (one of
3299 which may be empty) are compared lexically. If a difference
3300 is found it is returned. The lexical comparison is a
3301 comparison of ASCII values modified so that all the letters
3302 sort earlier than all the non-letters and so that a tilde
3303 sorts before anything, even the end of a part. For example,
3304 the following parts are in sorted order from earliest to
3310 </footnote>
3311 </p>
3313 <p>
3314 Then the initial part of the remainder of each string which
3315 consists entirely of digit characters is determined. The
3316 numerical values of these two parts are compared, and any
3317 difference found is returned as the result of the comparison.
3318 For these purposes an empty string (which can only occur at
3319 the end of one or both version strings being compared) counts
3320 as zero.
3321 </p>
3323 <p>
3324 These two steps (comparing and removing initial non-digit
3325 strings and initial digit strings) are repeated until a
3326 difference is found or both strings are exhausted.
3327 </p>
3329 <p>
3330 Note that the purpose of epochs is to allow us to leave behind
3331 mistakes in version numbering, and to cope with situations
3332 where the version numbering scheme changes. It is
3334 strings of letters which the package management system cannot
3336 silly orderings.<footnote>
3337 The author of this manual has heard of a package whose
3340 forth.
3341 </footnote>
3342 </p>
3343 </sect1>
3348 <p>
3350 field contains a description of the binary package, consisting
3351 of two parts, the synopsis or the short description, and the
3352 long description. It is a multiline field with the following
3353 format:
3354 </p>
3356 <p>
3357 <example>
3360 </example>
3361 </p>
3363 <p>
3364 The lines in the extended description can have these formats:
3365 </p>
3367 <p><list>
3369 <item>
3370 Those starting with a single space are part of a paragraph.
3371 Successive lines of this form will be word-wrapped when
3372 displayed. The leading space will usually be stripped off.
3373 The line must contain at least one non-whitespace character.
3374 </item>
3376 <item>
3377 Those starting with two or more spaces. These will be
3378 displayed verbatim. If the display cannot be panned
3379 horizontally, the displaying program will line wrap them "hard"
3380 (i.e., without taking account of word breaks). If it can they
3381 will be allowed to trail off to the right. None, one or two
3382 initial spaces may be deleted, but the number of spaces
3383 deleted from each line will be the same (so that you can have
3384 indenting work correctly, for example). The line must
3385 contain at least one non-whitespace character.
3386 </item>
3388 <item>
3389 Those containing a single space followed by a single full stop
3390 character. These are rendered as blank lines. This is the
3392 Completely empty lines will not be rendered as blank lines.
3393 Instead, they will cause the parser to think you're starting
3394 a whole new record in the control file, and will therefore
3395 likely abort with an error.
3396 </footnote>.
3397 </item>
3399 <item>
3400 Those containing a space, a full stop and some more characters.
3401 These are for future expansion. Do not use them.
3402 </item>
3404 </list></p>
3406 <p>
3407 Do not use tab characters. Their effect is not predictable.
3408 </p>
3410 <p>
3412 </p>
3414 <p>
3416 field contains a summary of the descriptions for the packages
3417 being uploaded. For this case, the first line of the field
3419 always empty. It is a multiline field, with one
3420 line per package. Each line is
3421 indented by one space and contains the name of a binary
3423 short description line from that package.
3424 </p>
3425 </sect1>
3430 <p>
3432 this contains the (space-separated) name(s) of the
3433 distribution(s) where this version of the package should
3434 be installed. Valid distributions are determined by the
3435 archive maintainers.<footnote>
3436 Example distribution names in the Debian archive used in
3440 <item>
3441 This distribution value refers to the
3443 tree. Most new packages, new upstream versions of
3445 directory tree.
3446 </item>
3449 <item>
3450 The packages with this distribution value are deemed
3451 by their maintainers to be high risk. Oftentimes they
3452 represent early beta or developmental packages from
3453 various sources that the maintainers want people to
3454 try, but are not ready to be a part of the other parts
3455 of the Debian distribution tree.
3456 </item>
3457 </taglist>
3459 <p>
3460 Others are used for updating stable releases or for
3461 security uploads. More information is available in the
3462 Debian Developer's Reference, section "The Debian
3463 archive".
3464 </p>
3465 </footnote>
3466 The Debian archive software only supports listing a single
3467 distribution. Migration of packages to other distributions is
3468 handled outside of the upload process.
3469 </p>
3470 </sect1>
3475 <p>
3476 This field includes the date the package was built or last
3479 </p>
3481 <p>
3482 The value of this field is usually extracted from the
3485 </p>
3486 </sect1>
3491 <p>
3493 files, this field declares the format version of that file.
3494 The syntax of the field value is the same as that of
3496 that no epoch or Debian revision is allowed. The format
3498 </p>
3500 <p>
3502 Debian source control</qref> files, this field declares the
3503 format of the source package. The field value is used by
3504 programs acting on a source package to interpret the list of
3505 files in the source package and determine how to unpack it.
3506 The syntax of the field value is a numeric major revision, a
3507 period, a numeric minor revision, and then an optional subtype
3508 after whitespace, which if specified is an alphanumeric word
3509 in parentheses. The subtype is optional in the syntax but may
3510 be mandatory for particular source format revisions.
3511 <footnote>
3512 The source formats currently supported by the Debian archive
3515 </footnote>
3516 </p>
3517 </sect1>
3522 <p>
3523 This is a description of how important it is to upgrade to
3524 this version from previous ones. It consists of a single
3528 Other urgency values are supported with configuration
3529 changes in the archive software but are not used in Debian.
3530 The urgency affects how quickly a package will be considered
3532 gives an indication of the importance of any fixes included
3534 treated as synonymous.
3535 </footnote> (not case-sensitive) followed by an optional
3536 commentary (separated by a space) which is usually in
3537 parentheses. For example:
3539 <example>
3540 Urgency: low (HIGH for users of diversions)
3541 </example>
3543 </p>
3545 <p>
3546 The value of this field is usually extracted from the
3549 </p>
3550 </sect1>
3555 <p>
3556 This multiline field contains the human-readable changes data, describing
3557 the differences between the last version and the current one.
3558 </p>
3560 <p>
3561 The first line of the field value (the part on the same line
3563 field is expressed as continuation lines, with each line
3564 indented by at least one space. Blank lines must be
3565 represented by a line consisting only of a space and a full
3567 </p>
3569 <p>
3570 The value of this field is usually extracted from the
3573 </p>
3575 <p>
3576 Each version's change information should be preceded by a
3577 "title" line giving at least the version, distribution(s)
3578 and urgency, in a human-readable way.
3579 </p>
3581 <p>
3582 If data from several versions is being returned the entry
3583 for the most recent version should be returned first, and
3584 entries should be separated by the representation of a
3585 blank line (the "title" line may also be followed by the
3586 representation of a blank line).
3587 </p>
3588 </sect1>
3593 <p>
3594 This folded field is a list of binary packages. Its syntax and
3595 meaning varies depending on the control file in which it
3596 appears.
3597 </p>
3599 <p>
3601 packages which a source package can produce, separated by
3602 commas<footnote>
3603 A space after each comma is conventional.
3604 </footnote>. The source package
3605 does not necessarily produce all of these binary packages for
3606 every architecture. The source control file doesn't contain
3607 details of which architectures are appropriate for which of
3608 the binary packages.
3609 </p>
3611 <p>
3613 names of the binary packages being uploaded, separated by
3614 whitespace (not commas).
3615 </p>
3616 </sect1>
3621 <p>
3622 This field appears in the control files of binary packages,
3624 of the total amount of disk space required to install the
3625 named package. Actual installed size may vary based on block
3626 size, file system properties, or actions taken by package
3627 maintainer scripts.
3628 </p>
3630 <p>
3631 The disk space is given as the integer value of the estimated
3632 installed size in bytes, divided by 1024 and rounded up.
3633 </p>
3634 </sect1>
3639 <p>
3640 This field contains a list of files with information about
3641 each one. The exact information and syntax varies with
3642 the context.
3643 </p>
3645 <p>
3646 In all cases, Files is a multiline field. The first line of
3648 is always empty. The content of the field is expressed as
3649 continuation lines, one line per file. Each line must be
3650 indented by one space and contain a number of sub-fields,
3651 separated by spaces, as described below.
3652 </p>
3654 <p>
3656 checksum, size and filename of the tar file and (if
3657 applicable) diff file which make up the remainder of the
3658 source package<footnote>
3660 </footnote>. For example:
3661 <example>
3662 Files:
3663 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
3665 </example>
3666 The exact forms of the filenames are described
3668 </p>
3670 <p>
3672 file being uploaded. Each line contains the MD5 checksum,
3673 size, section and priority and the filename. For example:
3674 <example>
3675 Files:
3677 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
3680 </example>
3683 the corresponding fields in the main source control file. If
3685 used, though section and priority values must be specified for
3686 new packages to be installed properly.
3687 </p>
3689 <p>
3692 is not an ordinary package file and must be installed by
3693 hand by the distribution maintainers. If the section is
3695 </p>
3697 <p>
3698 If a new Debian revision of a package is being shipped and
3699 no new original source archive is being distributed the
3701 entry for the original source archive
3704 this case the original source archive on the distribution
3705 site must match exactly, byte-for-byte, the original
3706 source archive which was used to generate the
3708 </sect1>
3713 <p>
3714 A space-separated list of bug report numbers that the upload
3715 governed by the .changes file closes.
3716 </p>
3717 </sect1>
3722 <p>
3723 The URL of the web site for this package, preferably (when
3724 applicable) the site from which the original source can be
3725 obtained and any additional upstream documentation or
3726 information may be found. The content of this field is a
3727 simple URL without any surrounding characters such as
3729 </p>
3730 </sect1>
3736 <p>
3737 These multiline fields contain a list of files with a checksum and size
3740 only in the checksum algorithm used: SHA-1
3743 </p>
3745 <p>
3747 multiline fields. The first line of the field value (the part
3750 of the field is expressed as continuation lines, one line per
3751 file. Each line consists of the checksum, a space, the file
3752 size, a space, and the file name. For example (from
3754 <example>
3755 Checksums-Sha1:
3757 a0ed1456fad61116f868b1855530dbe948e20f06 171602 example_1.0.orig.tar.gz
3760 Checksums-Sha256:
3762 0d123be7f51e61c4bf15e5c492b484054be7e90f3081608a5517007bfb1fd128 171602 example_1.0.orig.tar.gz
3763 f54ae966a5f580571ae7d9ef5e1df0bd42d63e27cb505b27957351a495bc6288 6137 example_1.0-1.debian.tar.gz
3765 </example>
3766 </p>
3768 <p>
3770 files that make up the source package. In
3772 files being uploaded. The list of files in these fields
3774 </p>
3775 </sect1>
3777 <sect1>
3780 <p>
3782 </p>
3783 </sect1>
3788 <p>
3789 Debian source packages are increasingly developed using VCSs. The
3790 purpose of the following fields is to indicate a publicly accessible
3791 repository where the Debian source package is developed.
3793 <taglist>
3795 <item>
3796 <p>
3797 URL of a web interface for browsing the repository.
3798 </p>
3799 </item>
3801 <tag>
3805 (Subversion)
3806 </tag>
3807 <item>
3808 <p>
3809 The field name identifies the VCS. The field's value uses the
3810 version control system's conventional syntax for describing
3811 repository locations and should be sufficient to locate the
3812 repository used for packaging. Ideally, it also locates the
3813 branch used for development of new versions of the Debian
3814 package.
3815 </p>
3816 <p>
3817 In the case of Git, the value consists of a URL, optionally
3819 the indicated repository, following the syntax of the
3821 packaging should be on the default branch.
3822 </p>
3823 <p>
3824 More than one different VCS may be specified for the same
3825 package.
3826 </p>
3827 </item>
3828 </taglist>
3829 </p>
3830 </sect1>
3835 <p>
3836 Multiline field listing all the packages that can be built from
3837 the source package, considering every architecture. The first line
3838 of the field value is empty. Each one of the next lines describes
3839 one binary package, by listing its name, type, section and priority
3840 separated by spaces. Fifth and subsequent space-separated items
3841 may be present and parsers must allow them. See the
3843 package types.
3844 </p>
3845 </sect1>
3850 <p>
3851 Simple field containing a word indicating the type of package:
3853 packages. Other types not defined here may be indicated. In
3856 this value is assumed for paragraphs lacking this field.
3857 </p>
3858 </sect1>
3863 <p>
3864 Folded field containing a single git commit hash, presented in
3865 full, followed optionally by whitespace and other data to be
3866 defined in future extensions.
3867 </p>
3869 <p>
3870 Declares that the source package corresponds exactly to a
3871 referenced commit in a Git repository available at the canonical
3873 bidirectional gateway between the Debian archive and Git. The
3874 commit is reachable from at least one reference whose name matches
3876 further details.
3877 </p>
3878 </sect1>
3879 </sect>
3881 <sect>
3884 <p>
3885 Additional user-defined fields may be added to the
3886 source package control file. Such fields will be
3887 ignored, and not copied to (for example) binary or
3888 Debian source control files or upload control files.
3889 </p>
3891 <p>
3892 If you wish to add additional unsupported fields to
3893 these output files you should use the mechanism
3894 described here.
3895 </p>
3897 <p>
3898 Fields in the main source control information file with
3901 be copied to the output files. Only the part of the
3902 field name after the hyphen will be used in the output
3904 will appear in binary package control files, where the
3908 </p>
3910 <p>
3911 For example, if the main source information control file
3912 contains the field
3913 <example>
3914 XBS-Comment: I stand between the candle and the star.
3915 </example>
3916 then the binary and Debian source control files will contain the
3917 field
3918 <example>
3919 Comment: I stand between the candle and the star.
3920 </example>
3921 </p>
3923 </sect>
3928 <p>
3929 The following fields have been obsoleted and may be found in packages
3930 conforming with previous versions of the Policy.
3931 </p>
3936 <p>
3937 Indicates that Debian Maintainers may upload this package to
3939 field was used to regulate uploads by Debian Maintainers, See the
3942 </p>
3943 </sect1>
3945 </sect>
3947 </chapt>
3953 <sect>
3956 <p>
3957 It is possible to supply scripts as part of a package which
3958 the package management system will run for you when your
3959 package is installed, upgraded or removed.
3960 </p>
3962 <p>
3963 These scripts are the control information
3966 if they are scripts (which is recommended), they must start with
3968 executable by anyone, and must not be world-writable.
3969 </p>
3971 <p>
3972 The package management system looks at the exit status from
3973 these scripts. It is important that they exit with a
3974 non-zero status if there is an error, so that the package
3975 management system can stop its processing. For shell
3978 scripts, in fact). It is also important, of course, that
3979 they exit with a zero status if everything went well.
3980 </p>
3982 <p>
3983 Additionally, packages interacting with users
3987 </p>
3989 <p>
3990 When a package is upgraded a combination of the scripts from
3991 the old and new packages is called during the upgrade
3992 procedure. If your scripts are going to be at all
3993 complicated you need to be aware of this, and may need to
3994 check the arguments to your scripts.
3995 </p>
3997 <p>
3999 (a particular version of) a package is unpacked, and the
4001 before (a version of) a package is removed and the
4003 </p>
4005 <p>
4006 Programs called from maintainer scripts should not normally
4007 have a path prepended to them. Before installation is
4008 started, the package management system checks to see if the
4012 other program that one would expect to be in the
4014 pathname. Maintainer scripts should also not reset the
4016 prepending or appending package-specific directories. These
4017 considerations really apply to all shell scripts.</p>
4018 </sect>
4023 <p>
4024 It is necessary for the error recovery procedures that the
4025 scripts be idempotent. This means that if it is run
4026 successfully, and then it is called again, it doesn't bomb
4027 out or cause any harm, but just ensures that everything is
4028 the way it ought to be. If the first call failed, or
4029 aborted half way through for some reason, the second call
4030 should merely do the things that were left undone the first
4031 time, if any, and exit with a success status if everything
4032 is OK.<footnote>
4033 This is so that if an error occurs, the user interrupts
4035 happens you don't leave the user with a badly-broken
4037 action.
4038 </footnote>
4039 </p>
4040 </sect>
4045 <p>
4046 Maintainer scripts are not guaranteed to run with a controlling
4047 terminal and may not be able to interact with the user. They
4048 must be able to fall back to noninteractive behavior if no
4049 controlling terminal is available. Maintainer scripts that
4050 prompt via a program conforming to the Debian Configuration
4052 assume that program will handle falling back to noninteractive
4053 behavior.
4054 </p>
4056 <p>
4057 For high-priority prompts without a reasonable default answer,
4058 maintainer scripts may abort if there is no controlling
4059 terminal. However, this situation should be avoided if at all
4060 possible, since it prevents automated or unattended installs.
4061 In most cases, users will consider this to be a bug in the
4062 package.
4063 </p>
4064 </sect>
4069 <p>
4070 Each script must return a zero exit status for
4071 success, or a nonzero one for failure, since the package
4072 management system looks for the exit status of these scripts
4073 and determines what action to take next based on that datum.
4074 </p>
4075 </sect>
4078 scripts are called
4079 </heading>
4081 <p>
4082 What follows is a summary of all the ways in which maintainer
4083 scripts may be called along with what facilities those scripts
4084 may rely on being available at that time. Script names preceded
4086 package being installed, upgraded to, or downgraded to. Script
4088 version of a package that is being upgraded from or downgraded
4089 from.
4090 </p>
4092 <p>
4094 ways:
4095 <taglist>
4101 <item>
4102 The package will not yet be unpacked, so
4104 included in its package. Only essential packages and
4106 available. Pre-dependencies will have been configured at
4109 state if a previous version of the pre-dependency was
4110 completely configured and has not been removed since then.
4111 </item>
4115 <item>
4116 Called during error handling of an upgrade that failed after
4117 unpacking the new package because the <tt>postrm
4118 upgrade</tt> action failed. The unpacked files may be
4119 partly from the new version or partly missing, so the script
4120 cannot rely on files included in the package. Package
4121 dependencies may not be available. Pre-dependencies will be
4122 at least "Unpacked" following the same rules as above, except
4123 they may be only "Half-Installed" if an upgrade of the
4124 pre-dependency failed.<footnote>
4125 This can happen if the new version of the package no
4126 longer pre-depends on a package that had been partially
4127 upgraded.
4128 </footnote>
4129 </item>
4130 </taglist>
4131 </p>
4133 <p>
4135 ways:
4136 <taglist>
4139 <item>
4140 The files contained in the package will be unpacked. All
4141 package dependencies will at least be "Unpacked". If there
4142 are no circular dependencies involved, all package
4143 dependencies will be configured. For behavior in the case
4144 of circular dependencies, see the discussion
4146 </item>
4159 <item>
4160 The files contained in the package will be unpacked. All
4161 package dependencies will at least be "Half-Installed" and
4162 will have previously been configured and not removed.
4163 However, dependencies may not be configured or even fully
4164 unpacked in some error situations.<footnote>
4165 For example, suppose packages foo and bar are "Installed"
4166 with foo depending on bar. If an upgrade of bar were
4167 started and then aborted, and then an attempt to remove
4170 bar only "Half-Installed".
4171 </footnote>
4173 for which its dependencies are required, since they will
4174 normally be available, but consider the correct error
4175 handling approach if those actions fail. Aborting
4177 from the package dependencies are not available is often the
4178 best approach.
4179 </item>
4180 </taglist>
4181 </p>
4183 <p>
4185 ways:
4186 <taglist>
4197 <item>
4199 at least "Half-Installed". All package dependencies will at
4200 least be "Half-Installed" and will have previously been
4201 configured and not removed. If there was no error, all
4202 dependencies will at least be "Unpacked", but these actions
4203 may be called in various error states where dependencies are
4204 only "Half-Installed" due to a partial upgrade.
4205 </item>
4209 <item>
4211 fails. The new package will not yet be unpacked, and all
4213 </item>
4214 </taglist>
4215 </p>
4217 <p>
4219 ways:
4220 <taglist>
4227 <item>
4229 files have been removed or replaced. The package
4231 previously been deconfigured and only be "Unpacked", at which
4232 point subsequent package changes do not consider its
4234 may only rely on essential packages and must gracefully skip
4235 any actions that require the package's dependencies if those
4236 dependencies are unavailable.<footnote>
4237 This is often done by checking whether the command or
4239 available before calling it. For example:
4240 <example>
4241 if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
4242 . /usr/share/debconf/confmodule
4243 db_purge
4244 fi
4245 </example>
4247 configuration for the package
4249 </footnote>
4250 </item>
4254 <item>
4256 The new package will be unpacked, but only essential
4257 packages and pre-dependencies can be relied on.
4258 Pre-dependencies will either be configured or will be
4260 configured and was never removed.
4261 </item>
4268 <item>
4269 Called before unpacking the new package as part of the
4272 </item>
4273 </taglist>
4274 </p>
4275 </sect>
4280 <p>
4281 The procedure on installation/upgrade/overwrite/disappear
4284 case, if a major error occurs (unless listed below) the
4285 actions are, in general, run backwards - this means that the
4286 maintainer scripts are run with different arguments in
4287 reverse order. These are the "error unwind" calls listed
4288 below.
4290 <enumlist>
4291 <item>
4292 <enumlist>
4293 <item>
4294 If a version of the package is already "Installed", call
4297 </example>
4298 </item>
4299 <item>
4300 If the script runs but exits with a non-zero
4304 </example>
4305 If this works, the upgrade continues. If this
4306 does not work, the error unwind:
4309 </example>
4310 If this works, then the old-version is
4311 "Installed", if not, the old version is in a
4312 "Half-Configured" state.
4313 </item>
4314 </enumlist>
4315 </item>
4317 <item>
4318 If a "conflicting" package is being removed at the same time,
4320 <enumlist>
4321 <item>
4323 specified, call, for each package to be deconfigured
4328 </example>
4329 Error unwind:
4333 </example>
4334 The deconfigured packages are marked as
4335 requiring configuration, so that if
4337 configured again if possible.
4338 </item>
4339 <item>
4340 If any packages depended on a conflicting
4342 specified, call, for each such package:
4347 </example>
4348 Error unwind:
4353 </example>
4354 The deconfigured packages are marked as
4355 requiring configuration, so that if
4357 configured again if possible.
4358 </item>
4359 <item>
4360 To prepare for removal of each conflicting package, call:
4364 </example>
4365 Error unwind:
4369 </example>
4370 </item>
4371 </enumlist>
4372 </item>
4374 <item>
4375 <enumlist>
4376 <item>
4377 If the package is being upgraded, call:
4380 </example>
4381 If this fails, we call:
4382 <example>
4384 </example>
4385 <enumlist>
4386 <item>
4387 <p>
4388 If that works, then
4389 <example>
4391 </example>
4392 is called. If this works, then the old version
4393 is in an "Installed" state, or else it is left
4394 in an "Unpacked" state.
4395 </p>
4396 </item>
4397 <item>
4398 <p>
4399 If it fails, then the old version is left
4400 in an "Half-Installed" state.
4401 </p>
4402 </item>
4403 </enumlist>
4405 </item>
4406 <item>
4407 Otherwise, if the package had some configuration
4408 files from a previous version installed (i.e., it
4409 is in the "Config-Files" state):
4412 </example>
4413 Error unwind:
4414 <example>
4416 </example>
4417 If this fails, the package is left in a
4418 "Half-Installed" state, which requires a
4419 reinstall. If it works, the packages is left in
4420 a "Config-Files" state.
4421 </item>
4422 <item>
4423 Otherwise (i.e., the package was completely purged):
4426 </example>
4427 Error unwind:
4430 </example>
4431 If the error-unwind fails, the package is in a
4432 "Half-Installed" phase, and requires a
4433 reinstall. If the error unwind works, the
4434 package is in the "Not-Installed" state.
4435 </item>
4436 </enumlist>
4437 </item>
4439 <item>
4440 <p>
4441 The new package's files are unpacked, overwriting any
4442 that may be on the system already, for example any
4443 from the old version of the same package or from
4444 another package. Backups of the old files are kept
4445 temporarily, and if anything goes wrong the package
4446 management system will attempt to put them back as
4447 part of the error unwind.
4448 </p>
4450 <p>
4451 It is an error for a package to contain files which
4452 are on the system in another package, unless
4454 <!--
4455 The following paragraph is not currently the case:
4456 Currently the <tt>- - force-overwrite</tt> flag is
4457 enabled, downgrading it to a warning, but this may not
4458 always be the case.
4459 -->
4460 </p>
4462 <p>
4463 It is a more serious error for a package to contain a
4464 plain file or other kind of non-directory where another
4465 package has a directory (again, unless
4467 overridden if desired using
4469 advisable.
4470 </p>
4472 <p>
4473 Packages which overwrite each other's files produce
4474 behavior which, though deterministic, is hard for the
4475 system administrator to understand. It can easily
4476 lead to "missing" programs if, for example, a package
4477 is unpacked which overwrites a file from another
4478 package, and is then removed again.<footnote>
4479 Part of the problem is due to what is arguably a
4481 </footnote>
4482 </p>
4484 <p>
4485 A directory will never be replaced by a symbolic link
4486 to a directory or vice versa; instead, the existing
4487 state (symlink or not) will be left alone and
4489 one.
4490 </p>
4491 </item>
4493 <item>
4494 <p>
4495 <enumlist>
4496 <item>
4497 If the package is being upgraded, call
4500 </example>
4501 </item>
4502 <item>
4506 </example>
4507 If this works, installation continues. If not,
4508 Error unwind:
4511 </example>
4512 If this fails, the old version is left in a
4513 "Half-Installed" state. If it works, dpkg now
4514 calls:
4517 </example>
4518 If this fails, the old version is left in a
4519 "Half-Installed" state. If it works, dpkg now
4520 calls:
4523 </example>
4524 If this fails, the old version is in an
4525 "Unpacked" state.
4526 </item>
4527 </enumlist>
4528 </p>
4530 <p>
4531 This is the point of no return - if
4533 past this point if an error occurs. This will
4534 leave the package in a fairly bad state, which
4535 will require a successful re-installation to clear
4537 things that are irreversible.
4538 </p>
4539 </item>
4541 <item>
4542 Any files which were in the old version of the package
4543 but not in the new are removed.
4544 </item>
4546 <item>
4547 The new file list replaces the old.
4548 </item>
4550 <item>
4551 The new maintainer scripts replace the old.
4552 </item>
4554 <item>
4555 Any packages all of whose files have been overwritten
4556 during the installation, and which aren't required for
4557 dependencies, are considered to have been removed.
4558 For each such package
4559 <enumlist>
4560 <item>
4565 </example>
4566 </item>
4567 <item>
4568 The package's maintainer scripts are removed.
4569 </item>
4570 <item>
4571 It is noted in the status database as being in a
4572 sane state, namely "Not-Installed" (any conffiles
4573 it may have are ignored, rather than being
4575 disappearing packages do not have their prerm
4577 in advance that the package is going to
4578 vanish.
4579 </item>
4580 </enumlist>
4581 </item>
4583 <item>
4584 Any files in the package we're unpacking that are also
4585 listed in the file lists of other packages are removed
4586 from those lists. (This will lobotomize the file list
4587 of the "conflicting" package if there is one.)
4588 </item>
4590 <item>
4591 The backup files made during installation, above, are
4592 deleted.
4593 </item>
4595 <item>
4596 <p>
4597 The new package's status is now sane, and recorded as
4598 "Unpacked".
4599 </p>
4601 <p>
4602 Here is another point of no return - if the
4603 conflicting package's removal fails we do not unwind
4604 the rest of the installation; the conflicting package
4605 is left in a half-removed limbo.
4606 </p>
4607 </item>
4609 <item>
4610 If there was a conflicting package we go and do the
4611 removal actions (described below), starting with the
4612 removal of the conflicting package's files (any that
4613 are also in the package being unpacked have already
4614 been removed from the conflicting package's file list,
4615 and so do not get removed now).
4616 </item>
4617 </enumlist>
4618 </p>
4619 </sect>
4623 <p>
4624 When we configure a package (this happens with <tt>dpkg
4629 </example>
4630 </p>
4632 <p>
4633 No attempt is made to unwind after errors during
4634 configuration. If the configuration fails, the package is in
4635 a "Half-Configured" state, and an error message is generated.
4636 </p>
4638 <p>
4639 If there is no most recently configured version
4641 <footnote>
4642 <p>
4643 Historical note: Truly ancient (pre-1997) versions of
4645 (including the angle brackets) in this case. Even older
4646 ones did not pass a second argument at all, under any
4647 circumstance. Note that upgrades using such an old dpkg
4648 version are unlikely to work for other reasons, even if
4649 this old argument behavior is handled by your postinst script.
4650 </p>
4651 </footnote>
4652 </p>
4653 </sect>
4656 configuration purging</heading>
4658 <p>
4659 <enumlist>
4660 <item>
4661 <p>
4664 </example>
4665 </p>
4666 <p>
4667 If prerm fails during replacement due to conflict
4668 <example>
4671 </example>
4672 Or else we call:
4673 <example>
4675 </example>
4676 </p>
4677 <p>
4678 If this fails, the package is in a "Half-Configured"
4679 state, or else it remains "Installed".
4680 </p>
4681 </item>
4682 <item>
4684 </item>
4685 <item>
4688 </example>
4690 <p>
4691 If it fails, there's no error unwind, and the package is in
4692 an "Half-Installed" state.
4693 </p>
4694 </item>
4695 <item>
4696 <p>
4698 are removed.
4699 </p>
4701 <p>
4702 If we aren't purging the package we stop here. Note
4705 removed, as there is no difference except for the
4707 </p>
4708 </item>
4709 <item>
4713 are removed.
4714 </item>
4715 <item>
4716 <p>
4719 </example>
4720 </p>
4721 <p>
4722 If this fails, the package remains in a "Config-Files"
4723 state.
4724 </p>
4725 </item>
4726 <item>
4727 The package's file list is removed.
4728 </item>
4729 </enumlist>
4731 </p>
4732 </sect>
4733 </chapt>
4742 <p>
4743 These fields all have a uniform syntax. They are a list of
4744 package names separated by commas.
4745 </p>
4747 <p>
4751 control fields of the package, which declare
4752 dependencies on other packages, the package names listed may
4753 also include lists of alternative package names, separated
4755 that part of the dependency can be satisfied by any one of
4756 the alternative packages.
4757 </p>
4759 <p>
4761 their applicability to particular versions of each named
4762 package. This is done in parentheses after each individual
4763 package name; the parentheses should contain a relation from
4764 the list below followed by a version number, in the format
4766 </p>
4768 <p>
4771 earlier, earlier or equal, exactly equal, later or equal and
4772 strictly later, respectively. The deprecated
4774 mean earlier/later or equal, rather than strictly earlier/later,
4776 still supports them with a warning).
4777 </p>
4779 <p>
4780 Whitespace may appear at any point in the version
4781 specification subject to the rules in <ref
4783 disambiguate; it is not otherwise significant. All of the
4784 relationship fields can only be folded in source package control files. For
4785 consistency and in case of future changes to
4787 used after a version relationship and before a version
4788 number; it is also conventional to put a single space after
4789 each comma, on either side of each vertical bar, and before
4790 each open parenthesis. When opening a continuation line in a relationship field, it
4791 is conventional to do so after a comma and before the space
4792 following that comma.
4793 </p>
4795 <p>
4796 For example, a list of dependencies might appear as:
4798 Package: mutt
4801 </example>
4802 </p>
4804 <p>
4805 Relationships may be restricted to a certain set of
4806 architectures. This is indicated in brackets after each
4807 individual package name and the optional version specification.
4808 The brackets enclose a non-empty list of Debian architecture names
4810 separated by whitespace. Exclamation marks may be prepended to
4811 each of the names. (It is not permitted for some names to be
4812 prepended with exclamation marks while others aren't.)
4813 </p>
4815 <p>
4816 For build relationship fields
4819 the current Debian host architecture is not in this list and
4820 there are no exclamation marks in the list, or it is in the list
4821 with a prepended exclamation mark, the package name and the
4822 associated version specification are ignored completely for the
4823 purposes of defining the relationships.
4824 </p>
4826 <p>
4827 For example:
4829 Source: glibc
4830 Build-Depends-Indep: texinfo
4831 Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
4832 hurd-dev [hurd-i386], gnumach-dev [hurd-i386]
4833 </example>
4837 showing multiple architectures separated by spaces:
4839 Build-Depends:
4840 libluajit5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc mips],
4841 liblua5.1-dev [hurd-i386 ia64 kfreebsd-amd64 s390x sparc],
4842 </example>
4843 </p>
4845 <p>
4847 field, the architecture restriction
4848 syntax is only supported in the source package control
4850 package control file is generated, the relationship will either
4851 be omitted or included without the architecture restriction
4852 based on the architecture of the binary package. This means
4853 that architecture restrictions must not be used in binary
4854 relationship fields for architecture-independent packages
4856 </p>
4858 <p>
4859 For example:
4861 Depends: foo [i386], bar [amd64]
4862 </example>
4866 entirely in binary packages built on all other architectures.
4867 </p>
4869 <p>
4870 If the architecture-restricted dependency is part of a set of
4872 completely on architectures that do not match the restriction.
4873 For example:
4875 Build-Depends: foo [!i386] | bar [!amd64]
4876 </example>
4879 bar</tt> on all other architectures.
4880 </p>
4882 <p>
4883 Relationships may also be restricted to a certain set of
4884 architectures using architecture wildcards in the format
4886 declaring such restrictions is the same as declaring
4887 restrictions using a certain set of architectures without
4888 architecture wildcards. For example:
4890 Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
4891 </example>
4895 using a kernel other than Linux.
4896 </p>
4898 <p>
4899 Note that the binary package relationship fields such as
4901 sections of the control file, whereas the build-time
4903 source package section of the control file (which is the
4904 first section).
4905 </p>
4906 </sect>
4912 </heading>
4914 <p>
4915 Packages can declare in their control file that they have
4916 certain relationships to other packages - for example, that
4917 they may not be installed at the same time as certain other
4918 packages, and/or that they depend on the presence of others.
4919 </p>
4921 <p>
4927 rest are described below.
4928 </p>
4930 <p>
4931 These seven fields are used to declare a dependency
4932 relationship by one package on another. Except for
4934 depending (binary) package's control file.
4937 depended-on package which causes the named package to
4938 break).
4939 </p>
4941 <p>
4943 package is to be configured. It does not prevent a package
4944 being on the system in an unconfigured state while its
4945 dependencies are unsatisfied, and it is possible to replace
4946 a package whose dependencies are satisfied and which is
4947 properly installed with a different version whose
4948 dependencies are not and cannot be satisfied; when this is
4949 done the depending package will be left unconfigured (since
4950 attempts to configure it will give errors) and will not
4951 function properly. If it is necessary, a
4953 effect even when a package is being unpacked, as explained
4954 in detail below. (The other three dependency fields,
4959 </p>
4961 <p>
4963 which packages are configured, packages in an installation run
4964 are usually all unpacked first and all configured later.
4965 <footnote>
4966 This approach makes dependency resolution easier. If two
4967 packages A and B are being upgraded, the installed package A
4968 depends on exactly the installed package B, and the new
4969 package A depends on exactly the new package B (a common
4970 situation when upgrading shared libraries and their
4971 corresponding development packages), satisfying the
4972 dependencies at every stage of the upgrade would be
4973 impossible. This relaxed restriction means that both new
4974 packages can be unpacked together and then configured in their
4975 dependency order.
4976 </footnote>
4977 </p>
4979 <p>
4980 If there is a circular dependency among packages being installed
4981 or removed, installation or removal order honoring the
4982 dependency order is impossible, requiring the dependency loop be
4983 broken at some point and the dependency requirements violated
4984 for at least one package. Packages involved in circular
4985 dependencies may not be able to rely on their dependencies being
4986 configured before they themselves are configured, depending on
4987 which side of the break of the circular dependency loop they
4988 happen to be on. If one of the packages in the loop has
4991 scripts are run with their dependencies properly configured if
4992 this is possible. Otherwise the breaking point is arbitrary.
4993 Packages should therefore avoid circular dependencies where
4995 scripts.
4996 </p>
4998 <p>
4999 The meaning of the five dependency fields is as follows:
5000 <taglist>
5002 <item>
5003 <p>
5004 This declares an absolute dependency. A package will
5005 not be configured unless all of the packages listed in
5007 configured (unless there is a circular dependency as
5008 described above).
5009 </p>
5011 <p>
5013 depended-on package is required for the depending
5014 package to provide a significant amount of
5015 functionality.
5016 </p>
5018 <p>
5021 require the depended-on package to be unpacked or
5022 configured in order to run. In the case of <tt>postinst
5023 configure</tt>, the depended-on packages will be unpacked
5024 and configured first. (If both packages are involved in a
5025 dependency loop, this might not work as expected; see the
5026 explanation a few paragraphs back.) In the case
5028 actions, the package dependencies will normally be at
5029 least unpacked, but they may be only "Half-Installed" if a
5030 previous upgrade of the dependency failed.
5031 </p>
5033 <p>
5036 script to fully clean up after the package removal. There
5037 is no guarantee that package dependencies will be
5039 depended-on package is more likely to be available if the
5040 package declares a dependency (particularly in the case
5042 script must gracefully skip actions that require a
5043 dependency if that dependency isn't available.
5044 </p>
5045 </item>
5048 <item>
5049 <p>
5050 This declares a strong, but not absolute, dependency.
5051 </p>
5053 <p>
5055 that would be found together with this one in all but
5056 unusual installations.
5057 </p>
5058 </item>
5061 <item>
5062 This is used to declare that one package may be more
5063 useful with one or more others. Using this field
5064 tells the packaging system and the user that the
5065 listed packages are related to this one and can
5066 perhaps enhance its usefulness, but that installing
5067 this one without them is perfectly reasonable.
5068 </item>
5071 <item>
5072 This field is similar to Suggests but works in the
5073 opposite direction. It is used to declare that a
5074 package can enhance the functionality of another
5075 package.
5076 </item>
5079 <item>
5080 <p>
5083 of the packages named before even starting the
5084 installation of the package which declares the
5085 pre-dependency, as follows:
5086 </p>
5088 <p>
5089 When a package declaring a pre-dependency is about to
5091 satisfied if the depended-on package is either fully
5094 state, provided that they have been configured
5095 correctly at some point in the past (and not removed
5096 or partially removed since). In this case, both the
5097 previously-configured and currently "Unpacked" or
5098 "Half-Configured" versions must satisfy any version
5100 </p>
5102 <p>
5103 When the package declaring a pre-dependency is about to
5106 satisfied only if the depended-on package has been
5107 correctly configured. However, unlike
5109 permit circular dependencies to be broken. If a circular
5110 dependency is encountered while attempting to honor
5112 </p>
5114 <p>
5117 It is best to avoid this situation if possible.
5118 </p>
5120 <p>
5122 preferably only by packages whose premature upgrade or
5123 installation would hamper the ability of the system to
5124 continue with any upgrade that might be in progress.
5125 </p>
5127 <p>
5129 package before this has been discussed on the
5132 </p>
5133 </item>
5134 </taglist>
5135 </p>
5137 <p>
5138 When selecting which level of dependency to use you should
5139 consider how important the depended-on package is to the
5140 functionality of the one declaring the dependency. Some
5141 packages are composed of components of varying degrees of
5142 importance. Such a package should list using
5144 more important components. The other components'
5145 requirements may be mentioned as Suggestions or
5146 Recommendations, as appropriate to the components' relative
5147 importance.
5148 </p>
5149 </sect>
5154 <p>
5155 When one binary package declares that it breaks another,
5158 package is deconfigured first, and it will refuse to
5159 allow the broken package to be reconfigured.
5160 </p>
5162 <p>
5163 A package will not be regarded as causing breakage merely
5164 because its configuration files are still installed; it must
5165 be at least "Half-Installed".
5166 </p>
5168 <p>
5169 A special exception is made for packages which declare that
5170 they break their own package name or a virtual package which
5171 they provide (see below): this does not count as a real
5172 breakage.
5173 </p>
5175 <p>
5178 version of an (implicit or explicit) dependency which violates
5179 an assumption or reveals a bug in earlier versions of the broken
5180 package, or which takes over a file from earlier versions of the
5182 will inform higher-level package management tools that the
5183 broken package must be upgraded before the new one.
5184 </p>
5186 <p>
5187 If the breaking package also overwrites some files from the
5190 of taking over files from other packages, including how to
5192 </p>
5194 <p>
5200 differences.
5201 </p>
5202 </sect>
5207 <p>
5208 When one binary package declares a conflict with another using
5210 allow them to be unpacked on the system at the same time. This
5212 the broken package from being configured while the breaking
5213 package is in the "Unpacked" state but allows both packages to
5214 be unpacked at the same time.
5215 </p>
5217 <p>
5218 If one package is to be unpacked, the other must be removed
5219 first. If the package being unpacked is marked as replacing
5221 normally be used in this case) the one on the system, or the one
5222 on the system is marked as deselected, or both packages are
5224 automatically remove the package which is causing the conflict.
5225 Otherwise, it will halt the installation of the new package with
5226 an error. This mechanism is specifically designed to produce an
5228 new package is not.
5229 </p>
5231 <p>
5232 A package will not cause a conflict merely because its
5233 configuration files are still installed; it must be at least
5234 "Half-Installed".
5235 </p>
5237 <p>
5238 A special exception is made for packages which declare a
5239 conflict with their own package name, or with a virtual
5240 package which they provide (see below): this does not
5241 prevent their installation, and allows a package to conflict
5242 with others providing a replacement for it. You use this
5243 feature when you want the package in question to be the only
5244 package providing some feature.
5245 </p>
5247 <p>
5250 stronger restriction on the ordering of package installation or
5251 upgrade and can make it more difficult for the package manager
5252 to find a correct solution to an upgrade or installation
5254 <list>
5255 <item>when moving a file from one package to another (see
5257 <item>when splitting a package (a special case of the previous
5258 one), or</item>
5259 <item>when the breaking package exposes a bug in or interacts
5260 badly with particular versions of the broken
5261 package.</item>
5262 </list>
5264 <list>
5265 <item>when two packages provide the same file and will
5266 continue to do so,</item>
5268 package providing a given virtual facility may be unpacked
5270 <item>in other cases where one must prevent simultaneous
5271 installation of two packages for reasons that are ongoing
5272 (not fixed in a later version of one of the packages) or
5273 that must prevent both packages from being unpacked at the
5274 same time, not just configured.</item>
5275 </list>
5277 solution when two packages provide the same files. Depending on
5278 the reason for that conflict, using alternatives or renaming the
5279 files is often a better approach. See, for
5281 </p>
5283 <p>
5285 unless two packages cannot be installed at the same time or
5286 installing them both causes one of them to be broken or
5287 unusable. Having similar functionality or performing the same
5288 tasks as another package is not sufficient reason to
5290 </p>
5292 <p>
5294 clause if the reason for the conflict is corrected in a later
5295 version of one of the packages. However, normally the presence
5296 of an "earlier than" version clause is a sign
5300 package which declares such a conflict until the upgrade or
5301 removal of the conflicted-with package has been completed, which
5302 is a strong restriction.
5303 </p>
5304 </sect>
5307 </heading>
5309 <p>
5310 As well as the names of actual ("concrete") packages, the
5316 may mention "virtual packages".
5317 </p>
5319 <p>
5322 is as if the package(s) which provide a particular virtual
5323 package name had been listed by name everywhere the virtual
5325 </p>
5327 <p>
5328 If there are both concrete and virtual packages of the same
5329 name, then the dependency may be satisfied (or the conflict
5330 caused) by either the concrete package with the name in
5331 question or any other concrete package which provides the
5332 virtual package with the name in question. This is so that,
5333 for example, supposing we have
5335 Package: foo
5336 Depends: bar
5337 </example> and someone else releases an enhanced version of
5340 Package: bar-plus
5341 Provides: bar
5342 </example>
5345 </p>
5347 <p>
5348 If a relationship field has a version number attached, only real
5349 packages will be considered to see whether the relationship is
5350 satisfied (or the prohibition violated, for a conflict or
5351 breakage). In other words, if a version number is specified,
5353 package name and consider only real packages. The package
5354 manager will assume that a package providing that virtual
5356 field may not contain version numbers, and the version number of
5357 the concrete package which provides a particular virtual package
5358 will not be considered when considering a dependency on or
5359 conflict with the virtual package name.<footnote>
5361 add the ability to specify a version number for each virtual
5362 package it provides. This feature is not yet present,
5363 however, and is expected to be used only infrequently.
5364 </footnote>
5365 </p>
5367 <p>
5368 To specify which of a set of real packages should be the default
5369 to satisfy a particular dependency on a virtual package, list
5370 the real package as an alternative before the virtual one.
5371 </p>
5373 <p>
5374 If the virtual package represents a facility that can only be
5375 provided by one real package at a time, such as
5377 requires installation of a binary that would conflict with all
5378 other providers of that virtual package (see
5380 virtual package should also declare a conflict with it
5382 provider of that virtual package is unpacked or installed at a
5383 time.
5384 </p>
5385 </sect>
5390 <p>
5391 Packages can declare in their control file that they should
5392 overwrite files in certain other packages, or completely replace
5394 two distinct purposes.
5395 </p>
5399 <p>
5400 It is usually an error for a package to contain files which
5401 are on the system in another package. However, if the
5404 will replace the file from the old package with that from the
5405 new. The file will no longer be listed as "owned" by the old
5406 package and will be taken over by the new package.
5414 be installed and take over that file. However,
5417 version that knows it does not include that file and instead
5420 being installed and then removed, removing the file that it
5422 operation, the package manager would think the system was in
5424 would be missing one of its files.
5425 </footnote>
5426 </p>
5428 <p>
5432 have the fields
5436 </example>
5437 in its control file. The new version of the
5441 </example>
5444 required for normal operation).
5445 </p>
5447 <p>
5448 If a package is completely replaced in this way, so that
5450 contains, it is considered to have "disappeared". It will
5451 be marked as not wanted on the system (selected for
5453 details noted for the package will be ignored, as they
5454 will have been taken over by the overwriting package. The
5456 special argument to allow the package to do any final
5458 <footnote>
5459 Replaces is a one way relationship. You have to install
5460 the replacing package after the replaced package.
5461 </footnote>
5462 </p>
5464 <p>
5468 replaced must be mentioned by their real names.
5469 </p>
5471 <p>
5473 packages are at least partially on the system at once. It is
5474 not relevant if the packages conflict unless the conflict has
5475 been overridden.
5476 </p>
5477 </sect1>
5479 <sect1><heading>Replacing whole packages, forcing their
5480 removal</heading>
5482 <p>
5484 resolve which package should be removed when there is a
5487 two usages of this field do not interfere with each other.
5488 </p>
5490 <p>
5491 In this situation, the package declared as being replaced
5492 can be a virtual package, so for example, all mail
5493 transport agents (MTAs) would have the following fields in
5494 their control files:
5496 Provides: mail-transport-agent
5497 Conflicts: mail-transport-agent
5498 Replaces: mail-transport-agent
5499 </example>
5500 ensuring that only one MTA can be unpacked at any one
5502 example.
5503 </sect1>
5504 </sect>
5507 <heading>Relationships between source and binary packages -
5510 </heading>
5512 <p>
5513 Source packages that require certain binary packages to be
5514 installed or absent at the time of building the package
5515 can declare relationships to those binary packages.
5516 </p>
5518 <p>
5522 </p>
5524 <p>
5525 Build-dependencies on "build-essential" binary packages can be
5527 </p>
5529 <p>
5530 The dependencies and conflicts they define must be satisfied
5531 (as defined earlier for binary packages) in order to invoke
5533 <p>
5534 There is no Build-Depends-Arch; this role is essentially
5535 met with Build-Depends. Anyone building the
5537 assumed to be building the whole package, and therefore
5538 installation of all build dependencies is required.
5539 </p>
5540 <p>
5543 not yet know how to check for its existence, and
5547 wouldn't need to install extra packages needed only for the
5548 binary-indep targets. But without a build-arch/build-indep
5549 split, this didn't work, since most of the work is done in
5550 the build target, not in the binary target.
5551 </p>
5552 </footnote>
5553 <taglist>
5556 <item>
5558 fields must be satisfied when these targets are invoked.
5559 </item>
5562 <item>
5566 these targets are invoked.
5567 </item>
5568 </taglist>
5569 </p>
5570 </sect>
5573 <heading>Additional source packages used to build the binary
5575 </heading>
5577 <p>
5578 Some binary packages incorporate parts of other packages when built
5579 but do not have to depend on those packages. Examples include
5580 linking with static libraries or incorporating source code from
5581 another package during the build. In this case, the source packages
5582 of those other packages are a required part of the complete source
5583 (the binary package is not reproducible without them).
5584 </p>
5586 <p>
5588 package for any such binary package incorporated during the build
5589 <footnote>
5591 it (rightfully) does not document the exact version used in the
5592 build.
5593 </footnote>,
5595 that was used to build that binary package<footnote>
5596 The archive software might reject packages that refer to
5597 non-existent sources.
5598 </footnote>.
5599 </p>
5601 <p>
5602 A package using the source code from the gcc-4.6-source
5603 binary package built from the gcc-4.6 source package would
5604 have this field in its control file:
5607 </example>
5608 </p>
5610 <p>
5611 A package including binaries from grub2 and loadlin would
5612 have this field in its control file:
5615 </example>
5616 </p>
5617 </sect>
5618 </chapt>
5623 <p>
5624 Packages containing shared libraries must be constructed with
5625 a little care to make sure that the shared library is always
5626 available. This is especially important for packages whose
5627 shared libraries are vitally important, such as the C library
5629 </p>
5631 <p>
5632 This section deals only with public shared libraries: shared
5633 libraries that are placed in directories searched by the dynamic
5634 linker by default or which are intended to be linked against
5635 normally and possibly used by other, independent packages. Shared
5636 libraries that are internal to a particular package or that are
5637 only loaded as dynamic modules are not covered by this section and
5638 are not subject to its requirements.
5639 </p>
5641 <p>
5643 stored in its dynamic section. When a binary is linked against a
5646 dynamic linker knows that library must be loaded at runtime. The
5647 shared library file's full name (which usually contains additional
5649 therefore normally not referenced directly. Instead, the shared
5651 system as a symlink pointing to the full name of the shared
5652 library. This symlink must be provided by the
5654 <footnote>
5655 This is a convention of shared library versioning, but not a
5657 library file name instead and therefore do not need a symlink.
5658 Most, however, encode additional information about
5659 backwards-compatible revisions as a minor version number in the
5661 binaries linked with the earlier version of the shared library
5662 may no longer work, but the filename may change with each
5664 more information.
5665 </footnote>
5666 </p>
5668 <p>
5669 When linking a binary or another shared library against a shared
5671 known. Instead, the shared library is found by looking for a file
5673 exists on the file system as a symlink pointing to the shared
5674 library.
5675 </p>
5677 <p>
5678 Shared libraries are normally split into several binary packages.
5681 the development package since it's only used when linking binaries
5682 or shared libraries. However, there are some exceptions for
5683 unusual shared libraries or for shared libraries that are also
5684 loaded as dynamic modules by other programs.
5685 </p>
5687 <p>
5688 This section is primarily concerned with how the separation of
5689 shared libraries into multiple packages should be done and how
5690 dependencies on and between shared library binary packages are
5692 conjunction with this section and contains additional rules for
5693 the files contained in the shared library packages.
5694 </p>
5699 <p>
5700 The run-time shared library must be placed in a package
5702 library changes. This allows several versions of the shared
5703 library to be installed at the same time, allowing installation
5704 of the new version of the shared library without immediately
5705 breaking binaries that depend on the old version. Normally, the
5707 be placed in a package named
5714 should use
5716 instead.
5717 </p>
5719 <p>
5730 </p>
5732 <p>
5733 If you have several shared libraries built from the same source
5734 tree, you may lump them all together into a single shared
5736 always change together. Be aware that this is not normally the
5738 upgrading such a merged shared library package will be
5739 unnecessarily difficult because of file conflicts with the old
5740 version of the package. When in doubt, always split shared
5741 library packages so that each binary package installs a single
5742 shared library.
5743 </p>
5745 <p>
5746 Every time the shared library ABI changes in a way that may
5747 break binaries linked against older versions of the shared
5749 corresponding name for the binary package containing the runtime
5750 shared library should change. Normally, this means
5752 removed from the shared library or the signature of an interface
5753 (the number of parameters or the types of parameters that it
5754 takes, for example) is changed. This practice is vital to
5755 allowing clean upgrades from older versions of the package and
5756 clean transitions between the old ABI and new ABI without having
5757 to upgrade every affected package simultaneously.
5758 </p>
5760 <p>
5762 normally should not, change if new interfaces are added but none
5763 are removed or changed, since this will not break binaries
5764 linked against the old shared library. Correct versioning of
5765 dependencies on the newer shared library by binaries that use
5766 the new interfaces is handled via
5769 </p>
5771 <p>
5772 The package should install the shared libraries under
5778 of renaming things safely without affecting running programs,
5779 and attempts to interfere with this are likely to lead to
5780 problems.
5781 </p>
5783 <p>
5784 Shared libraries should not be installed executable, since
5785 the dynamic linker does not require this and trying to
5786 execute a shared library usually results in a core dump.
5787 </p>
5789 <p>
5790 The run-time library package should include the symbolic link for
5792 the shared libraries. For example,
5800 script.<footnote>
5801 The package management system requires the library to be
5802 placed before the symbolic link pointing to it in the
5805 (overwriting the previous symlink pointing at an older
5806 version of the library), the new shared library is already
5807 in place. In the past, this was achieved by creating the
5808 library in the temporary packaging directory before
5809 creating the symlink. Unfortunately, this was not always
5810 effective, since the building of the tar file in the
5812 file system. Some file systems (such as reiserfs) reorder
5813 the files so that the order of creation is forgotten.
5815 reorders the files itself as necessary when building a
5816 package. Thus it is no longer important to concern
5817 oneself with the order of file creation.
5818 </footnote>
5819 </p>
5824 <p>
5825 Any package installing shared libraries in one of the default
5826 library directories of the dynamic linker (which are currently
5831 matching the multiarch triplet for the system architecture.
5832 </footnote>
5834 system.
5835 </p>
5837 <p>
5838 The package maintainer scripts must only call
5845 </item>
5849 </item>
5850 </list>
5851 <footnote>
5852 <p>
5853 During install or upgrade, the preinst is called before
5854 the new files are unpacked, so calling "ldconfig" is
5855 pointless. The preinst of an existing package can also be
5856 called if an upgrade fails. However, this happens during
5857 the critical time when a shared libs may exist on-disk
5858 under a temporary name. Thus, it is dangerous and
5859 forbidden by current policy to call "ldconfig" at this
5860 time.
5861 </p>
5863 <p>
5864 When a package is installed or upgraded, "postinst
5865 configure" runs after the new files are safely on-disk.
5866 Since it is perfectly safe to invoke ldconfig
5867 unconditionally in a postinst, it is OK for a package to
5868 simply put ldconfig in its postinst without checking the
5869 argument. The postinst can also be called to recover from
5870 a failed upgrade. This happens before any new files are
5871 unpacked, so there is no reason to call "ldconfig" at this
5872 point.
5873 </p>
5875 <p>
5876 For a package that is being removed, prerm is
5877 called with all the files intact, so calling ldconfig is
5878 useless. The other calls to "prerm" happen in the case of
5879 upgrade at a time when all the files of the old package
5880 are on-disk, so again calling "ldconfig" is pointless.
5881 </p>
5883 <p>
5884 postrm, on the other hand, is called with the "remove"
5885 argument just after the files are removed, so this is
5886 the proper time to call "ldconfig" to notify the system
5887 of the fact that the shared libraries from the package
5888 are removed. The postrm can be called at several other
5891 "ldconfig" is useless because the shared lib files are
5892 not on-disk. However, when "postrm" is invoked with
5894 shared lib may exist on-disk under a temporary filename.
5895 </p>
5896 </footnote>
5897 </p>
5898 </sect1>
5900 </sect>
5905 <p>
5906 If your package contains files whose names do not change with
5907 each change in the library shared object version, you must not
5908 put them in the shared library package. Otherwise, several
5909 versions of the shared library cannot be installed at the same
5910 time without filename clashes, making upgrades and transitions
5911 unnecessarily difficult.
5912 </p>
5914 <p>
5915 It is recommended that supporting files and run-time support
5916 programs that do not need to be invoked manually by users, but
5917 are nevertheless required for the package to function, be placed
5920 If the program or file is architecture independent, the
5921 recommendation is for it to be placed in a subdirectory of
5925 names change when the shared object version changes.
5926 </p>
5928 <p>
5929 Run-time support programs that use the shared library but are
5930 not required for the library to function or files used by the
5931 shared library that can be used by any version of the shared
5932 library package should instead be put in a separate package.
5933 This package might typically be named
5936 </p>
5938 <p>
5939 Files and support programs only useful when compiling software
5940 against the library should be included in the development
5941 package for the library.<footnote>
5944 </footnote>
5945 </p>
5946 </sect>
5951 <p>
5953 is usually provided in addition to the shared version.
5954 It is placed into the development package (see below).
5955 </p>
5957 <p>
5958 In some cases, it is acceptable for a library to be
5959 available in static form only; these cases include:
5960 <list>
5961 <item>libraries for languages whose shared library support
5962 is immature or unstable</item>
5963 <item>libraries whose interfaces are in flux or under
5964 development (commonly the case when the library's
5965 major version number is zero, or where the ABI breaks
5966 across patchlevels)</item>
5967 <item>libraries which are explicitly intended to be
5968 available only in static form by their upstream
5969 author(s)</item>
5970 </list>
5971 </p>
5976 <p>
5977 If there are development files associated with a shared library,
5978 the source package needs to generate a binary development package
5980 or if you prefer only to support one development version at a
5982 the development package must result in installation of all the
5983 development files necessary for compiling programs against that
5984 shared library.<footnote>
5985 This wording allows the development files to be split into
5986 several packages, such as a separate architecture-independent
5988 the development package depends on all the required additional
5989 packages.
5990 </footnote>
5991 </p>
5993 <p>
5994 In case several development versions of a library exist, you may
5997 development version at a time (as different development versions are
5998 likely to have the same header files in them, which would cause a
5999 filename clash if both were unpacked).
6000 </p>
6002 <p>
6003 The development package should contain a symlink for the associated
6004 shared library without a version number. For example, the
6010 </p>
6012 <p>
6013 If the package provides Ada Library Information
6015 installed read-only (mode 0444) so that GNAT will not attempt to
6016 recompile them. This overrides the normal file mode requirements
6018 </p>
6019 </sect>
6024 <p>
6025 Typically the development version should have an exact
6026 version dependency on the runtime library, to make sure that
6027 compilation and linking happens correctly. The
6029 useful for this purpose.
6030 <footnote>
6032 was confusing and it has been deprecated since dpkg 1.13.19.
6033 </footnote>
6034 </p>
6035 </sect>
6038 <heading>Dependencies between the library and other
6039 packages</heading>
6041 <p>
6042 If a package contains a binary or library which links to a
6043 shared library, we must ensure that, when the package is
6044 installed on the system, all of the libraries needed are also
6045 installed. These dependencies must be added to the binary
6046 package when it is built, since they may change based on which
6047 version of a shared library the binary or library was linked
6048 with even if there are no changes to the source of the binary
6049 (for example, symbol versions change, macros become functions or
6050 vice versa, or the binary package may determine at compile-time
6051 whether new library interfaces are available and can be called).
6052 To allow these dependencies to be constructed, shared libraries
6055 package dependencies required to ensure the presence of
6056 interfaces provided by this library. Any package with binaries
6057 or libraries linking to a shared library must use these files to
6058 determine the required dependencies when it is built. Other
6059 packages which use a shared library (for example using
6061 using these files at build time as well.
6062 </p>
6064 <p>
6065 The two mechanisms differ in the degree of detail that they
6067 exported by a library, the minimal version of the package any
6068 binary using this symbol will need. This is typically the
6069 version of the package in which the symbol was introduced. This
6070 information permits detailed analysis of the symbols used by a
6071 particular package and construction of an accurate dependency,
6072 but it requires the package maintainer to track more information
6073 about the shared library.
6074 </p>
6076 <p>
6078 time the library ABI changed in any way. It only provides
6079 information about the library as a whole, not individual
6080 symbols. When a package is built using a shared library with
6082 require a version of the shared library equal to or newer than
6083 the version of the last ABI change. This generates
6084 unnecessarily restrictive dependencies compared
6086 package have changed. This, in turn, may make upgrades
6087 needlessly complex and unnecessarily restrict use of the package
6088 on systems with older versions of the shared libraries.
6089 </p>
6091 <p>
6094 files in some unusual corner cases.<footnote>
6097 instead of recording the actual SONAME. If the SONAME doesn't
6098 match one of the two expected formats
6100 cannot be represented.
6101 </footnote>
6102 </p>
6104 <p>
6106 shared library packages since they provide more accurate
6107 dependencies. For most C libraries, the additional detail
6109 maintain. However, maintaining exhaustive symbols information
6111 files may be more appropriate for most C++ libraries. Libraries
6112 with a corresponding udeb must also provide
6115 </p>
6120 <p>
6121 When a package that contains any shared libraries or compiled
6123 each shared library and compiled binary to determine the
6124 libraries used and hence the dependencies needed by the
6125 package.<footnote>
6128 the libraries and the symbols in those libraries directly
6129 needed by the binaries or shared libraries in the package.
6130 </footnote>
6133 List all of the compiled binaries, libraries, or loadable
6134 modules in your package.<footnote>
6136 correctly is to use a package helper framework such
6140 you. It will also correctly handle multi-binary packages.
6141 </footnote>
6144 to generate dependency information. The package must then
6145 provide a substitution variable into which the discovered
6146 dependency information can be placed.
6147 </p>
6149 <p>
6150 If you are creating a udeb for use in the Debian Installer,
6155 will automatically add this option if it knows it is
6156 processing a udeb.
6157 </footnote>. If there is no dependency line of
6160 regular dependency line.
6161 </p>
6163 <p>
6169 package built by this source package that contains compiled
6170 binaries, libraries, or loadable modules. If you have
6171 multiple binary packages, you will need to
6173 compiled libraries or binaries. For example, you could use
6176 binary package.<footnote>
6179 the addition of the variable to the control file for you if
6183 the appropriate flags.
6184 </footnote>
6185 </p>
6187 <p>
6190 </p>
6192 <p>
6195 library (that is, the library is listed in the
6197 to the link line when the binary is created). Other libraries
6200 linker will load them automatically when it
6202 libraries it directly uses, but not the libraries it only uses
6203 indirectly. The dependencies for the libraries used
6204 directly will automatically pull in the indirectly-used
6206 automatically, but package maintainers need to be aware of
6207 this distinction between directly and indirectly using a
6208 library if they have to override its results for some reason.
6209 <footnote>
6210 A good example of where this helps is the following. We
6212 supports a new revision of a graphics format called dgf (but
6213 retaining the same major version number) and depends on a
6217 directly or indirectly linked with a binary, every package
6221 Since dependencies are only added based on
6224 having the dependency on an appropriate version
6226 </footnote>
6227 </p>
6228 </sect1>
6233 <p>
6234 Maintaining a shared library package using
6236 requires being aware of the exposed ABI of the shared library
6241 the last change for the entire library.
6242 </p>
6244 <p>
6245 There are two types of ABI changes: ones that are
6246 backward-compatible and ones that are not. An ABI change is
6247 backward-compatible if any reasonable program or library that
6248 was linked with the previous version of the shared library
6249 will still work correctly with the new version of the shared
6250 library.<footnote>
6251 An example of an "unreasonable" program is one that uses
6252 library interfaces that are documented as internal and
6253 unsupported. If the only programs or libraries affected by
6254 a change are "unreasonable" ones, other techniques, such as
6256 packages or treating their usage of the library as bugs in
6257 those packages, may be appropriate instead of changing the
6258 SONAME. However, the default approach is to change the
6259 SONAME for any change to the ABI that could break a program.
6260 </footnote>
6261 Adding new symbols to the shared library is a
6262 backward-compatible change. Removing symbols from the shared
6263 library is not. Changing the behavior of a symbol may or may
6264 not be backward-compatible depending on the change; for
6265 example, changing a function to accept a new enum constant not
6266 previously used by the library is generally
6267 backward-compatible, but changing the members of a struct that
6268 is passed into library functions is generally not unless the
6269 library takes special precautions to accept old versions of
6270 the data structure.
6271 </p>
6273 <p>
6274 ABI changes that are not backward-compatible normally require
6276 shared library package name, which forces rebuilding all
6277 packages using that shared library to update their
6278 dependencies and allow them to use the new version of the
6279 shared library. For more information,
6281 section will deal with backward-compatible changes.
6282 </p>
6284 <p>
6285 Backward-compatible changes require either updating or
6289 more information on how to do this in the two formats, see
6291 rules that apply to both files.
6292 </p>
6294 <p>
6295 The easy case is when a public symbol is added. Simply add
6296 the version at which the symbol was introduced
6299 should be taken to update dependency versions when the
6300 behavior of a public symbol changes. This is easy to neglect,
6301 since there is no automated method of determining such
6302 changes, but failing to update versions in this case may
6303 result in binary packages with too-weak dependencies that will
6304 fail at runtime, possibly in ways that can cause security
6305 vulnerabilities. If the package maintainer believes that a
6306 symbol behavior change may have occurred but isn't sure, it's
6307 safer to update the version rather than leave it unmodified.
6308 This may result in unnecessarily strict dependencies, but it
6309 ensures that packages whose dependencies are satisfied will
6310 work properly.
6311 </p>
6313 <p>
6314 A common example of when a change to the dependency version
6315 is required is a function that takes an enum or struct
6316 argument that controls what the function does. For example:
6317 <example>
6318 enum library_op { OP_FOO, OP_BAR };
6319 int library_do_operation(enum library_op);
6320 </example>
6324 files) or the version in the dependency for the shared library
6327 binary built against the new version of the library (having
6328 detected at compile-time that the library
6332 function.
6333 </p>
6335 <p>
6338 Debian revision of the package, since the library behavior is
6339 normally fixed for a particular upstream version and any
6340 Debian packaging of that upstream version will have the same
6341 behavior. In the rare case that the library behavior was
6343 to the end of the version that includes the Debian revision is
6344 recommended, since this allows backports of the shared library
6345 package using the normal backport versioning convention to
6346 satisfy the dependency.
6347 </p>
6348 </sect1>
6353 <p>
6354 In the following sections, we will first describe where the
6358 shared library.
6359 </p>
6363 system</heading>
6365 <p>
6367 provided by the shared library package as a control file,
6368 but there are several override paths that are checked first
6369 in case that information is wrong or missing. The following
6370 list gives them in the order in which they are read
6372 the required information is used.
6373 <list>
6374 <item>
6377 <p>
6378 During the package build, if the package itself
6380 files, they will be generated in these staging
6383 files found in the build tree take precedence
6385 packages.
6386 </p>
6388 <p>
6389 These files must exist
6391 dependencies of binaries and libraries from a source
6392 package on other libraries from that same source
6393 package will not be correct. In practice, this means
6396 build.<footnote>
6397 An example may clarify. Suppose the source
6400 When building the binary packages, the contents of
6401 the packages are staged in the
6409 eventually to be included as a control file in that
6411 the
6413 it will examine
6416 dependencies are satisfied by any of the libraries
6418 were linked against the just-built shared library as
6423 the system.
6424 </footnote>
6425 </p>
6426 </item>
6428 <item>
6429 <p>
6432 </p>
6434 <p>
6435 Per-system overrides of shared library dependencies.
6436 These files normally do not exist. They are
6437 maintained by the local system administrator and must
6438 not be created by any Debian package.
6439 </p>
6440 </item>
6442 <item>
6444 installed on the system</p>
6446 <p>
6448 packages currently installed on the system are
6449 searched last. This will be the most common source of
6450 shared library dependency information. These files
6451 can be read with <tt>dpkg-query
6453 </p>
6454 </item>
6455 </list>
6456 </p>
6458 <p>
6460 in the source package, it will override
6465 </p>
6466 </sect2>
6471 <p>
6472 The following documents the format of
6474 packages. These files are built from
6478 do some of the tedious work involved in
6480 symbols or optional symbols that may not exist on particular
6482 a shared library package, refer
6484 richer syntax.
6485 </p>
6487 <p>
6489 for each shared library contained in the package
6491 the following format:
6492 </p>
6494 <p>
6495 <example>
6498 [...]
6500 [...]
6502 </example>
6503 </p>
6505 <p>
6507 package as an example, which (at the time of writing)
6508 installs the shared
6510 lines will be described first, followed by optional lines.
6511 </p>
6513 <p>
6517 This can be determined by using the command
6519 readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME
6520 </example>
6521 </footnote>
6522 </p>
6524 <p>
6526 dependency field in a binary package control file, except
6529 nothing if an unversioned dependency is deemed sufficient.
6530 The version restriction will be based on which symbols from
6531 the shared library are referenced and the version at which
6532 they were introduced (see below). In nearly all
6536 containing the shared library. This adds a simple,
6537 possibly-versioned dependency on the shared library package.
6538 In some rare cases, such as when multiple packages provide
6539 the same shared library ABI, the dependency template may
6540 need to be more complex.
6541 </p>
6543 <p>
6544 In our example, the first line of
6547 libz.so.1 zlib1g #MINVER#
6548 </example>
6549 </p>
6551 <p>
6552 Each public symbol exported by the shared library must have
6553 a corresponding symbol line, indented by one
6558 recent version of the shared library that changed the
6559 behavior of that symbol, whether by adding it, changing its
6560 function signature (the parameters, their types, or the
6561 return type), or changing its behavior in a way that is
6562 visible to a caller.
6564 field that references
6566 a full description.
6567 </p>
6569 <p>
6573 version and last changed its behavior in upstream
6578 the lines:
6582 </example>
6587 </p>
6589 <p>
6591 may be provided. These are used in cases where some symbols
6592 in the shared library should use one dependency template
6593 while others should use a different template. The
6594 alternative dependency templates are used only if a symbol
6596 field. The first alternative dependency template is
6598 An example of where this may be needed is with a library
6599 that implements the libGL interface. All GL
6600 implementations provide the same set of base interfaces,
6601 and then may provide some additional interfaces only used
6602 by programs that require that specific GL implementation.
6603 So, for example, libgl1-mesa-glx may use the
6605 <example>
6606 libGL.so.1 libgl1
6607 | libgl1-mesa-glx #MINVER#
6609 [...]
6611 [...]
6612 </example>
6613 Binaries or shared libraries using
6616 packages), but ones
6619 </footnote>
6620 </p>
6622 <p>
6623 Finally, the entry for the library may contain one or more
6624 metadata fields. Currently, the only
6628 package</qref> on which packages using this shared library
6629 declare a build dependency. If this field is
6631 the resulting binary package dependency on the shared
6632 library is at least as strict as the source package
6633 dependency on the shared library development
6634 package.<footnote>
6635 This field should normally not be necessary, since if the
6636 behavior of any symbol has changed, the corresponding
6639 system more robust by tightening the dependency in cases
6640 where the package using the shared library specifically
6641 requires at least a particular version of the shared
6642 library development package for some reason.
6643 </footnote>
6645 file would contain:
6647 * Build-Depends-Package: zlib1g-dev
6648 </example>
6649 </p>
6651 <p>
6653 </p>
6654 </sect2>
6659 <p>
6660 If your package provides a shared library, you should
6662 following the format described above in that package. You
6665 </p>
6667 <p>
6669 the source package
6673 information varies by architecture. This file may use the
6676 part of the package build process. It will
6678 area based on the binaries and libraries in the package
6680 source package.<footnote>
6681 If you are
6685 </footnote>
6686 </p>
6688 <p>
6690 them up-to-date to ensure correct dependencies in packages
6691 that use the shared libraries. This means updating
6694 whenever a symbol changes behavior or signature in a
6701 provided by the library normally requires changing
6705 </p>
6706 </sect2>
6707 </sect1>
6712 <p>
6715 shared libraries. It may be more appropriate for C++
6716 libraries and other cases where tracking individual symbols is
6718 therefore frequently seen in older packages. It is also
6720 </p>
6722 <p>
6723 In the following sections, we will first describe where the
6727 </p>
6731 system</heading>
6733 <p>
6735 found. The following list gives them in the order in which
6737 one which gives the required information is used.)
6738 <list>
6739 <item>
6742 <p>
6743 This lists overrides for this package. This file
6744 should normally not be used, but may be needed
6745 temporarily in unusual situations to work around bugs
6746 in other packages, or in unusual cases where the
6747 normally declared dependency information in the
6749 cannot be used. This file overrides information
6750 obtained from any other source.
6751 </p>
6752 </item>
6754 <item>
6757 <p>
6758 This lists global overrides. This list is normally
6759 empty. It is maintained by the local system
6760 administrator.
6761 </p>
6762 </item>
6764 <item>
6768 <p>
6769 These files are generated as part of the package build
6770 process and staged for inclusion as control files in
6771 the binary packages being built. They provide details
6772 of any shared libraries included in the same package.
6773 </p>
6774 </item>
6776 <item>
6778 installed on the system</p>
6780 <p>
6782 packages currently installed on the system. These
6783 files can be read using <tt>dpkg-query
6785 </p>
6786 </item>
6788 <item>
6791 <p>
6792 This file lists any shared libraries whose packages
6795 was first introduced, but it is now normally empty.
6797 </p>
6798 </item>
6799 </list>
6800 </p>
6802 <p>
6808 </p>
6809 </sect2>
6814 <p>
6817 are ignored. Each line is of the form:
6819 [<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
6820 </example>
6821 </p>
6823 <p>
6824 We will explain this by reference to the example of the
6826 installs the shared
6828 </p>
6830 <p>
6832 type of package for which the line is valid. The only type
6834 after the type are required.
6835 </p>
6837 <p>
6840 of the soname, see below.)
6841 </p>
6843 <p>
6847 recommended shared library package name is determined.
6849 </p>
6851 <p>
6853 field in a binary package control file. It should give
6854 details of which packages are required to satisfy a binary
6855 built against the version of the library contained in the
6858 to maintain the dependency version constraint.
6859 </p>
6861 <p>
6863 package that could change behavior for a client of that
6868 </example>
6869 This version restriction must be new enough that any binary
6870 built against the current version of the library will work
6871 with any version of the shared library that satisfies that
6872 dependency.
6873 </p>
6875 <p>
6876 As zlib1g also provides a udeb containing the shared
6877 library, there would also be a second line:
6880 </example>
6881 </p>
6882 </sect2>
6884 <sect2>
6887 <p>
6890 the format described above and place it in
6892 the build. It will then be included as a control file for
6893 that package<footnote>
6896 package also has a udeb that provides a shared
6900 </footnote>.
6901 </p>
6903 <p>
6906 packages being built from this source package, all of
6909 binary packages.
6910 </p>
6911 </sect2>
6912 </sect1>
6913 </sect>
6914 </chapt>
6919 <sect>
6926 <p>
6927 The location of all files and directories must comply with the
6928 Filesystem Hierarchy Standard (FHS), version 2.3, with the
6929 exceptions noted below, and except where doing so would
6930 violate other terms of Debian Policy. The following
6931 exceptions to the FHS apply:
6933 <enumlist>
6934 <item>
6935 <p>
6936 The FHS requirement that architecture-independent
6937 application-specific static files be located in
6941 be used by a package (or a collection of packages) to hold a
6942 mixture of architecture-independent and
6943 architecture-dependent files. However, when a directory is
6944 entirely composed of architecture-independent files, it
6946 </p>
6947 </item>
6948 <item>
6949 <p>
6950 The optional rules related to user specific
6951 configuration files for applications are stored in
6952 the user's home directory are relaxed. It is
6953 recommended that such files start with the
6955 application needs to create more than one dot file
6956 then the preferred placement is in a subdirectory
6957 with a name starting with a '.' character, (a "dot
6958 directory"). In this case it is recommended the
6959 configuration files not start with the '.'
6960 character.
6961 </p>
6962 </item>
6963 <item>
6964 <p>
6966 for 64 bit binaries is removed.
6967 </p>
6968 </item>
6969 <item>
6970 <p>
6971 The requirement for object files, internal binaries, and
6975 to instead be installed to
6982 than the one matching the architecture of that package;
6984 containing 32-bit x86 libraries may not install these
6986 <footnote>
6987 This is necessary in order to reserve the directories for
6988 use in cross-installation of library packages from other
6990 </footnote>
6991 </p>
6992 <p>
6993 The requirement for C and C++ headers files to be
6994 accessible through the search path
6996 be accessible through the search path
6999 This is necessary for architecture-dependent headers
7001 </footnote>
7002 </p>
7003 <p>
7004 Applications may also use a single subdirectory under
7006 </p>
7007 <p>
7008 The execution time linker/loader, ld*, must still be made
7009 available in the existing location under /lib or /lib64
7010 since this is part of the ELF ABI for the architecture.
7011 </p>
7012 </item>
7013 <item>
7014 <p>
7015 The requirement that
7018 recommendation</p>
7019 </item>
7020 <item>
7021 <p>
7022 The requirement that windowmanagers with a single
7024 is removed, as is the restriction that the window
7025 manager subdirectory be named identically to the
7026 window manager name itself.
7027 </p>
7028 </item>
7029 <item>
7030 <p>
7031 The requirement that boot manager configuration
7033 symlinked there, is relaxed to a recommendation.
7034 </p>
7035 </item>
7036 <item>
7037 <p>
7048 naming conventions, file format requirements, or the
7049 requirement that files be cleared during the boot
7050 process. Files and directories residing
7052 file system.
7053 </p>
7054 <p>
7056 directory exists or is usable without a dependency
7059 </p>
7060 </item>
7061 <item>
7062 <p>
7064 additionally allowed. <footnote>This directory is used as
7065 mount point to mount virtual filesystems to get access to
7066 kernel information.</footnote>
7067 </p>
7068 </item>
7069 <item>
7070 <p>
7072 </p>
7073 </item>
7074 <item>
7075 <p>
7082 </p>
7083 </item>
7084 <item>
7085 <p>
7086 On GNU/Hurd systems, the following additional
7087 directories are allowed in the root
7090 These directories are used to store translators and as
7091 a set of standard names for mount points,
7092 respectively.
7093 </footnote>
7094 </p>
7095 </item>
7096 </enumlist>
7097 </p>
7099 <p>
7100 The version of this document referred here can be
7105 you can try <url
7108 latest version, which may be a more recent version, may
7109 be found on
7111 Specific questions about following the standard may be
7113 referred to the FHS mailing list (see the
7115 more information).
7116 </p>
7117 </sect1>
7119 <sect1>
7122 <p>
7123 As mandated by the FHS, packages must not place any
7126 or by manipulating them in their maintainer scripts.
7127 </p>
7129 <p>
7130 However, the package may create empty directories below
7132 where to place site-specific files. These are not
7136 should be removed on package removal if they are
7137 empty.
7138 </p>
7140 <p>
7141 Note that this applies only to
7144 not create sub-directories in the
7146 listed in FHS, section 4.5. However, you may create
7147 directories below them as you wish. You must not remove
7148 any of the directories listed in 4.5, even if you created
7149 them.
7150 </p>
7152 <p>
7154 remote server, these directories must be created and
7156 maintainer scripts and not be included in the
7158 either of these operations fail.
7159 </p>
7161 <p>
7163 contain something like
7165 if [ ! -e /usr/local/share/emacs ]; then
7167 if chown root:staff /usr/local/share/emacs; then
7168 chmod 2775 /usr/local/share/emacs || true
7169 fi
7170 fi
7171 fi
7172 </example>
7177 </example>
7179 used to ensure that if the script is interrupted, the
7181 removed.)
7182 </p>
7184 <p>
7186 local additions to a package, you should ensure that
7189 </p>
7191 <p>
7193 for exclusive use of the local administrator, a package
7194 must not rely on the presence or absence of files or
7196 </p>
7198 <p>
7200 subdirectories created by the package should (by default) have
7201 permissions 2775 (group-writable and set-group-id) and be
7203 </p>
7204 </sect1>
7206 <sect1>
7208 <p>
7209 The system-wide mail directory
7211 base system and should not be owned by any particular mail
7212 agents. The use of the old
7214 though the spool may still be physically located there.
7215 </p>
7216 </sect1>
7221 <p>
7223 by being a mount point for a temporary file system. Packages
7224 therefore must not assume that any files or directories
7226 exist unless the package has arranged to create those files or
7227 directories since the last reboot. Normally, this is done by
7229 for more information.
7230 </p>
7232 <p>
7233 Packages must not include files or directories
7236 The latter paths will normally be symlinks or other
7238 </p>
7239 </sect1>
7240 </sect>
7242 <sect>
7245 <sect1>
7247 <p>
7248 The Debian system can be configured to use either plain or
7249 shadow passwords.
7250 </p>
7252 <p>
7253 Some user ids (UIDs) and group ids (GIDs) are reserved
7254 globally for use by certain packages. Because some
7255 packages need to include files which are owned by these
7256 users or groups, or need the ids compiled into binaries,
7257 these ids must be used on any Debian system only for the
7258 purpose for which they are allocated. This is a serious
7259 restriction, and we should avoid getting in the way of
7260 local administration policies. In particular, many sites
7261 allocate users and/or local system groups starting at 100.
7262 </p>
7264 <p>
7265 Apart from this we should have dynamically allocated ids,
7266 which should by default be arranged in some sensible
7267 order, but the behavior should be configurable.
7268 </p>
7270 <p>
7274 </p>
7275 </sect1>
7277 <sect1>
7279 <p>
7280 The UID and GID numbers are divided into classes as
7281 follows:
7282 <taglist>
7284 <item>
7285 <p>
7286 Globally allocated by the Debian project, the same
7287 on every Debian system. These ids will appear in
7289 Debian systems, new ids in this range being added
7291 updated.
7292 </p>
7294 <p>
7295 Packages which need a single statically allocated
7296 uid or gid should use one of these; their
7298 maintainer for ids.
7299 </p>
7300 </item>
7303 <item>
7304 <p>
7305 Dynamically allocated system users and groups.
7306 Packages which need a user or group, but can have
7307 this user or group allocated dynamically and
7308 differently on each system, should use <tt>adduser
7309 --system</tt> to create the group and/or user.
7311 the user or group, and if necessary choose an unused
7312 id based on the ranges specified in
7314 </p>
7315 </item>
7318 <item>
7319 <p>
7320 Dynamically allocated user accounts. By default
7322 user accounts in this range, though
7324 behavior.
7325 </p>
7326 </item>
7329 <item>
7330 <p>
7331 Globally allocated by the Debian project, but only
7332 created on demand. The ids are allocated centrally
7333 and statically, but the actual accounts are only
7334 created on users' systems on demand.
7335 </p>
7337 <p>
7338 These ids are for packages which are obscure or
7339 which require many statically-allocated ids. These
7340 packages should check for and create the accounts in
7343 necessary. Packages which are likely to require
7344 further allocations should have a "hole" left after
7345 them in the allocation, to give them room to
7346 grow.
7347 </p>
7348 </item>
7351 <item>
7353 </item>
7356 <item>
7357 <p>
7360 </p>
7361 </item>
7364 <item>
7365 <p>
7368 was 16 bits.
7369 </p>
7370 </item>
7373 <item>
7374 <p>
7375 Dynamically allocated user accounts. By
7377 and GIDs in this range, to ease compatibility with
7379 bits.
7380 </p>
7381 </item>
7384 <item>
7385 <p>
7387 used, because it is used as the anonymous, unauthenticated
7388 user by some NFS implementations.
7389 </p>
7390 </item>
7393 <item>
7394 <p>
7396 not</em> be used, because it is the error return
7397 sentinel value.
7398 </p>
7399 </item>
7400 </taglist>
7401 </p>
7402 </sect1>
7403 </sect>
7411 <p>
7416 </p>
7418 <p>
7419 There are at least two different, yet functionally
7420 equivalent, ways of handling these scripts. For the sake
7421 of simplicity, this document describes only the symbolic
7422 link method. However, it must not be assumed by maintainer
7423 scripts that this method is being used, and any automated
7424 manipulation of the various runlevel behaviors by
7425 maintainer scripts must be performed using
7427 manually installing or removing symlinks. For information
7428 on the implementation details of the other method,
7430 to the documentation of that package.
7431 </p>
7433 <p>
7434 These scripts are referenced by symbolic links in the
7440 scripts.
7441 </p>
7443 <p>
7444 The names of the links all have the form
7448 is the name of the script (this should be the same as the
7450 </p>
7452 <p>
7461 link for starting services upon entering the runlevel.
7462 </p>
7464 <p>
7465 For example, if we are changing from runlevel 2 to
7470 referred-to file to be executed with an argument of
7473 </p>
7475 <p>
7477 the order in which to run the scripts: low-numbered links
7478 have their scripts run first. For example, the
7481 must be started before another. For example, the name
7484 can set up its access lists. In this case, the script
7487 runs first:
7489 /etc/rc2.d/S17bind
7490 /etc/rc2.d/S70inn
7491 </example>
7492 </p>
7494 <p>
7496 different. In these runlevels, the links with an
7500 </p>
7501 </sect1>
7506 <p>
7507 Packages that include daemons for system services should
7509 services at boot time or during a change of runlevel.
7510 These scripts should be named
7512 accept one argument, saying what to do:
7514 <taglist>
7522 <item>stop and restart the service if it's already running,
7523 otherwise start the service</item>
7526 <item><p>cause the configuration of the service to be
7527 reloaded without actually stopping and restarting
7528 the service,</item>
7531 <item>cause the configuration to be reloaded if the
7532 service supports this, otherwise restart the
7533 service.</item>
7534 </taglist>
7539 option is optional.
7540 </p>
7542 <p>
7544 behave sensibly (i.e., returning success and not starting
7547 when it isn't, and that they don't kill unfortunately-named
7548 user processes. The best way to achieve this is usually to
7550 option.
7551 </p>
7553 <p>
7556 accepting various error exit statuses when daemons are already
7557 running or already stopped without aborting
7560 in effect<footnote>
7563 in effect and echoing status messages to the console fails,
7564 for example.
7567 each command separately.
7568 </p>
7570 <p>
7571 If a service reloads its configuration automatically (as
7574 should behave as if the configuration has been reloaded
7575 successfully.
7576 </p>
7578 <p>
7580 configuration files, either (if they are present in the
7581 package, that is, in the .deb file) by marking them as
7583 by managing them correctly in the maintainer scripts (see
7585 to give the local system administrator the chance to adapt
7586 the scripts to the local system, e.g., to disable a
7587 service without de-installing the package, or to specify
7588 some special command line options when starting a service,
7589 while making sure their changes aren't lost during the next
7590 package upgrade.
7591 </p>
7593 <p>
7594 These scripts should not fail obscurely when the
7595 configuration files remain but the package has been
7596 removed, as configuration files remain on the system after
7599 configuration files be removed. In particular, as the
7602 if the package is removed but not purged. Therefore, you
7604 script, like this:
7607 </example>
7608 </p>
7610 <p>
7612 scripts whose values control the behavior of the scripts,
7613 and which a system administrator is likely to want to
7614 change. As the scripts themselves are frequently
7616 administrator merge in their changes each time the package
7618 the burden on the system administrator, such configurable
7619 values should not be placed directly in the script.
7620 Instead, they should be placed in a file in
7623 should be sourced by the script when the script runs. It
7624 must contain only variable settings and comments in SUSv3
7628 for more details.
7629 </p>
7631 <p>
7632 To ensure that vital configurable values are always
7634 values for each of the shell variables it uses, either
7636 afterwards using something like the <tt>:
7638 script must behave sensibly and not fail if the
7640 </p>
7642 <p>
7646 filesystem and are normally not persistent across a reboot.
7648 This will typically mean creating any required subdirectories
7651 </p>
7652 </sect1>
7654 <sect1>
7657 <p>
7658 Maintainers should use the abstraction layer provided by
7660 programs to deal with initscripts in their packages'
7663 </p>
7665 <p>
7666 Directly managing the /etc/rc?.d links and directly
7668 be done only by packages providing the initscript
7671 </p>
7673 <sect2>
7676 <p>
7678 package maintainers to arrange for the proper creation and
7680 or their functional equivalent if another method is being
7681 used. This may be used by maintainers in their packages'
7683 </p>
7685 <p>
7687 symbolic links in the actual archive or manually create or
7688 remove the symbolic links in maintainer scripts; you must
7690 former will fail if an alternative method of maintaining
7691 runlevel information is being used.) You must not include
7694 package may do so.)
7695 </p>
7697 <p>
7700 and stop them in the halt runlevel (0), the single-user
7702 administrator will have the opportunity to customize
7703 runlevels by simply adding, moving, or removing the
7705 symbolic links are being used, or by modifying
7707 is being used.
7708 </p>
7710 <p>
7711 To get the default behavior for your package, put in your
7715 </example>
7718 if [ "$1" = purge ]; then
7720 fi
7721 </example>. Note that if your package changes runlevels
7722 or priority, you may have to remove and recreate the links,
7723 since otherwise the old links may persist. Refer to the
7725 </p>
7727 <p>
7728 This will use a default sequence number of 20. If it does
7730 script is run, use this default. If it does, then you
7733 help you choose a number.
7734 </p>
7736 <p>
7740 </p>
7741 </sect2>
7743 <sect2>
7745 <p>
7747 it easier for package maintainers to properly invoke an
7748 initscript, obeying runlevel and other locally-defined
7749 constraints that might limit a package's right to start,
7750 stop and otherwise manage services. This program may be
7751 used by maintainers in their packages' scripts.
7752 </p>
7754 <p>
7755 The package maintainer scripts must use
7758 calling them directly.
7759 </p>
7761 <p>
7763 action requests (start, stop, reload, restart...) to the
7765 to start or restart a service out of its intended
7766 runlevels.
7767 </p>
7769 <p>
7770 Most packages will simply need to change:
7777 else
7779 fi
7780 </example>
7781 </p>
7783 <p>
7784 A package should register its initscript services using
7787 unregistered services may fail.
7788 </p>
7790 <p>
7791 For more information about using
7794 </p>
7795 </sect2>
7796 </sect1>
7798 <sect1>
7801 <p>
7803 which contained scripts which were run once per machine
7804 boot. This has been deprecated in favour of links from
7808 </p>
7809 </sect1>
7811 <sect1>
7814 <p>
7815 An example on which you can base your
7818 </p>
7820 </sect1>
7821 </sect>
7823 <sect>
7826 <p>
7827 This section describes the formats to be used for messages
7829 scripts. The intent is to improve the consistency of
7830 Debian's startup and shutdown look and feel. For this
7831 reason, please look very carefully at the details. We want
7832 the messages to have the same format in terms of wording,
7833 spaces, punctuation and case of letters.
7834 </p>
7836 <p>
7837 Here is a list of overall rules that should be used for
7839 </p>
7841 <p>
7842 <list>
7843 <item>
7844 The message should fit in one line (fewer than 80
7845 characters), start with a capital letter and end with
7847 </item>
7849 <item>
7850 If the script is performing some time consuming task in
7851 the background (not merely starting or stopping a
7852 program, for instance), an ellipsis (three dots:
7854 leading or tailing whitespace or line feeds.
7855 </item>
7857 <item>
7858 The messages should appear as if the computer is telling
7859 the user what it is doing (politely :-), but should not
7860 mention "it" directly. For example, instead of:
7862 I'm starting network daemons: nfsd mountd.
7863 </example>
7864 the message should say
7866 Starting network daemons: nfsd mountd.
7867 </example>
7868 </item>
7869 </list>
7870 </p>
7872 <p>
7874 message formats for the situations enumerated below.
7875 </p>
7877 <p>
7878 <list>
7879 <item>
7882 <p>
7883 If the script starts one or more daemons, the output
7884 should look like this (a single line, no leading
7885 spaces):
7888 </example>
7890 subsystem the daemon or set of daemons are part of,
7892 denote each daemon's name (typically the file name of
7893 the program).
7894 </p>
7896 <p>
7898 would look like:
7900 Starting printer spooler: lpd.
7901 </example>
7902 </p>
7904 <p>
7905 This can be achieved by saying
7907 echo -n "Starting printer spooler: lpd"
7908 start-stop-daemon --start --quiet --exec /usr/sbin/lpd
7909 echo "."
7910 </example>
7911 in the script. If there are more than one daemon to
7912 start, the output should look like this:
7914 echo -n "Starting remote file system services:"
7915 echo -n " nfsd"; start-stop-daemon --start --quiet nfsd
7916 echo -n " mountd"; start-stop-daemon --start --quiet mountd
7917 echo -n " ugidd"; start-stop-daemon --start --quiet ugidd
7918 echo "."
7919 </example>
7920 This makes it possible for the user to see what is
7921 happening and when the final daemon has been started.
7922 Care should be taken in the placement of white spaces:
7923 in the example above the system administrators can
7924 easily comment out a line if they don't want to start
7925 a specific daemon, while the displayed message still
7926 looks good.
7927 </p>
7928 </item>
7930 <item>
7933 <p>
7934 If you have to set up different system parameters
7935 during the system boot, you should use this format:
7938 </example>
7939 </p>
7941 <p>
7942 You can use a statement such as the following to get
7943 the quotes right:
7946 </example>
7947 </p>
7949 <p>
7951 for the left and right quotation marks. A grave accent
7954 </p>
7955 </item>
7957 <item>
7960 <p>
7961 When you stop or restart a daemon, you should issue a
7962 message identical to the startup message, except that
7965 </p>
7967 <p>
7968 For example, stopping the printer daemon will look like
7969 this:
7971 Stopping printer spooler: lpd.
7972 </example>
7973 </p>
7974 </item>
7976 <item>
7979 <p>
7980 There are several examples where you have to run a
7981 program at system startup or shutdown to perform a
7982 specific task, for example, setting the system's clock
7984 when the system shuts down. Your message should look
7985 like this:
7987 Doing something very useful...done.
7988 </example>
7990 the job has been completed, so that the user is
7991 informed why they have to wait. You can get this
7992 behavior by saying
7994 echo -n "Doing something very useful..."
7995 do_something
7996 echo "done."
7997 </example>
7998 in your script.
7999 </p>
8000 </item>
8002 <item>
8005 <p>
8006 When a daemon is forced to reload its configuration
8007 files you should use the following format:
8010 </example>
8012 daemon starting message.
8013 </p>
8014 </item>
8015 </list>
8016 </p>
8017 </sect>
8022 <p>
8023 Packages must not modify the configuration file
8026 </p>
8028 <p>
8029 If a package wants to install a job that has to be executed via
8030 cron, it should place a file named as specified
8032 directories:
8034 /etc/cron.hourly
8035 /etc/cron.daily
8036 /etc/cron.weekly
8037 /etc/cron.monthly
8038 </example>
8039 As these directory names imply, the files within them are
8040 executed on an hourly, daily, weekly, or monthly basis,
8041 respectively. The exact times are listed in
8043 </p>
8045 <p>
8046 All files installed in any of these directories must be
8047 scripts (e.g., shell scripts or Perl scripts) so that they
8048 can easily be modified by the local system administrator.
8049 In addition, they must be treated as configuration files.
8050 </p>
8052 <p>
8053 If a certain job has to be executed at some other frequency or
8054 at a specific time, the package should install a file in
8059 treated as a configuration file. (Note that entries in the
8062 directory for jobs which may be skipped if the system is not
8063 running.)
8064 </p>
8066 <p>
8073 <enumlist>
8081 </enumlist>
8082 Ranges of numbers are allowed. Ranges are two numbers
8083 separated with a hyphen. The specified range is inclusive.
8084 Lists are allowed. A list is a set of numbers (or ranges)
8085 separated by commas. Step values can be used in conjunction
8086 with ranges.
8087 </p>
8089 <p>
8091 check if all necessary programs are installed before they
8092 try to execute them. Otherwise, problems will arise when a
8093 package was removed but not purged since configuration files
8094 are kept on the system in this situation.
8095 </p>
8097 <p>
8101 must also support names for days and months, ranges, and
8103 and correctly execute the scripts in
8105 execute scripts in
8107 </p>
8112 <p>
8113 The file name of a cron job file should normally match the
8114 name of the package from which it comes.
8115 </p>
8117 <p>
8118 If a package supplies multiple cron job files files in the
8119 same directory, the file names should all start with the name
8120 of the package (possibly modified as described below) followed
8122 </p>
8124 <p>
8125 A cron job file name must not include any period or plus
8129 characters.
8130 </p>
8131 </sect1>
8132 </sect>
8137 <p>
8138 Packages shipping applications that comply with minimal requirements
8139 described below for integration with desktop environments should
8140 register these applications in the desktop menu, following the
8145 and complementary information can be found in the
8148 </p>
8150 <p>
8151 The desktop entry files are installed by the packages in the
8154 not necessary to depend on packages providing FreeDesktop menu
8155 systems.
8156 </p>
8158 <p>
8159 Entries displayed in the FreeDesktop menu should conform to the
8160 following minima for relevance and visual integration.
8162 <list>
8163 <item>
8164 Unless hidden by default, the desktop entry must point to a PNG
8165 or SVG icon with a transparent background, providing at least
8167 should be neutral enough to integrate well with the default icon
8168 themes. It is encouraged to ship the icon in the default
8171 </item>
8173 <item>
8174 If the menu entry is not useful in the general case as a
8175 standalone application, the desktop entry should set the
8177 configured to be displayed only by those who need it.
8178 </item>
8180 <item>
8181 In doubt, the package maintainer should coordinate with the
8182 maintainers of menu implementations through the
8184 with categories or bad interactions with other icons. Especially
8185 for packages which are part of installation tasks, the contents
8187 validated by the maintainers of the relevant environments.
8188 </item>
8189 </list>
8190 </p>
8192 <p>
8193 Since the FreeDesktop menu is a cross-distribution standard, the
8194 desktop entries written for Debian should be forwarded upstream,
8195 where they will benefit to other users and are more likely to
8196 receive extra contributions such as translations.
8197 </p>
8199 <p>
8200 Packages can, to be compatible with Debian additions to some window
8201 managers that do not support the FreeDesktop standard, also provide a
8207 </p>
8208 </sect>
8213 <p>
8214 Media types (formerly known as MIME types, Multipurpose Internet Mail
8216 data streams and providing meta-information about them, in particular
8219 </p>
8221 <p>
8222 Registration of media type handlers allows programs like mail
8223 user agents and web browsers to invoke these handlers to
8224 view, edit or display media types they don't support directly.
8225 </p>
8227 <p>
8228 There are two overlapping systems to associate media types to programs
8231 aimed at Desktop environments. In Debian, FreeDesktop entries are
8232 automatically translated in mailcap entries, therefore packages
8233 already using desktop entries should not use the mailcap system
8234 directly.
8235 </p>
8240 <p>
8241 Packages shipping an application able to view, edit or point to
8242 files of a given media type, or open links with a given URI scheme,
8247 </p>
8248 </sect1>
8253 <p>
8254 Packages that are not using desktop entries for registration should
8257 file name should be the binary package's name.
8258 </p>
8260 <p>
8264 triggers<footnote>
8265 Creating, modifying or removing a file in
8267 not activate the trigger. In that case, it can be done by calling
8269 the maintainer script after creating, modifying, or removing
8270 the file.
8271 </footnote>.
8273 <p>
8274 Packages installing desktop entries should not install mailcap
8275 entries for the same program, because the
8277 entries.
8278 </p>
8280 <p>
8283 </p>
8284 </sect1>
8289 <p>
8290 The media type of a file is discovered by inspecting the file's
8292 interrogating a database associating them with media types.
8293 </p>
8295 <p>
8296 To support new associations between media types and files, their
8297 characteristic file extensions and magic patterns should be
8298 registered to the IANA (Internet Assigned Numbers Authority). See
8300 for details. This information will then propagate to the systems
8301 discovering file media types in Debian, provided by the
8304 packages. If registration and propagation can not be waited for,
8305 support can be asked to the maintainers of the packages mentioned
8306 above.
8307 </p>
8309 <p>
8310 For files that are produced and read by a single application, it
8311 is also possible to declare this association to the
8315 </p>
8316 </sect1>
8317 </sect>
8319 <sect>
8322 <p>
8323 To achieve a consistent keyboard configuration so that all
8324 applications interpret a keyboard event the same way, all
8325 programs in the Debian distribution must be configured to
8326 comply with the following guidelines.
8327 </p>
8329 <p>
8330 The following keys must have the specified interpretations:
8332 <taglist>
8341 </taglist>
8343 The interpretation of any keyboard events should be
8344 independent of the terminal that is used, be it a virtual
8345 console, an X terminal emulator, an rlogin/telnet session,
8346 etc.
8347 </p>
8349 <p>
8350 The following list explains how the different programs
8351 should be set up to achieve this:
8352 </p>
8354 <p>
8355 <list>
8356 <item>
8358 </item>
8360 <item>
8362 </item>
8364 <item>
8365 X translations are set up to make
8368 is the vt220 escape code for the "delete character"
8369 key). This must be done by loading the X resources
8371 using the application defaults, so that the
8372 translation resources used correspond to the
8374 </item>
8376 <item>
8377 The Linux console is configured to make
8380 </item>
8382 <item>
8385 applications already work like this.
8386 </item>
8388 <item>
8390 </item>
8392 <item>
8396 </item>
8398 <item>
8404 </item>
8406 <item>
8409 with ASCII DEL being "delete previous character" and
8411 cursor".
8412 </item>
8414 </list>
8415 </p>
8417 <p>
8418 This will solve the problem except for the following
8419 cases:
8420 </p>
8422 <p>
8423 <list>
8424 <item>
8427 these terminals Emacs help will be unavailable on
8429 character takes precedence in Emacs, and has been set
8431 available) can be used instead.
8432 </item>
8434 <item>
8436 erase</tt>. However, modern telnet versions and all
8440 correctly, things can be made to work by using
8442 </item>
8444 <item>
8445 Some systems (including previous Debian versions) use
8449 their X clients using the same X resources that we use
8450 to do it for our own clients, or configure our clients
8451 using their resources when things are the other way
8452 around. On displays configured like this
8454 will.
8455 </item>
8457 <item>
8462 log in from a system conforming to our policy, but
8464 </item>
8465 </list>
8466 </p>
8467 </sect>
8469 <sect>
8472 <p>
8473 A program must not depend on environment variables to get
8474 reasonable defaults. (That's because these environment
8475 variables would have to be set in a system-wide
8477 supported by all shells.)
8478 </p>
8480 <p>
8481 If a program usually depends on environment variables for its
8482 configuration, the program should be changed to fall back to
8483 a reasonable default configuration if these environment
8484 variables are not present. If this cannot be done easily
8485 (e.g., if the source code of a non-free program is not
8486 available), the program must be replaced by a small
8487 "wrapper" shell script which sets the environment variables
8488 if they are not already defined, and calls the original program.
8489 </p>
8491 <p>
8492 Here is an example of a wrapper script for this purpose:
8495 #!/bin/sh
8496 BAR=${BAR:-/var/lib/fubar}
8497 export BAR
8498 exec /usr/lib/foo/foo "$@"
8499 </example>
8500 </p>
8502 <p>
8505 not put any environment variables or other commands into that
8506 file.
8507 </p>
8508 </sect>
8513 <p>
8515 flexible mechanism for handling and presenting
8516 documentation. The recommended practice is for every Debian
8517 package that provides online documentation (other than just
8518 manual pages) to register these documents with
8522 </p>
8523 <p>
8524 Please refer to the documentation that comes with the
8526 details.
8527 </p>
8528 </sect>
8532 <p>
8533 A number of other init systems are available now in Debian that
8535 init implementations must support running SysV init scripts as
8537 </p>
8538 <p>
8539 Packages may integrate with these replacement init systems by
8540 providing implementation-specific configuration information about
8541 how and when to start a service or in what order to run certain
8542 tasks at boot time. However, any package integrating with other
8543 init systems must also be backwards-compatible with
8545 with the same name as and equivalent functionality to any
8546 init-specific job, as this is the only start-up configuration
8547 method guaranteed to be supported by all init implementations. An
8548 exception to this rule is scripts or jobs provided by the init
8549 implementation itself; such jobs may be required for an
8551 scripts and may not have a one-to-one correspondence with the init
8552 scripts.
8553 </p>
8557 <p>
8559 boot system by installing job files in the
8561 an equivalent upstart job is available must query the output of
8564 upstart job, using a test such as this:
8567 then
8568 exit 1
8569 fi
8570 </example>
8571 </p>
8572 <p>
8573 Because packages shipping upstart jobs may be installed on
8574 systems that are not using upstart, maintainer scripts must
8577 and for starting and stopping services. These maintainer
8580 interfaces directly. Instead, implementations of
8582 when an upstart job with the same name as an init script is
8583 present, and perform the requested action using the upstart job
8584 instead of the init script.
8585 </p>
8586 <p>
8587 Dependency-based boot managers for SysV init scripts, such as
8589 entirely when an equivalent upstart job is present, to avoid
8590 unnecessary forking of no-op init scripts. In this case, the
8591 boot manager should integrate with upstart to detect when the
8592 upstart job in question is started or stopped to know when the
8593 dependency has been satisfied.
8594 </p>
8595 </sect1>
8596 </sect>
8598 </chapt>
8607 <p>
8608 Two different packages must not install programs with
8609 different functionality but with the same filenames. (The
8610 case of two programs having the same functionality but
8611 different implementations is handled via "alternatives" or
8614 one of the programs must be renamed. The maintainers should
8616 try to find a consensus about which program will have to be
8618 programs must be renamed.
8619 </p>
8620 <p>
8621 Binary executables must not be statically linked with the GNU C
8622 library, since this prevents the binary from benefiting from
8623 fixes and improvements to the C library without being rebuilt
8624 and complicates security updates. This requirement may be
8625 relaxed for binary executables whose intended purpose is to
8626 diagnose and fix the system in situations where the GNU C
8627 library may not be usable (such as system recovery shells or
8628 utilities like ldconfig) or for binary executables where the
8629 security benefits of static linking outweigh the drawbacks.
8630 </p>
8631 <p>
8632 By default, when a package is being built, any binaries
8633 created should include debugging information, as well as
8634 being compiled with optimization. You should also turn on
8635 as many reasonable compilation warnings as possible; this
8636 makes life easier for porters, who can then look at build
8637 logs for possible problems. For the C programming language,
8638 this means the following compilation parameters should be
8639 used:
8641 CC = gcc
8642 CFLAGS = -O2 -g -Wall # sane warning options vary between programs
8643 LDFLAGS = # none
8644 INSTALL = install -s # (or use strip on the files in debian/tmp)
8645 </example>
8646 </p>
8648 <p>
8649 Note that by default all installed binaries should be stripped,
8652 the binaries after they have been copied into
8654 package.
8655 </p>
8657 <p>
8658 Although binaries in the build tree should be compiled with
8659 debugging information by default, it can often be difficult to
8660 debug programs if they are also subjected to compiler
8661 optimization. For this reason, it is recommended to support the
8664 several flags to change how a package is compiled and built.
8665 </p>
8667 <p>
8668 It is up to the package maintainer to decide what
8669 compilation options are best for the package. Certain
8670 binaries (such as computationally-intensive programs) will
8672 example); feel free to use them. Please use good judgment
8673 here. Don't use flags for the sake of it; only use them
8674 if there is good reason to do so. Feel free to override
8675 the upstream author's ideas about which compilation
8676 options are best: they are often inappropriate for our
8677 environment.
8678 </p>
8679 </sect>
8685 <p>
8687 the shared library compilation and linking flags must have
8689 the supported architectures<footnote>
8690 <p>
8692 relocatable position independent code, which is required for
8693 most architectures to create a shared library, with i386 and
8694 perhaps some others where non position independent code is
8695 permitted in a shared library.
8696 </p>
8697 <p>
8698 Position independent code may have a performance penalty,
8700 speed penalty must be measured against the memory wasted on
8701 the few architectures where non position independent code is
8702 even possible.
8703 </p>
8704 </footnote>. Any exception to this rule must be discussed on
8706 a rough consensus obtained. The reasons for not compiling
8710 be used on architectures where it is required.<footnote>
8711 <p>
8712 Some of the reasons why this might be required is if the
8713 library contains hand crafted assembly code that is not
8714 relocatable, the speed penalty is excessive for compute
8715 intensive libs, and similar reasons.
8716 </p>
8717 </footnote>
8718 </p>
8719 <p>
8720 As to the static libraries, the common case is not to have
8721 relocatable code, since there is no benefit, unless in specific
8722 cases; therefore the static version must not be compiled
8724 should be discussed on the mailing list
8728 <p>
8729 Some of the reasons for linking static libraries with
8731 Perl API for a library that is under rapid development,
8732 and has an unstable API, so shared libraries are
8733 pointless at this phase of the library's development. In
8734 that case, since Perl needs a library with relocatable
8735 code, it may make sense to create a static library with
8736 relocatable code. Another reason cited is if you are
8737 distilling various libraries into a common shared
8739 installer project.
8740 </p>
8741 </footnote>
8742 </p>
8743 <p>
8744 In other words, if both a shared and a static library is
8746 for C files) will need to be compiled twice, for the normal
8747 case.
8748 </p>
8750 <p>
8751 Libraries should be built with threading support and to be
8752 thread-safe if the library supports this.
8753 </p>
8755 <p>
8756 Although not enforced by the build tools, shared libraries
8757 must be linked against all libraries that they use symbols from
8758 in the same way that binaries are. This ensures the correct
8761 systems and guarantees that all libraries can be safely opened
8764 Since this option enforces symbol resolution at build time,
8765 a missing library reference will be caught early as a fatal
8766 build error.
8767 </p>
8769 <p>
8770 All installed shared libraries should be stripped with
8773 </example>
8776 needed for relocation processing.) Shared libraries can
8777 function perfectly well when stripped, since the symbols for
8778 dynamic linking are in a separate part of the ELF object
8779 file.<footnote>
8780 You might also want to use the options
8784 libraries.
8785 </footnote>
8786 </p>
8788 <p>
8789 Note that under some circumstances it may be useful to
8790 install a shared library unstripped, for example when
8791 building a separate package to support debugging.
8792 </p>
8794 <p>
8796 public libraries, that is, they are not meant to be linked
8797 to by third party executables (binaries of other packages),
8798 should be installed in subdirectories of the
8800 rules that govern ordinary shared libraries, except that
8801 they must not be installed executable and should be
8802 stripped.<footnote>
8803 A common example are the so-called "plug-ins",
8804 internal shared objects that are dynamically loaded by
8806 </footnote>
8807 </p>
8809 <p>
8811 their shared libraries install a file containing additional
8813 For public libraries intended for use by other packages, these
8814 files normally should not be included in the Debian package,
8815 since the information they include is not necessary to link with
8816 the shared library on Debian and can add unnecessary additional
8817 dependencies to other programs or libraries.<footnote>
8818 These files store, among other things, all libraries on which
8819 that shared library depends. Unfortunately, if
8822 linking against that library will cause the resulting program
8823 or library to be linked against those dependencies as well,
8824 even if this is unnecessary. This can create unneeded
8825 dependencies on shared library packages that would otherwise
8826 be hidden behind the library ABI, and can make library
8827 transitions to new SONAMEs unnecessarily complicated and
8828 difficult to manage.
8829 </footnote>
8834 the empty string. If the shared library development package has
8837 emptied) until all libraries that depend on it have removed or
8839 files to prevent linking with those other libraries
8841 </p>
8843 <p>
8849 package.
8850 </p>
8852 <p>
8854 apply to loadable modules or libraries not installed in
8855 directories searched by default by the dynamic linker. Packages
8856 installing loadable modules will frequently need to install
8859 does not need to be modified for libraries or modules that are
8860 not installed in directories searched by the dynamic linker by
8861 default and not intended for use by other packages.
8862 </p>
8864 <p>
8865 You must make sure that you use only released versions of
8866 shared libraries to build your packages; otherwise other
8867 users will not be able to run your binaries
8868 properly. Producing source packages that depend on
8869 unreleased compilers is also usually a bad
8870 idea.
8871 </p>
8872 </sect>
8875 <sect>
8877 <p>
8879 </p>
8880 </sect>
8886 <p>
8887 All command scripts, including the package maintainer
8890 to interpret them.
8891 </p>
8893 <p>
8894 In the case of Perl scripts this should be
8896 </p>
8898 <p>
8899 When scripts are installed into a directory in the system
8900 PATH, the script name should not include an extension such
8902 language currently used to implement it.
8903 </p>
8904 <p>
8909 to how frequently they need to call commands that are allowed to
8910 fail, and it may instead be easier to check the exit status of
8913 </p>
8914 <p>
8917 </p>
8918 <p>
8920 SUSv3 Shell Command Language<footnote>
8921 Single UNIX Specification, version 3, which is also IEEE
8925 registration.</footnote>
8926 plus the following additional features not mandated by
8927 SUSv3:<footnote>
8928 These features are in widespread use in the Linux community
8929 and are implemented in all of bash, dash, and ksh, the most
8931 </footnote>
8932 <list>
8934 must not generate a newline.</item>
8937 operators.</item>
8939 supported, including listing multiple variables in a single
8940 local command and assigning a value to a variable at the
8942 may not preserve the variable value from an outer scope if
8943 no assignment is present. Uses such as:
8945 fname () {
8946 local a b c=delta d
8947 # ... use a, b, c, d ...
8948 }
8949 </example>
8952 </item>
8955 the name of a signal or one of the numeric signals listed in
8958 built-in.
8959 </item>
8961 signals must be supported. In addition to the signal
8962 numbers listed in the extension, which are the same as for
8964 </item>
8965 </list>
8966 If a shell script requires non-SUSv3 features from the shell
8967 interpreter other than those listed above, the appropriate shell
8968 must be specified in the first line of the script (e.g.,
8970 providing the shell (unless the shell package is marked
8972 </p>
8974 <p>
8975 You may wish to restrict your script to SUSv3 features plus the
8977 as its interpreter. Checking your script
8981 uncover violations of the above requirements. If in doubt
8982 whether a script complies with these requirements,
8984 </p>
8986 <p>
8987 Perl scripts should check for errors when making any
8990 </p>
8992 <p>
8994 scripting languages. See <em>Csh Programming Considered
8998 then you must make sure that they start with
9001 </p>
9003 <p>
9004 Any scripts which create files in world-writeable
9006 mechanism which will fail atomically if a file with the same
9007 name already exists.
9008 </p>
9010 <p>
9013 this purpose.
9014 </p>
9015 </sect>
9018 <sect>
9021 <p>
9022 In general, symbolic links within a top-level directory should
9023 be relative, and symbolic links pointing from one top-level
9024 directory to or into another should be absolute. (A top-level
9025 directory is a sub-directory of the root
9030 absolute.<footnote>
9031 This is necessary to allow top-level directories to be
9037 target.
9038 </footnote>
9039 Symbolic links must not traverse above the root directory.
9040 </p>
9042 <p>
9043 In addition, symbolic links should be specified as short as
9045 deprecated.
9046 </p>
9048 <p>
9049 Note that when creating a relative link using
9051 link to exist relative to the working directory you're
9053 directory to the directory where the link is to be made.
9054 Simply include the string that should appear as the target
9055 of the link (this will be a pathname relative to the
9056 directory in which the link resides) as the first argument
9058 </p>
9060 <p>
9064 ln -fs gcc $(prefix)/bin/cc
9065 ln -fs gcc debian/tmp/usr/bin/cc
9066 ln -fs ../sbin/sendmail $(prefix)/bin/runq
9067 ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
9068 </example>
9069 </p>
9071 <p>
9072 A symbolic link pointing to a compressed file (in the sense
9075 have the same file extension as the referenced file. (For
9077 symbolic link, the filename of the link has to end with
9079 </p>
9080 </sect>
9082 <sect>
9085 <p>
9086 Packages must not include device files or named pipes in the
9087 package file tree.
9088 </p>
9090 <p>
9091 If a package needs any special device files that are not
9092 included in the base system, it must call
9094 after notifying the user<footnote>
9095 This notification could be done via a (low-priority)
9096 debconf message, or an echo (printf) statement.
9097 </footnote>.
9098 </p>
9100 <p>
9101 Packages must not remove any device files in the
9103 system administrator.
9104 </p>
9106 <p>
9107 Debian uses the serial devices
9111 </p>
9113 <p>
9114 Named pipes needed by the package must be created in
9118 automated checks for packages incorrectly creating device
9120 </footnote> and removed in
9122 appropriate.
9123 </p>
9124 </sect>
9129 <sect1>
9132 <p>
9133 <taglist>
9135 <item>
9136 A file that affects the operation of a program, or
9137 provides site- or host-specific information, or
9138 otherwise customizes the behavior of a program.
9139 Typically, configuration files are intended to be
9140 modified by the system administrator (if needed or
9141 desired) to conform to local policy or to provide
9142 more useful site-specific behavior.
9143 </item>
9146 <item>
9150 </item>
9151 </taglist>
9152 </p>
9154 <p>
9155 The distinction between these two is important; they are
9156 not interchangeable concepts. Almost all
9159 </p>
9161 <p>
9166 treated as configuration files. In general, any script that
9167 embeds configuration information is de-facto a configuration
9168 file and should be treated as such.
9169 </p>
9170 </sect1>
9172 <sect1>
9175 <p>
9176 Any configuration files created or used by your package
9179 named after your package.
9180 </p>
9182 <p>
9183 If your package creates or uses configuration files
9187 from the location that the package requires.
9188 </p>
9189 </sect1>
9191 <sect1>
9194 <p>
9195 Configuration file handling must conform to the following
9196 behavior:
9198 <item>
9199 local changes must be preserved during a package
9200 upgrade, and
9201 </item>
9202 <item>
9203 configuration files must be preserved when the
9204 package is removed, and only deleted when the
9205 package is purged.
9206 </item>
9207 </list>
9208 Obsolete configuration files without local changes should be
9209 removed by the package during upgrade.<footnote>
9212 </p>
9214 <p>
9215 The easy way to achieve this behavior is to make the
9217 appropriate only if it is possible to distribute a default
9218 version that will work for most installations, although
9219 some system administrators may choose to modify it. This
9220 implies that the default version will be part of the
9221 package distribution, and must not be modified by the
9222 maintainer scripts during installation (or at any other
9223 time).
9224 </p>
9226 <p>
9227 In order to ensure that local changes are preserved
9228 correctly, no package may contain or make hard links to
9229 conffiles.<footnote>
9230 Rationale: There are two problems with hard links.
9231 The first is that some editors break the link while
9232 editing one of the files, so that the two files may
9233 unwittingly become unlinked and different. The second
9236 </footnote>
9237 </p>
9239 <p>
9240 The other way to do it is via the maintainer scripts. In
9241 this case, the configuration file must not be listed as a
9243 distribution. If the existence of a file is required for
9244 the package to be sensibly configured it is the
9245 responsibility of the package maintainer to provide
9246 maintainer scripts which correctly create, update and
9247 maintain the file and remove it on purge. (See <ref
9249 scripts must be idempotent (i.e., must work correctly if
9251 during installation or removal), must cope with all the
9253 scripts, must not overwrite or otherwise mangle the user's
9254 configuration without asking, must not ask unnecessary
9255 questions (particularly during upgrades), and must
9256 otherwise be good citizens.
9257 </p>
9259 <p>
9260 The scripts are not required to configure every possible
9261 option for the package, but only those necessary to get
9262 the package running on a given system. Ideally the
9263 sysadmin should not have to do any configuration other
9264 than that done (semi-)automatically by the
9266 </p>
9268 <p>
9269 A common practice is to create a script called
9272 configuration file does not already exist. In certain
9273 cases it is useful for there to be an example or template
9274 file which the maintainer scripts use. Such files should
9277 they are architecture-independent or not). There should
9278 be symbolic links to them from
9280 they are examples, and should be perfectly ordinary
9282 configuration files).
9283 </p>
9285 <p>
9286 These two styles of configuration file handling must
9287 not be mixed, for that way lies madness:
9289 every time the package is upgraded.
9290 </p>
9291 </sect1>
9293 <sect1>
9296 <p>
9297 If two or more packages use the same configuration file
9298 and it is reasonable for both to be installed at the same
9299 time, one of these packages must be defined as
9301 the package which handles that file as a configuration
9302 file. Other packages that use the configuration file must
9303 depend on the owning package if they require the
9304 configuration file to operate. If the other package will
9305 use the configuration file if present, but is capable of
9306 operating without it, no dependency need be declared.
9307 </p>
9309 <p>
9310 If it is desirable for two or more related packages to
9312 related packages to be able to modify that configuration
9313 file, then the following should be done:
9315 <item>
9316 One of the related packages (the "owning" package)
9317 will manage the configuration file with maintainer
9318 scripts as described in the previous section.
9319 </item>
9320 <item>
9321 The owning package should also provide a program
9322 that the other packages may use to modify the
9323 configuration file.
9324 </item>
9325 <item>
9326 The related packages must use the provided program
9327 to make any desired modifications to the
9328 configuration file. They should either depend on
9329 the core package to guarantee that the configuration
9330 modifier program is available or accept gracefully
9331 that they cannot modify the configuration file if it
9332 is not. (This is in addition to the fact that the
9333 configuration file may not even be present in the
9334 latter scenario.)
9335 </item>
9336 </enumlist>
9337 </p>
9339 <p>
9340 Sometimes it's appropriate to create a new package which
9341 provides the basic infrastructure for the other packages
9342 and which manages the shared configuration files. (The
9344 </p>
9346 <p>
9347 If the configuration file cannot be shared as described above,
9348 the packages must be marked as conflicting with each other.
9349 Two packages that specify the same file as
9351 general rule about not sharing files. Neither alternatives
9352 nor diversions are likely to be appropriate in this case; in
9355 </p>
9357 <p>
9359 may see left-over configuration files from each other even
9360 though they conflict with each other. If a user removes
9361 (without purging) one of the packages and installs the other,
9363 old package. If the file was modified by the user, it will be
9364 treated the same as any other locally
9366 </p>
9368 <p>
9371 belong to.
9372 </p>
9373 </sect1>
9375 <sect1>
9378 <p>
9381 No other program should reference the files in
9383 </p>
9385 <p>
9386 Therefore, if a program needs a dotfile to exist in
9389 configuration file.
9390 </p>
9392 <p>
9393 However, programs that require dotfiles in order to
9394 operate sensibly are a bad thing, unless they do create
9395 the dotfiles themselves automatically.
9396 </p>
9398 <p>
9399 Furthermore, programs should be configured by the Debian
9400 default installation to behave as closely to the upstream
9401 default behavior as possible.
9402 </p>
9404 <p>
9405 Therefore, if a program in a Debian package needs to be
9406 configured in some way in order to operate sensibly, that
9407 should be done using a site-wide configuration file placed
9409 site-wide default configuration and the package maintainer
9410 doesn't have time to add it may a default per-user file be
9412 </p>
9414 <p>
9416 This is particularly true because there is no easy (or
9417 necessarily desirable) mechanism for ensuring that the
9418 appropriate dotfiles are copied into the accounts of
9419 existing users when a package is installed.
9420 </p>
9421 </sect1>
9422 </sect>
9424 <sect>
9426 <p>
9427 Log files should usually be named
9429 log files, or need a separate directory for permission
9433 files there.
9434 </p>
9436 <p>
9437 Log files must be rotated occasionally so that they don't grow
9438 indefinitely. The best way to do this is to install a log
9439 rotation configuration file in the
9443 <footnote>
9444 <p>
9445 The traditional approach to log files has been to set up
9447 scripts and cron. While this approach is highly
9448 customizable, it requires quite a lot of sysadmin work.
9449 Even though the original Debian system helped a little
9450 by automatically installing a system which can be used
9451 as a template, this was deemed not enough.
9452 </p>
9454 <p>
9456 by Red Hat, is better, as it centralizes log management.
9457 It has both a configuration file
9459 packages can drop their individual log rotation
9461 </p>
9462 </footnote>
9463 Here is a good example for a logrotate config
9467 /var/log/foo/*.log {
9468 rotate 12
9469 weekly
9470 compress
9471 missingok
9472 postrotate
9473 start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
9474 endscript
9475 }
9476 </example>
9478 compressed generations, and tells the daemon to reopen its log
9479 files after the log rotation. It skips this log rotation
9481 avoids errors if the package is removed but not purged.
9482 </p>
9484 <p>
9485 Log files should be removed when the package is
9486 purged (but not when it is only removed). This should be
9490 </p>
9491 </sect>
9496 <p>
9497 The rules in this section are guidelines for general use.
9498 If necessary you may deviate from the details below.
9499 However, if you do so you must make sure that what is done
9500 is secure and you should try to be as consistent as possible
9501 with the rest of the system. You should probably also
9503 </p>
9505 <p>
9507 writable only by the owner and universally readable (and
9509 </p>
9511 <p>
9512 Directories should be mode 755 or (for group-writability)
9513 mode 2775. The ownership of the directory should be
9514 consistent with its mode: if a directory is mode 2775, it
9515 should be owned by the group that needs write access to
9516 it.<footnote>
9517 <p>
9518 When a package is upgraded, and the owner or permissions
9519 of a file included in the package has changed, dpkg
9520 arranges for the ownership and permissions to be
9521 correctly set upon installation. However, this does not
9522 extend to directories; the permissions and ownership of
9523 directories already on the system does not change on
9524 install or upgrade of packages. This makes sense, since
9526 always be in flux. To correctly change permissions of a
9527 directory the package owns, explicit action is required,
9529 taken to handle downgrades as well, in that case.
9530 </p>
9531 </footnote>
9532 </p>
9534 <p>
9538 scripts</qref>).
9539 </p>
9541 <p>
9543 respectively, and owned by the appropriate user or group.
9544 They should not be made unreadable (modes like 4711 or
9546 because anyone can find the binary in the freely available
9547 Debian package; it is merely inconvenient. For the same
9548 reason you should not restrict read or execute permissions
9549 on non-set-id executables.
9550 </p>
9552 <p>
9553 Some setuid programs need to be restricted to particular
9554 sets of users, using file permissions. In this case they
9555 should be owned by the uid to which they are set-id, and by
9556 the group which should be allowed to execute them. They
9557 should have mode 4754; again there is no point in making
9558 them unreadable to those users who must not be allowed to
9559 execute them.
9560 </p>
9562 <p>
9563 It is possible to arrange that the system administrator can
9564 reconfigure the package to correspond to their local
9565 security policy by changing the permissions on a binary:
9567 described below.<footnote>
9570 normally have their permissions reset to the distributed
9571 permissions when the package is reinstalled. However,
9573 default behavior.
9574 </footnote>
9575 Another method you should consider is to create a group for
9576 people allowed to use the program(s) and make any setuid
9577 executables executable only by that group.
9578 </p>
9580 <p>
9581 If you need to create a new user or group for your package
9582 there are two possibilities. Firstly, you may need to
9583 make some files in the binary package be owned by this
9584 user or group, or you may need to compile the user or
9585 group id (rather than just the name) into the binary
9586 (though this latter should be avoided if possible, as in
9587 this case you need a statically allocated id).</p>
9589 <p>
9590 If you need a statically allocated id, you must ask for a
9592 and must not release the package until you have been
9593 allocated one. Once you have been allocated one you must
9594 either make the package depend on a version of the
9597 your package to create the user or group itself with the
9601 possible, otherwise a pre-dependency will be needed on the
9603 </p>
9605 <p>
9606 On the other hand, the program might be able to determine the
9607 uid or gid from the user or group name at runtime, so that a
9608 dynamically allocated id can be used. In this case you should
9609 choose an appropriate user or group name, discussing this
9611 When this has been checked you must arrange for your package to
9612 create the user or group if necessary using
9615 preferred if it is possible).
9616 </p>
9618 <p>
9619 Note that changing the numeric value of an id associated
9620 with a name is very difficult, and involves searching the
9621 file system for all appropriate files. You need to think
9622 carefully whether a static or dynamic id is required, since
9623 changing your mind later will cause problems.
9624 </p>
9627 <p>
9628 This section is not intended as policy, but as a
9630 </p>
9632 <p>
9633 If a system administrator wishes to have a file (or
9634 directory or other such thing) installed with owner and
9635 permissions different from those in the distributed Debian
9638 settings every time the file is installed. Thus the
9639 package maintainer should distribute the files with their
9640 normal permissions, and leave it for the system
9641 administrator to make any desired changes. For example, a
9642 daemon which is normally required to be setuid root, but
9643 in certain situations could be used without being setuid,
9645 local system administrator can change this if they wish.
9646 If there are two standard ways of doing it, the package
9649 maintainer script if necessary to accommodate the system
9650 administrator's choice. Care must be taken during
9651 upgrades to not override an existing setting.
9652 </p>
9654 <p>
9656 essentially a tool for system administrators and would not
9657 normally be needed in the maintainer scripts. There is
9658 one type of situation, though, where calls to
9660 maintainer scripts, and that involves packages which use
9661 dynamically allocated user or group ids. In such a
9662 situation, something like the following idiom can be very
9665 <example>
9666 for i in /usr/bin/foo /usr/sbin/bar
9667 do
9668 # only do something when no setting exists
9670 then
9671 #include: debconf processing, question about foo and bar
9673 dpkg-statoverride --update --add sysuser root 4755 $i
9674 fi
9675 fi
9676 done
9677 </example>
9678 The corresponding code to remove the override when the package
9679 is purged would be:
9680 <example>
9681 for i in /usr/bin/foo /usr/sbin/bar
9682 do
9684 then
9685 dpkg-statoverride --remove $i
9686 fi
9687 done
9688 </example>
9689 </p>
9690 </sect1>
9691 </sect>
9696 <p>
9697 The name of the files installed by binary packages in the system PATH
9700 ASCII.
9701 </p>
9703 <p>
9704 The name of the files and directories installed by binary packages
9705 outside the system PATH must be encoded in UTF-8 and should be
9706 restricted to ASCII when it is possible to do so.
9707 </p>
9708 </sect>
9709 </chapt>
9718 <p>
9719 If a program needs to specify an <em>architecture specification
9720 string</em> in some place, it should select one of the strings
9723 part is sometimes elided, as when the OS is Linux.
9724 </p>
9726 <p>
9727 Note that we don't want to use
9730 since this would make our programs incompatible with other
9731 Linux distributions. We also don't use something like
9734 </p>
9739 <p>
9740 A package may specify an architecture wildcard. Architecture
9744 Internally, the package system normalizes the GNU triplets
9745 and the Debian arches into Debian arch triplets (which are
9746 kind of inverted GNU triplets), with the first component of
9747 the triplet representing the libc and ABI in use, and then
9748 does matching against those triplets. However, such
9749 triplets are an internal implementation detail that should
9750 not be used by packages directly. The libc and ABI portion
9751 is handled internally by the package system based on
9753 </footnote>
9754 </p>
9755 </sect1>
9756 </sect>
9758 <sect>
9761 <p>
9765 by other packages.
9766 </p>
9768 <p>
9769 If a package requires a new entry in one of these files, the
9770 maintainer should get in contact with the
9773 package.
9774 </p>
9776 <p>
9778 modified by the package's scripts except via the
9781 for details on how to add entries.
9782 </p>
9784 <p>
9785 If a package wants to install an example entry into
9788 treated as "commented out by user" by the
9790 activated during package updates.
9791 </p>
9792 </sect>
9794 <sect>
9795 <heading>Using pseudo-ttys and modifying wtmp, utmp and
9796 lastlog</heading>
9798 <p>
9799 Some programs need to create pseudo-ttys. This should be done
9800 using Unix98 ptys if the C library supports it. The resulting
9801 program must not be installed setuid root, unless that
9802 is required for other functionality.
9803 </p>
9805 <p>
9810 </p>
9811 </sect>
9813 <sect>
9816 <p>
9817 Some programs have the ability to launch an editor or pager
9818 program to edit or display a text document. Since there are
9819 lots of different editors and pagers available in the Debian
9820 distribution, the system administrator and each user should
9821 have the possibility to choose their preferred editor and
9822 pager.
9823 </p>
9825 <p>
9826 In addition, every program should choose a good default
9827 editor/pager if none is selected by the user or system
9828 administrator.
9829 </p>
9831 <p>
9832 Thus, every program that launches an editor or pager must
9833 use the EDITOR or PAGER environment variable to determine
9834 the editor or pager the user wishes to use. If these
9837 </p>
9839 <p>
9841 "alternatives" mechanism. Every package providing an editor or
9845 should have a slave alternative
9848 corresponding manual page.
9849 </p>
9851 <p>
9852 If it is very hard to adapt a program to make use of the
9853 EDITOR or PAGER variables, that program may be configured to
9856 program respectively. These are two scripts provided in the
9858 and PAGER variables and launch the appropriate program, and fall
9861 </p>
9863 <p>
9864 A program may also use the VISUAL environment variable to
9865 determine the user's choice of editor. If it exists, it
9866 should take precedence over EDITOR. This is in fact what
9868 </p>
9870 <p>
9871 It is not required for a package to depend on
9873 package to provide such virtual packages.<footnote>
9874 The Debian base system already provides an editor and a
9875 pager program.
9876 </footnote>
9877 </p>
9878 </sect>
9883 <p>
9884 This section describes the locations and URLs that should
9885 be used by all web servers and web applications in the
9886 Debian system.
9887 </p>
9889 <p>
9890 <enumlist>
9891 <item>
9892 Cgi-bin executable files are installed in the
9893 directory
9895 /usr/lib/cgi-bin
9896 </example>
9897 or a subdirectory of that directory, and the script
9900 </example>
9901 should be referred to as
9904 </example>
9905 </item>
9907 <item>
9909 </item>
9911 <item>
9913 <p>
9914 It is recommended that images for a package be stored
9917 as
9918 <example>
9920 </example>
9922 </p>
9923 </item>
9925 <item>
9928 <p>
9929 Web Applications should try to avoid storing files in
9930 the Web Document Root. Instead they should use the
9932 documents and register the Web Application via the
9934 web document root is unavoidable then use
9936 /var/www/html
9937 </example>
9938 as the Document Root. This might be just a symbolic
9939 link to the location where the system administrator
9940 has put the real document root.
9941 </p>
9942 </item>
9944 <p>
9945 All web servers should provide the virtual package
9948 </p>
9949 <p>
9950 All web applications which do not contain CGI scripts should
9954 </p>
9955 </item>
9956 </enumlist>
9957 </p>
9958 </sect>
9963 <p>
9964 Debian packages which process electronic mail, whether mail
9965 user agents (MUAs) or mail transport agents (MTAs), must
9966 ensure that they are compatible with the configuration
9967 decisions below. Failure to do this may result in lost
9969 damage!
9970 </p>
9972 <p>
9975 the FHS). On older systems, the mail spool may be
9977 access to the mail spool should be via the
9979 base system and not part of the MTA package.
9980 </p>
9982 <p>
9983 All Debian MUAs, MTAs, MDAs and other mailbox accessing
9984 programs (such as IMAP daemons) must lock the mailbox in an
9986 be combined with dot locking. To avoid deadlocks, a program
9988 this, or alternatively implement the two locking methods in
9989 a non blocking way<footnote>
9990 If it is not possible to establish both locks, the
9991 system shouldn't wait for the second lock to be
9992 established, but remove the first lock, wait a (random)
9993 time, and start over locking again.
9998 to use these functions.
9999 </footnote> packages is the recommended way to realize this.
10000 </p>
10002 <p>
10003 Mailboxes are generally either mode 600 and owned by
10006 There are two traditional permission schemes for mail spools:
10007 mode 600 with all mail delivery done by processes running as
10008 the destination user, or mode 660 and owned by group mail with
10009 mail delivery done by a process running as a system user in
10010 group mail. Historically, Debian required mode 660 mail
10011 spools to enable the latter model, but that model has become
10012 increasingly uncommon and the principle of least privilege
10013 indicates that mail systems that use the first model should
10014 use permissions of 600. If delivery to programs is permitted,
10015 it's easier to keep the mail system secure if the delivery
10016 agent runs as the destination user. Debian Policy therefore
10017 permits either scheme.
10018 </footnote>. The local system administrator may choose a
10019 different permission scheme; packages should not make
10020 assumptions about the permission and ownership of mailboxes
10021 unless required (such as when creating a new mailbox). A MUA
10022 may remove a mailbox (unless it has nonstandard permissions) in
10023 which case the MTA or another MUA must recreate it if needed.
10024 </p>
10026 <p>
10028 be setgid mail to do the locking mentioned above (and
10029 must obviously avoid accessing other users' mailboxes
10030 using this privilege).</p>
10032 <p>
10034 aliases (e.g., postmaster, usenet, etc.), it is the one
10039 even if it does nothing, but older MTA packages did not do
10041 cannot be found. Note that because of this, all MTA
10044 </p>
10046 <p>
10047 The convention of writing <tt>forward to
10051 <p>
10056 is supported.</p>
10058 <p>
10059 If your package needs to know what hostname to use on (for
10060 example) outgoing news and mail messages which are generated
10063 (at) sign for email addresses of users on the machine
10064 (followed by a newline).
10065 </p>
10067 <p>
10068 Such a package should check for the existence of this file
10069 when it is being configured. If it exists, it should be
10070 used without comment, although an MTA's configuration script
10071 may wish to prompt the user even if it finds that this file
10072 exists. If the file does not exist, the package should
10073 prompt the user for the value (preferably using
10075 as well as using it in the package's configuration. The
10076 prompt should make it clear that the name will not just be
10077 used by that package. For example, in this situation the
10080 Please enter the "mail name" of your system. This is the
10081 hostname portion of the address to be shown on outgoing
10082 news and mail messages. The default is
10084 name ["<var>syshostname</var>"]:
10085 </example>
10087 --fqdn</tt>.
10088 </p>
10089 </sect>
10091 <sect>
10094 <p>
10095 All the configuration files related to the NNTP (news)
10096 servers and clients should be located under
10099 <p>
10100 There are some configuration issues that apply to a number
10101 of news clients and server packages on the machine. These
10102 are:
10104 <taglist>
10106 <item>
10107 A string which should appear as the
10108 organization header for all messages posted
10109 by NNTP clients on the machine
10110 </item>
10113 <item>
10114 Contains the FQDN of the upstream NNTP
10115 server, or localhost if the local machine is
10116 an NNTP server.
10117 </item>
10118 </taglist>
10120 Other global files may be added as required for cross-package news
10121 configuration.
10122 </p>
10123 </sect>
10126 <sect>
10129 <sect1>
10132 <p>
10133 Programs that can be configured with support for the X
10134 Window System must be configured to do so and must declare
10135 any package dependencies necessary to satisfy their
10136 runtime requirements when using the X Window System. If
10137 such a package is of higher priority than the X packages
10138 on which it depends, it is required that either the
10139 X-specific components be split into a separate package, or
10140 that an alternative version of the package, which includes
10141 X support, be provided, or that the package's priority be
10142 lowered.
10143 </p>
10144 </sect1>
10146 <sect1>
10149 <p>
10150 Packages that provide an X server that, directly or
10151 indirectly, communicates with real input and display
10153 field that they provide the virtual
10155 This implements current practice, and provides an
10157 virtual package which appears in the virtual packages
10158 list. In a nutshell, X servers that interface
10159 directly with the display and input hardware or via
10160 another subsystem (e.g., GGI) should provide
10163 </footnote>
10164 </p>
10165 </sect1>
10167 <sect1>
10170 <p>
10171 Packages that provide a terminal emulator for the X Window
10172 System which meet the criteria listed below should declare in
10175 also register themselves as an alternative for
10177 20. That alternative should have a slave alternative
10179 pointing to the corresponding manual page.
10180 </p>
10182 <p>
10185 <item>
10186 Be able to emulate a DEC VT100 terminal, or a
10187 compatible terminal.
10188 </item>
10190 <item>
10191 Support the command-line option <tt>-e
10193 terminal window<footnote>
10194 "New terminal window" does not necessarily mean
10195 a new top-level X window directly parented by
10196 the window manager; it could, if the terminal
10197 emulator application were so coded, be a new
10198 "view" in a multiple-document interface (MDI).
10199 </footnote>
10201 interpreting the entirety of the rest of the command
10202 line as a command to pass straight to exec, in the
10204 </item>
10206 <item>
10207 Support the command-line option <tt>-T
10210 </item>
10211 </list>
10212 </p>
10213 </sect1>
10215 <sect1>
10218 <p>
10219 Packages that provide a window manager should declare in
10222 register themselves as an alternative for
10224 calculated as follows:
10226 <item>
10227 Start with a priority of 20.
10228 </item>
10230 <item>
10231 If the window manager supports the Debian menu
10232 system, add 20 points if this support is available
10233 in the package's default configuration (i.e., no
10234 configuration files belonging to the system or user
10235 have to be edited to activate the feature); if
10236 configuration files must be modified, add only 10
10237 points.
10238 </p>
10239 </item>
10241 <item>
10242 If the window manager complies with <url
10247 </item>
10249 <item>
10250 If the window manager permits the X session to be
10252 (without killing the X server) in its default
10253 configuration, add 10 points; otherwise add none.
10254 </item>
10255 </list>
10256 That alternative should have a slave alternative
10258 pointing to the corresponding manual page.
10259 </p>
10260 </sect1>
10262 <sect1>
10265 <p>
10266 Packages that provide fonts for the X Window
10267 System<footnote>
10268 For the purposes of Debian Policy, a "font for the X
10269 Window System" is one which is accessed via X protocol
10270 requests. Fonts for the Linux console, for PostScript
10271 renderer, or any other purpose, do not fit this
10272 definition. Any tool which makes such fonts available
10273 to the X Window System, however, must abide by this
10274 font policy.
10275 </footnote>
10276 must do a number of things to ensure that they are both
10277 available without modification of the X or font server
10278 configuration, and that they do not corrupt files used by
10279 other font packages to register information about
10280 themselves.
10281 <enumlist>
10282 <item>
10283 Fonts of any type supported by the X Window System
10284 must be in a separate binary package from any
10285 executables, libraries, or documentation (except
10286 that specific to the fonts shipped, such as their
10287 license information). If one or more of the fonts
10288 so packaged are necessary for proper operation of
10289 the package with which they are associated the font
10290 package may be Recommended; if the fonts merely
10291 provide an enhancement, a Suggests relationship may
10292 be used. Packages must not Depend on font
10293 packages.<footnote>
10294 This is because the X server may retrieve fonts
10295 from the local file system or over the network
10296 from an X font server; the Debian package system
10297 is empowered to deal only with the local
10298 file system.
10299 </footnote>
10300 </item>
10302 <item>
10303 BDF fonts must be converted to PCF fonts with the
10306 placed in a directory that corresponds to their
10307 resolution:
10309 <item>
10310 100 dpi fonts must be placed in
10312 </item>
10314 <item>
10315 75 dpi fonts must be placed in
10317 </item>
10319 <item>
10320 Character-cell fonts, cursor fonts, and other
10321 low-resolution fonts must be placed in
10323 </item>
10324 </list>
10325 </item>
10327 <item>
10328 Type 1 fonts must be placed in
10330 metric files are available, they must be placed here
10331 as well.
10332 </item>
10334 <item>
10336 other than those listed above must be neither
10339 are excepted for historical reasons, but installation of
10340 files into these directories remains discouraged.)
10341 </item>
10343 <item>
10344 Font packages may, instead of placing files directly
10345 in the X font directories listed above, provide
10346 symbolic links in that font directory pointing to
10347 the files' actual location in the filesystem. Such
10348 a location must comply with the FHS.
10349 </item>
10351 <item>
10352 Font packages should not contain both 75dpi and
10353 100dpi versions of a font. If both are available,
10354 they should be provided in separate binary packages
10356 the names of the packages containing the
10357 corresponding fonts.
10358 </item>
10360 <item>
10362 should not be included in the same package as 75dpi
10363 or 100dpi fonts; instead, they should be provided in
10365 its name.
10366 </item>
10368 <item>
10369 Font packages must not provide the files
10372 <list>
10373 <item>
10375 </item>
10377 <item>
10379 files, if needed, should be provided in the
10380 directory
10383 subdirectory of
10385 package's corresponding fonts are stored
10388 that provides these fonts, and
10391 the file contents.
10392 </item>
10393 </list>
10394 </item>
10396 <item>
10397 Font packages must declare a dependency on
10400 </item>
10402 <item>
10403 Font packages that provide one or more
10406 directory into which they installed fonts
10409 This invocation must occur in both the
10413 </item>
10415 <item>
10416 Font packages that provide one or more
10419 directory into which they installed fonts. This
10420 invocation must occur in both the
10424 </item>
10426 <item>
10427 Font packages must invoke
10429 which they installed fonts. This invocation must
10433 </item>
10435 <item>
10436 Font packages must not provide alias names for the
10437 fonts they include which collide with alias names
10438 already in use by fonts already packaged.
10439 </item>
10441 <item>
10442 Font packages must not provide fonts with the same
10443 XLFD registry name as another font already packaged.
10444 </item>
10445 </enumlist>
10446 </p>
10447 </sect1>
10452 <p>
10453 Application defaults files must be installed in the
10456 in the <em>X Toolkit Intrinsics - C Language
10457 Interface</em> manual is also permitted). They must be
10459 configuration files.
10460 </p>
10462 <p>
10463 Customization of programs' X resources may also be
10464 supported with the provision of a file with the same name
10465 as that of the package placed in
10468 configuration file.<footnote>
10469 Note that this mechanism is not the same as using
10470 app-defaults; app-defaults are tied to the client
10471 binary on the local file system, whereas X resources
10472 are stored in the X server and affect all connecting
10473 clients.
10474 </footnote>
10475 </p>
10476 </sect1>
10478 <sect1>
10481 <p>
10482 Historically, packages using the X Window System used a
10483 separate set of installation directories from other packages.
10484 This practice has been discontinued and packages using the X
10485 Window System should now generally be installed in the same
10486 directories as any other package. Specifically, packages must
10489 regarded as obsolete.
10490 </p>
10492 <p>
10493 Include files previously installed under
10496 installed into subdirectories of
10501 </p>
10503 <p>
10504 Configuration files for window, display, or session managers
10505 or other applications that are tightly integrated with the X
10506 Window System may be placed in a subdirectory
10508 Other X Window System applications should use
10511 </p>
10512 </sect1>
10513 </sect>
10518 <p>
10519 Perl programs and modules should follow the current Perl policy.
10520 </p>
10522 <p>
10525 It is also available from the Debian web mirrors at
10528 </p>
10529 </sect>
10534 <p>
10535 Please refer to the "Debian Emacs Policy" for details of how to
10536 package emacs lisp programs.
10537 </p>
10539 <p>
10540 The Emacs policy is available in
10543 It is also available from the Debian web mirrors at
10546 </p>
10547 </sect>
10549 <sect>
10552 <p>
10555 </p>
10557 <p>
10558 Each game decides on its own security policy.</p>
10560 <p>
10561 Games which require protected, privileged access to
10562 high-score files, saved games, etc., may be made
10566 example). They must not be made
10568 an attacker can subvert any set-user-id game they can
10569 overwrite the executable of any other, causing other players
10570 of these games to run a Trojan horse program. With a
10571 set-group-id game the attacker only gets access to less
10572 important game data, and if they can get at the other
10573 players' accounts at all it will take considerably more
10574 effort.)</p>
10576 <p>
10577 Some packages, for example some fortune cookie programs, are
10578 configured by the upstream authors to install with their
10579 data files or other static information made unreadable so
10580 that they can only be accessed through set-id programs
10581 provided. You should not do this in a Debian package: anyone can
10583 so there is no point making the files unreadable. Not
10584 making the files unreadable also means that you don't have
10585 to make so many programs set-id, which reduces the risk of a
10586 security hole.</p>
10588 <p>
10589 As described in the FHS, binaries of games should be
10591 applies to games that use the X Window System. Manual pages
10592 for games (X and non-X games) should be installed in
10594 </sect>
10595 </chapt>
10601 <sect>
10604 <p>
10608 details). You must not install a pre-formatted "cat page".
10609 </p>
10611 <p>
10612 Each program, utility, and function should have an
10613 associated manual page included in the same package. It is
10614 suggested that all configuration files also have a manual
10615 page included as well. Manual pages for protocols and other
10616 auxiliary things are optional.
10617 </p>
10619 <p>
10620 If no manual page is available, this is considered as a bug
10621 and should be reported to the Debian Bug Tracking System (the
10622 maintainer of the package is allowed to write this bug report
10623 themselves, if they so desire). Do not close the bug report
10624 until a proper man page is available.<footnote>
10625 It is not very hard to write a man page. See the
10632 </footnote>
10633 </p>
10635 <p>
10636 You may forward a complaint about a missing man page to the
10637 upstream authors, and mark the bug as forwarded in the
10638 Debian bug tracking system. Even though the GNU Project do
10639 not in general consider the lack of a man page to be a bug,
10640 we do; if they tell you that they don't consider it a bug
10641 you should leave the bug in our bug tracking system open
10642 anyway.
10643 </p>
10645 <p>
10647 </p>
10649 <p>
10650 If one man page needs to be accessible via several names it
10652 feature, but there is no need to fiddle with the relevant
10654 symlinks: don't do it unless it's easy. You should not
10655 create hard links in the manual page directories, nor put
10658 base of the man page tree (usually
10661 in the file system to the alternate names of the man page,
10663 man page under those names based solely on the information in
10664 the man page's header.<footnote>
10666 unreasonable processing time to find a manual page or to
10667 report that none exists, and moves knowledge into man's
10668 database that would be better left in the file system.
10669 This support is therefore deprecated and will cease to
10670 be present in the future.
10671 </footnote>
10672 </p>
10674 <p>
10675 Manual pages in locale-specific subdirectories of
10677 legacy encoding for that language (normally the one corresponding
10678 to the shortest relevant locale name in
10683 use. In future, all manual pages will be required to use
10684 UTF-8.
10685 </footnote>
10686 </p>
10688 <p>
10690 included in the subdirectory name unless it indicates a
10691 significant difference in the language, as this excludes
10692 speakers of the language in other countries.<footnote>
10693 At the time of writing, Chinese and Portuguese are the main
10696 </footnote>
10697 </p>
10699 <p>
10700 If a localized version of a manual page is provided, it should
10701 either be up-to-date or it should be obvious to the reader that
10702 it is outdated and the original manual page should be used
10703 instead. This can be done either by a note at the beginning of
10704 the manual page or by showing the missing or changed portions in
10705 the original language instead of the target language.
10706 </p>
10707 </sect>
10709 <sect>
10712 <p>
10715 </p>
10717 <p>
10720 use of info readers. This file must not be included in packages
10722 </p>
10724 <p>
10726 appropriate using dpkg triggers. Packages other than
10730 for this purpose.
10731 </p>
10733 <p>
10736 </p>
10738 <p>
10739 Info documents should contain section and directory entry
10740 information in the document for the use
10743 space and the section of this info page. The directory entry or
10744 entries should be included between
10747 <example>
10748 INFO-DIR-SECTION Individual utilities
10749 START-INFO-DIR-ENTRY
10750 * example: (example). An example info directory entry.
10751 END-INFO-DIR-ENTRY
10752 </example>
10753 To determine which section to use, you should look
10755 the most relevant (or create a new section if none of the
10756 current sections are relevant).<footnote>
10757 Normally, info documents are generated from Texinfo source.
10758 To include this information in the generated info document, if
10759 it is absent, add commands like:
10760 <example>
10761 @dircategory Individual utilities
10762 @direntry
10763 * example: (example). An example info directory entry.
10764 @end direntry
10765 </example>
10766 to the Texinfo source of the document and ensure that the info
10767 documents are rebuilt from source during the package build.
10768 </footnote>
10769 </p>
10770 </sect>
10775 <p>
10776 Any additional documentation that comes with the package may be
10777 installed at the discretion of the package maintainer. It is
10778 often a good idea to include text information files
10780 source package in the binary package. However, you don't need
10781 to install the instructions for building and installing the
10782 package, of course!
10783 </p>
10785 <p>
10786 Plain text documentation should be compressed with <tt>gzip
10788 </p>
10790 <p>
10791 If a package comes with large amounts of documentation that many
10792 users of the package will not require, you should create a
10793 separate binary package to contain it so that it does not take
10794 up disk space on the machines of users who do not need or want
10795 it installed. As a special case of this rule, shared library
10796 documentation of any appreciable size should always be packaged
10798 or in a separate documentation package, since shared libraries
10799 are frequently installed as dependencies of other packages by
10800 users who have little interest in documentation of the library
10801 itself. The documentation package for the
10805 separate documentation packages for multiple languages).
10806 </p>
10808 <p>
10809 Additional documentation included in the package should be
10811 If the documentation is packaged separately,
10813 either that path or into the documentation directory for the
10814 separate documentation package
10816 example). However, installing the documentation into the
10817 documentation directory of the main package is preferred since
10818 it is independent of the packaging method and will be easier for
10819 users to find.
10820 </p>
10822 <p>
10823 Any separate package providing documentation must still install
10824 standard documentation files in its
10828 </p>
10830 <p>
10831 Packages must not require the existence of any files in
10833 <footnote>
10834 The system administrator should be able to delete files
10836 to break.
10837 </footnote>. Any files that are used or read by programs but
10838 are also useful as stand alone documentation should be installed
10839 elsewhere, such as
10841 included via symbolic links
10843 </p>
10845 <p>
10848 the two packages both come from the same source and the
10849 first package Depends on the second.<footnote>
10850 <p>
10851 Please note that this does not override the section on
10852 changelog files below, so the file
10854 must refer to the changelog for the current version of
10856 that the sources of the target and the destination of the
10857 symlink must be the same (same source package and
10858 version).
10859 </p>
10860 </footnote>
10861 </p>
10862 </sect>
10864 <sect>
10867 <p>
10868 The unification of Debian documentation is being carried out
10869 via HTML.</p>
10871 <p>
10872 If the package comes with extensive documentation in a
10873 markup format that can be converted to various other formats
10874 you should if possible ship HTML versions in a binary
10875 package.<footnote>
10876 Rationale: The important thing here is that HTML
10878 binary package.
10879 </footnote>
10880 The documentation must be installed as specified in
10882 </p>
10884 <p>
10885 Other formats such as PostScript may be provided at the
10886 package maintainer's discretion.
10887 </p>
10888 </sect>
10893 <p>
10894 Every package must be accompanied by a verbatim copy of its
10895 copyright information and distribution license in the file
10897 file must neither be compressed nor be a symbolic link.
10898 </p>
10900 <p>
10901 In addition, the copyright file must say where the upstream
10902 sources (if any) were obtained, and should name the original
10903 authors.
10904 </p>
10906 <p>
10908 areas should state in the copyright file that the package is not
10909 part of the Debian distribution and briefly explain why.
10910 </p>
10912 <p>
10913 A copy of the file which will be installed in
10916 </p>
10918 <p>
10921 the two packages both come from the same source and the
10922 first package Depends on the second. These rules are important
10924 mechanical means.
10925 </p>
10927 <p>
10928 Packages distributed under the Apache license (version 2.0), the
10932 to the corresponding files under
10934 <p>
10935 In particular,
10948 respectively. The University of California BSD license is
10951 brevity of this license, its specificity to code whose
10952 copyright is held by the Regents of the University of
10953 California, and the frequency of minor wording changes, its
10954 text should be included in the copyright file rather than
10955 referencing this file.
10956 </p>
10957 </footnote> rather than quoting them in the copyright
10958 file.
10959 </p>
10961 <p>
10963 file. If your package has such a file it should be
10966 </p>
10968 <p>
10969 All copyright files must be encoded in UTF-8.
10970 </p>
10975 <p>
10976 A specification for a standard, machine-readable format
10981 also available from the Debian web mirrors at
10984 </p>
10986 <p>
10987 Use of this format is optional.
10988 </p>
10989 </sect1>
10990 </sect>
10992 <sect>
10995 <p>
10996 Any examples (configurations, source files, whatever),
10997 should be installed in a directory
10999 files should not be referenced by any program: they're there
11000 for the benefit of the system administrator and users as
11001 documentation only. Architecture-specific example files
11002 should be installed in a directory
11004 links to them from
11006 latter directory itself may be a symbolic link to the
11007 former.
11008 </p>
11010 <p>
11011 If the purpose of a package is to provide examples, then the
11012 example files may be installed into
11014 </p>
11015 </sect>
11020 <p>
11021 Packages that are not Debian-native must contain a
11023 the Debian source tree in
11026 </p>
11028 <p>
11029 If an upstream changelog is available, it should be accessible as
11031 plain text. If the upstream changelog is distributed in
11032 HTML, it should be made available in that form as
11036 the upstream changelog files do not already conform to this
11037 naming convention, then this may be achieved either by
11038 renaming the files, or by adding a symbolic link, at the
11039 maintainer's discretion.<footnote>
11040 Rationale: People should not have to look in places for
11041 upstream changelogs merely because they are given
11042 different names or are distributed in HTML format.
11043 </footnote>
11044 </p>
11046 <p>
11047 All of these files should be installed compressed using
11049 if they start out small.
11050 </p>
11052 <p>
11053 If the package has only one changelog which is used both as
11054 the Debian changelog and the upstream one because there is
11055 no separate upstream maintainer then that changelog should
11056 usually be installed as
11058 there is a separate upstream maintainer, but no upstream
11059 changelog, then the Debian changelog should still be called
11061 </p>
11063 <p>
11064 For details about the format and contents of the Debian
11066 </p>
11067 </sect>
11068 </chapt>
11073 <p>
11074 These appendices are taken essentially verbatim from the
11075 now-deprecated Packaging Manual, version 3.2.1.0. They are
11076 the chapters which are likely to be of use to package
11077 maintainers and which have not already been included in the
11078 policy document itself. Most of these sections are very likely
11079 not relevant to policy; they should be treated as
11080 documentation for the packaging system. Please note that these
11081 appendices are included for convenience, and for historical
11082 reasons: they used to be part of policy package, and they have
11083 not yet been incorporated into dpkg documentation. However,
11084 they still have value, and hence they are presented here.
11085 </p>
11087 <p>
11088 They have not yet been checked to ensure that they are
11089 compatible with the contents of policy, and if there are any
11090 contradictions, the version in the main policy document takes
11091 precedence. The remaining chapters of the old Packaging
11092 Manual have also not been read in detail to ensure that there
11093 are not parts which have been left out. Both of these will be
11094 done in due course.
11095 </p>
11097 <p>
11098 Certain parts of the Packaging manual were integrated into the
11099 Policy Manual proper, and removed from the appendices. Links
11100 have been placed from the old locations to the new ones.
11101 </p>
11103 <p>
11105 package files and installing and removing them on Unix
11106 systems.<footnote>
11108 work on or be ported to other systems.
11109 </footnote>
11110 </p>
11112 <p>
11113 The binary packages are designed for the management of
11114 installed executable programs (usually compiled binaries) and
11115 their associated data, though source code examples and
11116 documentation are provided as part of some packages.</p>
11118 <p>
11119 This manual describes the technical aspects of creating Debian
11121 behavior of the package management programs
11123 they interact with packages.</p>
11125 <p>
11126 This manual does not go into detail about the options and
11127 usage of the package building and installation tools. It
11128 should therefore be read in conjunction with those programs'
11129 man pages.
11130 </p>
11132 <p>
11134 not described in detail here, are documented in their man pages.
11135 </p>
11137 <p>
11138 It is assumed that the reader is reasonably familiar with the
11140 Unfortunately this manual does not yet exist.
11141 </p>
11143 <p>
11144 The Debian version of the FSF's GNU hello program is provided as
11145 an example for people wishing to create Debian packages. However,
11146 while the examples are helpful, they do not replace the need to
11147 read and follow the Policy and Programmer's Manual.</p>
11148 </appendix>
11153 <p>
11155 </p>
11159 </heading>
11161 <p>
11162 All manipulation of binary package files is done by
11166 will spot that the options requested are appropriate to
11168 arguments.)
11169 </p>
11171 <p>
11172 In order to create a binary package you must make a
11173 directory tree which contains all the files and directories
11174 you want to have in the file system data part of the package.
11175 In Debian-format source packages this directory is usually
11177 source tree.
11178 </p>
11180 <p>
11181 They should have the locations (relative to the root of the
11182 directory tree you're constructing) ownerships and
11183 permissions which you want them to have on the system when
11184 they are installed.
11185 </p>
11187 <p>
11189 and gid/groupname mappings for the users and groups being
11190 used should be the same on the system where the package is
11191 built and the one where it is installed.
11192 </p>
11194 <p>
11195 You need to add one special directory to the root of the
11196 miniature file system tree you're creating:
11198 information files, notably the binary package control file
11200 </p>
11202 <p>
11204 file system archive of the package, and so won't be installed
11206 </p>
11208 <p>
11209 When you've prepared the package, you should invoke:
11210 <example>
11212 </example>
11213 </p>
11215 <p>
11216 This will build the package in
11220 build the package.)
11221 </p>
11223 <p>
11225 to examine the contents of this newly-created file. You may find the
11226 output of following commands enlightening:
11227 <example>
11231 </example>
11232 To view the copyright file for a package you could use this command:
11233 <example>
11235 </example>
11236 </p>
11237 </sect>
11242 <p>
11243 The control information portion of a binary package is a
11245 It will treat the contents of these files specially - some
11247 installing or removing the package; others are scripts which
11249 </p>
11251 <p>
11252 It is possible to put other files in the package control
11253 information file area, but this is not generally a good idea
11254 (though they will largely be ignored).
11255 </p>
11257 <p>
11258 Here is a brief list of the control information files supported
11260 </p>
11262 <p>
11263 <taglist>
11265 <item>
11266 <p>
11267 This is the key description file used by
11269 and version, gives its description for the user,
11270 states its relationships with other packages, and so
11273 </p>
11275 <p>
11276 It is usually generated automatically from information
11277 in the source package by the
11281 </p>
11282 </item>
11286 </tag>
11287 <item>
11288 <p>
11289 These are executable files (usually scripts) which
11291 and removal of packages. They allow the package to
11292 deal with matters which are particular to that package
11293 or require more complicated processing than that
11296 </p>
11298 <p>
11299 It is very important to make these scripts idempotent.
11301 </p>
11303 <p>
11304 The maintainer scripts are not guaranteed to run with a
11305 controlling terminal and may not be able to interact with
11307 </p>
11308 </item>
11311 </tag>
11312 <item>
11313 This file contains a list of configuration files which
11316 every configuration file should be listed here.
11317 </item>
11320 </tag>
11321 <item>
11322 This file contains a list of the shared libraries
11323 supplied by the package, with dependency details for
11325 when it determines what dependencies are required in a
11328 </item>
11329 </taglist>
11330 </p>
11335 <p>
11336 The most important control information file used by
11339 statistics".
11340 </p>
11342 <p>
11343 The binary package control files of packages built from
11344 Debian sources are made by a special tool,
11348 more details.
11349 </p>
11351 <p>
11352 The fields in binary package control files are listed in
11354 </p>
11356 <p>
11357 A description of the syntax of control files and the purpose
11359 </p>
11360 </sect>
11362 <sect>
11365 <p>
11367 </p>
11368 </sect>
11369 </appendix>
11374 <p>
11375 The Debian binary packages in the distribution are generated
11376 from Debian sources, which are in a special format to assist
11377 the easy and automatic building of binaries.
11378 </p>
11383 <p>
11384 Various tools are provided for manipulating source packages;
11385 they pack and unpack sources and help build of binary
11386 packages and help manage the distribution of new versions.
11387 </p>
11389 <p>
11390 They are introduced and typical uses described here; see
11392 documentation about their arguments and operation.
11393 </p>
11395 <p>
11396 For examples of how to construct a Debian source package,
11397 and how to use those utilities that are used by Debian
11399 package.
11400 </p>
11403 <heading>
11405 packages
11406 </heading>
11408 <p>
11409 This program is frequently used by hand, and is also
11410 called from package-independent automated building scripts
11412 </p>
11414 <p>
11415 To unpack a package it is typically invoked with
11416 <example>
11418 </example>
11419 </p>
11421 <p>
11424 the same directory. It unpacks into
11426 applicable
11428 the current directory.
11429 </p>
11431 <p>
11432 To create a packed source archive it is typically invoked:
11433 <example>
11435 </example>
11436 </p>
11438 <p>
11442 source tree first - this must be done separately if it is
11443 required.
11444 </p>
11446 <p>
11448 </sect1>
11452 <heading>
11454 control script
11455 </heading>
11457 <p>
11459 </p>
11460 </sect1>
11463 <heading>
11465 control files
11466 </heading>
11468 <p>
11471 tree.
11472 </p>
11474 <p>
11475 This is usually done just before the files and directories in the
11476 temporary directory tree where the package is being built have their
11477 permissions and ownerships set and the package is constructed using
11479 <footnote>
11480 This is so that the control file which is produced has
11481 the right permissions
11482 </footnote>.
11483 </p>
11485 <p>
11487 files which are to go into the package have been placed in
11488 the temporary build directory, so that its calculation of
11489 the installed size of a package is correct.
11490 </p>
11492 <p>
11495 variable substitutions created by
11497 are available.
11498 </p>
11500 <p>
11501 For a package which generates only one binary package, and
11503 of the source package, it is usually sufficient to call
11505 </p>
11507 <p>
11508 Sources which build several binaries will typically need
11509 something like:
11510 <example>
11515 tells it which package's control file should be generated.
11516 </p>
11518 <p>
11521 (for example) a future invocation of
11523 </sect1>
11526 <heading>
11528 dependencies
11529 </heading>
11531 <p>
11533 </p>
11534 </sect1>
11537 <heading>
11540 </heading>
11542 <p>
11543 Some packages' uploads need to include files other than
11544 the source and binary package files.
11545 </p>
11547 <p>
11552 </p>
11554 <p>
11557 <example>
11559 </example>
11562 is usually the directory above the top level of the source
11564 file there just before or just after calling
11566 </p>
11568 <p>
11571 </p>
11572 </sect1>
11576 <heading>
11578 upload control file
11579 </heading>
11581 <p>
11583 </p>
11584 </sect1>
11587 <heading>
11589 representation of a changelog
11590 </heading>
11592 <p>
11594 </p>
11595 </sect1>
11598 <heading>
11600 host system
11601 </heading>
11603 <p>
11605 </p>
11606 </sect1>
11607 </sect>
11612 <p>
11613 The source archive scheme described later is intended to
11614 allow a Debian package source tree with some associated
11615 control information to be reproduced and transported easily.
11616 The Debian package source tree is a version of the original
11617 program with certain files added for the benefit of the
11618 packaging process, and with any other changes required
11619 made to the rest of the source code and installation
11620 scripts.
11621 </p>
11623 <p>
11624 The extra files created for Debian are in the subdirectory
11626 source tree. They are described below.
11627 </p>
11632 <p>
11634 </p>
11635 </sect1>
11640 <p>
11642 </p>
11644 </sect1>
11646 <sect1>
11649 <p>
11651 </p>
11652 </sect1>
11655 </heading>
11657 <p>
11658 This is the canonical temporary location for the
11661 the file system tree as it is being constructed (for
11662 example, by using the package's upstream makefiles install
11663 targets and redirecting the output there), and it also
11666 </p>
11668 <p>
11669 If several binary packages are generated from the same
11670 source tree it is usual to use several
11673 </p>
11675 <p>
11679 </sect>
11683 </heading>
11685 <p>
11686 As it exists on the FTP site, a Debian source package
11687 consists of three related files. You must have the right
11688 versions of all three to be able to use them.
11689 </p>
11691 <p>
11692 <taglist>
11694 <item>
11696 to extract a source package.
11698 </item>
11700 <tag>
11701 Original source archive -
11702 <file>
11704 </file>
11705 </tag>
11707 <item>
11708 <p>
11711 the upstream authors of the program.
11712 </p>
11713 </item>
11715 <tag>
11716 Debian package diff -
11717 <file>
11719 </file>
11720 </tag>
11721 <item>
11723 <p>
11725 giving the changes which are required to turn the
11726 original source into the Debian source. These changes
11727 may only include editing and creating plain files.
11728 The permissions of files, the targets of symbolic
11729 links and the characteristics of special files or
11730 pipes may not be changed and no files may be removed
11731 or renamed.
11732 </p>
11734 <p>
11735 All the directories in the diff must exist, except the
11737 tree, which will be created by
11739 </p>
11741 <p>
11744 executable (see below).</p></item>
11745 </taglist>
11746 </p>
11748 <p>
11749 If there is no original source code - for example, if the
11750 package is specially prepared for Debian or the Debian
11751 maintainer is the same as the upstream maintainer - the
11752 format is slightly different: then there is no diff, and the
11753 tarfile is named
11755 and preferably contains a directory named
11757 </p>
11758 </sect>
11760 <sect>
11763 <p>
11765 Debian source package. However, if it is not available it
11766 is possible to unpack a Debian source archive as follows:
11768 <item>
11769 <p>
11771 directory.</p>
11772 </item>
11773 <item>
11776 </item>
11777 <item>
11778 <p>
11780 the source tree.</p>
11781 </item>
11783 </item>
11784 <item><p>Untar the tarfile again if you want a copy of the original
11785 source code alongside the Debian version.</p>
11786 </item>
11787 </enumlist>
11789 <p>
11790 It is not possible to generate a valid Debian source archive
11794 </p>
11796 <sect1>
11799 <p>
11800 The source package may not contain any hard links
11801 <footnote>
11802 This is not currently detected when building source
11803 packages, but only when extracting
11804 them.
11805 </footnote>
11806 <footnote>
11807 Hard links may be permitted at some point in the
11808 future, but would require a fair amount of
11809 work.
11810 </footnote>, device special files, sockets or setuid or
11811 setgid files.
11812 <footnote>
11813 Setgid directories are allowed.
11814 </footnote>
11815 </p>
11817 <p>
11818 The source packaging tools manage the changes between the
11822 package source must not involve any changes which cannot be
11823 handled by these tools. Problematic changes which cause
11825 building the source package are:
11828 </item>
11830 </item>
11832 </item>
11835 print a warning but continue anyway are:
11837 <item>
11838 <p>
11839 Removing files, directories or symlinks.
11840 <footnote>
11841 Renaming a file is not treated specially - it is
11842 seen as the removal of the old file (which
11843 generates a warning, but is otherwise ignored),
11844 and the creation of the new one.
11845 </footnote>
11846 </p>
11847 </item>
11848 <item>
11849 <p>
11850 Changed text files which are missing the usual final
11851 newline (either in the original or the modified
11852 source tree).
11853 </p>
11854 </item>
11855 </list>
11856 Changes which are not represented, but which are not detected by
11859 <item><p>Changing the permissions of files (other than
11861 </list>
11862 </p>
11864 <p>
11868 directory, and afterwards it will make
11870 </p>
11871 </sect1>
11872 </sect>
11873 </appendix>
11878 <p>
11880 data in a common format, known as control files. Binary and
11882 files which control the installation of uploaded files, and
11884 format.
11885 </p>
11887 <sect>
11890 <p>
11892 </p>
11894 <p>
11895 It is important to note that there are several fields which
11897 tools are concerned, but which must appear in every Debian
11898 package, or whose omission may cause problems.
11899 </p>
11900 </sect>
11902 <sect>
11905 <p>
11907 </p>
11909 <p>
11910 This section now contains only the fields that didn't belong
11911 to the Policy manual.
11912 </p>
11917 <p>
11919 filename(s) of (the parts of) a package in the
11920 distribution directories, relative to the root of the
11921 Debian hierarchy. If the package has been split into
11922 several parts the parts are all listed in order, separated
11923 by spaces.
11924 </p>
11925 </sect1>
11930 <p>
11932 bytes, expressed in decimal) and MD5 checksum of the
11933 file(s) which make(s) up a binary package in the
11934 distribution. If the package is split into several parts
11935 the values for the parts are listed in order, separated by
11936 spaces.
11937 </p>
11938 </sect1>
11943 <p>
11945 whether the user wants a package installed, removed or
11946 left alone, whether it is broken (requiring
11947 re-installation) or not and what its current state on the
11948 system is. Each of these pieces of information is a
11949 single word.
11950 </p>
11951 </sect1>
11956 <p>
11957 If a package is not installed or not configured, this
11959 version of the package which was successfully
11960 configured.
11961 </p>
11962 </sect1>
11967 <p>
11969 information about the automatically-managed configuration
11971 appear anywhere in a package!
11972 </p>
11973 </sect1>
11975 <sect1>
11978 <p>
11980 not appear anywhere any more.
11987 <item>
11988 The Debian revision part of the package version was
11989 at one point in a separate control field. This
11990 field went through several names.
11991 </item>
12002 </taglist>
12003 </p>
12004 </sect1>
12005 </sect>
12007 </appendix>
12012 <p>
12014 handling of package configuration files.
12015 </p>
12017 <p>
12018 Whether this mechanism is appropriate depends on a number of
12019 factors, but basically there are two approaches to any
12020 particular configuration file.
12021 </p>
12023 <p>
12024 The easy method is to ship a best-effort configuration in the
12026 handle updates. If the user is unlikely to want to edit the
12027 file, but you need them to be able to without losing their
12028 changes, and a new package with a changed version of the file
12029 is only released infrequently, this is a good approach.
12030 </p>
12032 <p>
12033 The hard method is to build the configuration file from
12035 responsibility for fixing any mistakes made in earlier
12036 versions of the package automatically. This will be
12037 appropriate if the file is likely to need to be different on
12038 each system.
12039 </p>
12041 <sect><heading>Automatic handling of configuration files by
12043 </heading>
12045 <p>
12046 A package may contain a control information file called
12048 of configuration files needing automatic handling, separated
12049 by newlines. The filenames should be absolute pathnames,
12050 and the files referred to should actually exist in the
12051 package.
12052 </p>
12054 <p>
12056 the configuration files during the configuration stage,
12058 script,
12059 </p>
12061 <p>
12062 For each file it checks to see whether the version of the
12063 file included in the package is the same as the one that was
12064 included in the last version of the package (the one that is
12065 being upgraded from); it also compares the version currently
12066 installed on the system with the one shipped with the last
12067 version.
12068 </p>
12070 <p>
12071 If neither the user nor the package maintainer has changed
12072 the file, it is left alone. If one or the other has changed
12073 their version, then the changed version is preferred - i.e.,
12074 if the user edits their file, but the package maintainer
12075 doesn't ship a different version, the user's changes will
12076 stay, silently, but if the maintainer ships a new version
12077 and the user hasn't edited it the new version will be
12078 installed (with an informative message). If both have
12079 changed their version the user is prompted about the problem
12080 and must resolve the differences themselves.
12081 </p>
12083 <p>
12084 The comparisons are done by calculating the MD5 message
12085 digests of the files, and storing the MD5 of the file as it
12086 was included in the most recent version of the package.
12087 </p>
12089 <p>
12090 When a package is installed for the first time
12092 unless that would mean overwriting a file already on the
12093 file system.
12094 </p>
12096 <p>
12098 replace a conffile that was removed by the user (or by a
12099 script). This is necessary because with some programs a
12100 missing file produces an effect hard or impossible to
12101 achieve in another way, so that a missing file needs to be
12102 kept that way if the user did it.
12103 </p>
12105 <p>
12109 the user confusing and possibly dangerous options for
12110 conffile update when the package is upgraded.</p>
12111 </sect>
12113 <sect><heading>Fully-featured maintainer script configuration
12114 handling
12115 </heading>
12117 <p>
12118 For files which contain site-specific information such as
12119 the hostname and networking details and so forth, it is
12120 better to create the file in the package's
12122 </p>
12124 <p>
12125 This will typically involve examining the state of the rest
12126 of the system to determine values and other information, and
12127 may involve prompting the user for some information which
12128 can't be obtained some other way.
12129 </p>
12131 <p>
12132 When using this method there are a couple of important
12133 issues which should be considered:
12134 </p>
12136 <p>
12137 If you discover a bug in the program which generates the
12138 configuration file, or if the format of the file changes
12139 from one version to the next, you will have to arrange for
12140 the postinst script to do something sensible - usually this
12141 will mean editing the installed configuration file to remove
12142 the problem or change the syntax. You will have to do this
12143 very carefully, since the user may have changed the file,
12144 perhaps to fix the very problem that your script is trying
12145 to deal with - you will have to detect these situations and
12146 deal with them correctly.
12147 </p>
12149 <p>
12150 If you do go down this route it's probably a good idea to
12151 make the program that generates the configuration file(s) a
12154 appropriate from the post-installation script. The
12156 unquestioningly overwrite an existing configuration - if its
12157 mode of operation is geared towards setting up a package for
12158 the first time (rather than any arbitrary reconfiguration
12159 later) you should have it check whether the configuration
12161 overwrite it.</p></sect>
12162 </appendix>
12166 Packaging Manual)
12167 </heading>
12169 <p>
12170 When several packages all provide different versions of the
12171 same program or file it is useful to have the system select a
12172 default, but to allow the system administrator to change it
12173 and have their decisions respected.
12174 </p>
12176 <p>
12178 editor, and there is no reason to prevent all of them from
12179 being installed at once, each under their own name
12182 refer to something, at least by default.
12183 </p>
12185 <p>
12186 If all the packages involved cooperate, this can be done with
12188 </p>
12190 <p>
12191 Each package provides its own version under its own name, and
12193 register its version (and again in its prerm to deregister
12194 it).
12195 </p>
12197 <p>
12200 </p>
12202 <p>
12204 you may wish to consider using diversions instead.</p>
12205 </appendix>
12208 package's version of a file (from old Packaging Manual)
12209 </heading>
12211 <p>
12213 when it reinstalls the package it belongs to, and to have it
12214 put the file from the package somewhere else instead.
12215 </p>
12217 <p>
12218 This can be used locally to override a package's version of a
12219 file, or by one package to override another's version (or
12220 provide a wrapper for it).
12221 </p>
12223 <p>
12224 Before deciding to use a diversion, read <ref
12226 rather than several alternative versions of a program.
12227 </p>
12229 <p>
12233 details of its operation.
12234 </p>
12236 <p>
12237 When a package wishes to divert a file from another, it should
12239 diversion and rename the existing file. For example,
12242 <example>
12243 dpkg-divert --package smailwrapper --add --rename \
12244 --divert /usr/sbin/smail.real /usr/sbin/smail
12247 can bypass the diversion and get installed as the true version.
12248 It's safe to add the diversion unconditionally on upgrades since
12249 it will be left unchanged if it already exists, but
12251 message, make the command conditional on the version from which
12252 the package is being upgraded:
12253 <example>
12255 dpkg-divert --package smailwrapper --add --rename \
12256 --divert /usr/sbin/smail.real /usr/sbin/smail
12257 fi
12259 diversion was first added to the package. Running the command
12260 during abort-upgrade is pointless but harmless.
12261 </p>
12263 <p>
12264 The postrm has to do the reverse:
12265 <example>
12267 dpkg-divert --package smailwrapper --remove --rename \
12268 --divert /usr/sbin/smail.real /usr/sbin/smail
12269 fi
12270 </example> If the diversion was added at a particular version, the
12271 postrm should also handle the failure case of upgrading from an
12272 older version (unless the older version is so old that direct
12273 upgrades are no longer supported):
12274 <example>
12276 dpkg-divert --package smailwrapper --remove --rename \
12277 --divert /usr/sbin/smail.real /usr/sbin/smail
12278 fi
12280 diversion was first added to the package. The postrm should not
12281 remove the diversion on upgrades both because there's no reason to
12282 remove the diversion only to immediately re-add it and since the
12283 postrm of the old package is run after unpacking so the removal of
12284 the diversion will fail.
12285 </p>
12287 <p>
12288 Do not attempt to divert a file which is vitally important for
12290 there is a time, after it has been diverted but before
12292 does not exist.</p>
12294 <p>
12296 handle it well.
12297 </p>
12298 </appendix>
12300 </book>
12301 </debiandoc>
12302 <!-- Local variables: -->
12303 <!-- indent-tabs-mode: t -->
12304 <!-- End: -->
12305 <!-- vim:set ai sts=2 sw=2 tw=76: -->