| blob | 94f8b1de260e3fd5e05d568b31f8bafc75582997 |
1 <?xml version='1.0' encoding='utf-8'?>
2 <!-- -*- DocBook -*- -->
3 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
4 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
5 <!ENTITY % versiondata SYSTEM "version.xml"> %versiondata;
6 <!-- current Debian changes file format -->
7 <!ENTITY changesversion "1.8">
8 ]>
10 <book lang="en">
12 <title>Debian Policy Manual</title>
14 <bookinfo>
15 <authorgroup>
16 <author>
17 <othername>
18 <link linkend="s-authors">The Debian Policy Mailing List</link>
19 </othername>
20 </author>
21 </authorgroup>
23 <releaseinfo>version &version;</releaseinfo>
24 <pubdate>&date;</pubdate>
26 <abstract>
27 <para>
28 This manual describes the policy requirements for the Debian
29 distribution. This includes the structure and contents of the
30 Debian archive and several design issues of the operating system,
31 as well as technical requirements that each package must satisfy
32 to be included in the distribution.
33 </para>
34 </abstract>
36 <copyright>
37 <year>1996</year>
38 <year>1997</year>
39 <year>1998</year>
40 <holder>Ian Jackson</holder>
41 <holder>Christian Schwarz</holder>
42 </copyright>
43 <legalnotice>
44 <para>
45 These are the copyright dates of the original Policy manual.
46 Since then, this manual has been updated by many others. No
47 comprehensive collection of copyright notices for subsequent work
48 exists.
49 </para>
50 <para>
51 This manual is free software; you may redistribute it and/or
52 modify it under the terms of the GNU General Public License as
53 published by the Free Software Foundation; either version 2 of the
54 License, or (at your option) any later version.
55 </para>
56 <para>
57 This is distributed in the hope that it will be useful, but
58 WITHOUT ANY WARRANTY; without even the implied warranty of
59 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
60 General Public License for more details.
61 </para>
62 <para>
63 A copy of the GNU General Public License is available as
64 <filename>/usr/share/common-licenses/GPL</filename> in the Debian
65 distribution or on the World Wide Web at <ulink
66 url="https://www.gnu.org/licenses/">https://www.gnu.org/licenses/</ulink>.
67 </para>
68 </legalnotice>
69 </bookinfo>
71 <chapter id="ch-scope">
72 <title>About this manual</title>
74 <section id="s1.1">
75 <title>Scope</title>
77 <para>
78 This manual describes the policy requirements for the Debian
79 distribution. This includes the structure and contents of the
80 Debian archive and several design issues of the operating system,
81 as well as technical requirements that each package must satisfy
82 to be included in the distribution.
83 </para>
84 <para>
85 This manual also describes Debian policy as it relates to creating
86 Debian packages. It is not a tutorial on how to build packages,
87 nor is it exhaustive where it comes to describing the behavior of
88 the packaging system. Instead, this manual attempts to define the
89 interface to the package management system that the developers
90 have to be conversant with.
91 <footnote>
92 <para>
93 Informally, the criteria used for inclusion is that the
94 material meet one of the following requirements:
95 </para>
96 <variablelist>
97 <varlistentry>
98 <term>Standard interfaces</term>
99 <listitem>
100 <para>
101 The material presented represents an interface to the
102 packaging system that is mandated for use, and is used
103 by, a significant number of packages, and therefore
104 should not be changed without peer review. Package
105 maintainers can then rely on this interface not
106 changing, and the package management software authors
107 need to ensure compatibility with this interface
108 definition. (Control file and changelog file formats
109 are examples.)
110 </para>
111 </listitem>
112 </varlistentry>
113 <varlistentry>
114 <term>Chosen Convention</term>
115 <listitem>
116 <para>
117 If there are a number of technically viable choices that
118 can be made, but one needs to select one of these
119 options for inter-operability. The version number
120 format is one example.
121 </para>
122 </listitem>
123 </varlistentry>
124 </variablelist>
125 <para>
126 Please note that these are not mutually exclusive; selected
127 conventions often become parts of standard interfaces.
128 </para>
129 </footnote>
130 </para>
131 <para>
132 The footnotes present in this manual are merely informative, and
133 are not part of Debian policy itself.
134 </para>
135 <para>
136 The appendices to this manual are not necessarily normative,
137 either. Please see <xref linkend="ap-pkg-scope"/> for more
138 information.
139 </para>
140 <para>
141 In the normative part of this manual, the words
142 <emphasis>must</emphasis>, <emphasis>should</emphasis> and
143 <emphasis>may</emphasis>, and the adjectives
144 <emphasis>required</emphasis>, <emphasis>recommended</emphasis>
145 and <emphasis>optional</emphasis>, are used to distinguish the
146 significance of the various guidelines in this policy document.
147 Packages that do not conform to the guidelines denoted by
148 <emphasis>must</emphasis> (or <emphasis>required</emphasis>) will
149 generally not be considered acceptable for the Debian
150 distribution. Non-conformance with guidelines denoted by
151 <emphasis>should</emphasis> (or <emphasis>recommended</emphasis>)
152 will generally be considered a bug, but will not necessarily
153 render a package unsuitable for distribution. Guidelines denoted
154 by <emphasis>may</emphasis> (or <emphasis>optional</emphasis>) are
155 truly optional and adherence is left to the maintainer's
156 discretion.
157 </para>
158 <para>
159 These classifications are roughly equivalent to the bug severities
160 <emphasis>serious</emphasis> (for <emphasis>must</emphasis> or
161 <emphasis>required</emphasis> directive violations),
162 <emphasis>minor</emphasis>, <emphasis>normal</emphasis> or
163 <emphasis>important</emphasis> (for <emphasis>should</emphasis> or
164 <emphasis>recommended</emphasis> directive violations) and
165 <emphasis>wishlist</emphasis> (for <emphasis>optional</emphasis>
166 items).
167 <footnote>
168 <para>
169 Compare RFC 2119. Note, however, that these words are used in
170 a different way in this document.
171 </para>
172 </footnote>
173 </para>
174 <para>
175 Much of the information presented in this manual will be useful
176 even when building a package which is to be distributed in some
177 other way or is intended for local use only.
178 </para>
179 <para>
180 udebs (stripped-down binary packages used by the Debian Installer)
181 do not comply with all of the requirements discussed here. See
182 the <ulink
183 url="https://d-i.alioth.debian.org/doc/internals/ch03.html">Debian
184 Installer internals manual</ulink> for more information about
185 them.
186 </para>
187 </section>
189 <section id="s1.2">
190 <title>New versions of this document</title>
192 <para>
193 This manual is distributed via the Debian package <systemitem
194 role="package"><ulink
195 url="https://packages.debian.org/debian-policy">debian-policy</ulink></systemitem>.
196 </para>
197 <para>
198 The current version of this document is also available from the
199 Debian web mirrors at <ulink
200 url="https://www.debian.org/doc/debian-policy/">https://www.debian.org/doc/debian-policy/</ulink>.
201 Also available from the same directory are several other formats:
202 <ulink
203 url="https://www.debian.org/doc/debian-policy/policy.html.tar.gz"><filename>policy.html.tar.gz</filename></ulink>,
204 <ulink
205 url="https://www.debian.org/doc/debian-policy/policy.pdf.gz"><filename>policy.pdf.gz</filename></ulink>,
206 and <ulink
207 url="https://www.debian.org/doc/debian-policy/policy.ps.gz"><filename>policy.ps.gz</filename></ulink>.
208 Included in both the same directory and in the <systemitem
209 role="package">debian-policy</systemitem> package is a standalone
210 copy of <xref linkend="upgrading-checklist"/>, which indicates
211 policy changes between versions of this document.
212 </para>
213 </section>
215 <section id="s-authors">
216 <title>Authors and Maintainers</title>
218 <para>
219 Originally called "Debian GNU/Linux Policy Manual", this manual
220 was initially written in 1996 by Ian Jackson. It was revised on
221 November 27th, 1996 by David A. Morris. Christian Schwarz added
222 new sections on March 15th, 1997, and reworked/restructured it in
223 April-July 1997. Christoph Lameter contributed the "Web
224 Standard". Julian Gilbey largely restructured it in 2001.
225 </para>
226 <para>
227 Since September 1998, the responsibility for the contents of
228 this document lies on the <ulink
229 url="mailto:debian-policy@lists.debian.org">debian-policy
230 mailing list</ulink>. Proposals are discussed there and
231 inserted into policy after a certain consensus is established.
232 The current policy process is described in an appendix, <xref
233 linkend="ap-process"/>. The actual editing is done by a group
234 of maintainers that have no editorial powers. These are the
235 current maintainers:
236 </para>
237 <orderedlist numeration="arabic">
238 <listitem>
239 <para>
240 Russ Allbery
241 </para>
242 </listitem>
243 <listitem>
244 <para>
245 Bill Allombert
246 </para>
247 </listitem>
248 <listitem>
249 <para>
250 Andreas Barth
251 </para>
252 </listitem>
253 <listitem>
254 <para>
255 Sean Whitton
256 </para>
257 </listitem>
258 </orderedlist>
259 <para>
260 While the authors of this document have tried hard to avoid typos
261 and other errors, these do still occur. If you discover an error
262 in this manual or if you want to give any comments, suggestions,
263 or criticisms please send an email to the Debian Policy Mailing
264 List, <email>debian-policy@lists.debian.org</email>, or submit a
265 bug report against the <literal>debian-policy</literal> package.
266 </para>
267 <para>
268 Please do not try to reach the individual authors or maintainers
269 of the Policy Manual regarding changes to the Policy.
270 </para>
271 </section>
273 <section id="s-related">
274 <title>Related documents</title>
276 <para>
277 There are several other documents other than this Policy Manual
278 that are necessary to fully understand some Debian policies and
279 procedures.
280 </para>
281 <para>
282 The external "sub-policy" documents are referred to in:
283 </para>
284 <itemizedlist>
285 <listitem>
286 <para>
287 <xref linkend="s-fhs"/>
288 </para>
289 </listitem>
290 <listitem>
291 <para>
292 <xref linkend="s-virtual-pkg"/>
293 </para>
294 </listitem>
295 <listitem>
296 <para>
297 <xref linkend="s-menus"/>
298 </para>
299 </listitem>
300 <listitem>
301 <para>
302 <xref linkend="s-perl"/>
303 </para>
304 </listitem>
305 <listitem>
306 <para>
307 <xref linkend="s-maintscriptprompt"/>
308 </para>
309 </listitem>
310 <listitem>
311 <para>
312 <xref linkend="s-emacs"/>
313 </para>
314 </listitem>
315 </itemizedlist>
316 <para>
317 In addition to those, which carry the weight of policy, there is
318 the Debian Developer's Reference. This document describes
319 procedures and resources for Debian developers, but it is
320 <emphasis>not</emphasis> normative; rather, it includes things
321 that don't belong in the Policy, such as best practices for
322 developers.
323 </para>
324 <para>
325 The Developer's Reference is available in the <systemitem
326 role="package">developers-reference</systemitem> package. It's
327 also available from the Debian web mirrors at <ulink
328 url="https://www.debian.org/doc/developers-reference/">https://www.debian.org/doc/developers-reference/</ulink>.
329 </para>
330 <para>
331 Finally, a <link linkend="s-copyrightformat">specification for
332 machine-readable copyright files</link> is maintained as part of
333 the <systemitem role="package">debian-policy</systemitem> package
334 using the same procedure as the other policy documents. Use of
335 this format is optional.
336 </para>
337 </section>
339 <section id="s-definitions">
340 <title>Definitions</title>
342 <para>
343 The following terms are used in this Policy Manual:
344 </para>
345 <variablelist>
346 <varlistentry>
347 <term>ASCII</term>
348 <listitem>
349 <para>
350 The character encoding specified by ANSI X3.4-1986 and its
351 predecessor standards, referred to in MIME as US-ASCII, and
352 corresponding to an encoding in eight bits per character of
353 the first 128 <ulink
354 url="http://www.unicode.org/">Unicode</ulink> characters,
355 with the eighth bit always zero.
356 </para>
357 </listitem>
358 </varlistentry>
359 <varlistentry>
360 <term>UTF-8</term>
361 <listitem>
362 <para>
363 The transformation format (sometimes called encoding) of
364 <ulink url="http://www.unicode.org/">Unicode</ulink> defined
365 by <ulink
366 url="https://www.rfc-editor.org/rfc/rfc3629.txt">RFC
367 3629</ulink>. UTF-8 has the useful property of having ASCII
368 as a subset, so any text encoded in ASCII is trivially also
369 valid UTF-8.
370 </para>
371 </listitem>
372 </varlistentry>
373 </variablelist>
374 </section>
376 </chapter>
378 <chapter id="ch-archive">
379 <title>The Debian Archive</title>
381 <para>
382 The Debian system is maintained and distributed as a collection of
383 <emphasis>packages</emphasis>. Since there are so many of them
384 (currently well over 15000), they are split into
385 <emphasis>sections</emphasis> and given
386 <emphasis>priorities</emphasis> to simplify the handling of them.
387 </para>
388 <para>
389 The effort of the Debian project is to build a free operating
390 system, but not every package we want to make accessible is
391 <emphasis>free</emphasis> in our sense (see the Debian Free Software
392 Guidelines, below), or may be imported/exported without
393 restrictions. Thus, the archive is split into areas
394 <footnote>
395 <para>
396 The Debian archive software uses the term "component" internally
397 and in the Release file format to refer to the division of an
398 archive. The Debian Social Contract simply refers to "areas."
399 This document uses terminology similar to the Social Contract.
400 </para>
401 </footnote>
402 based on their licenses and other restrictions.
403 </para>
404 <para>
405 The aims of this are:
406 </para>
407 <itemizedlist>
408 <listitem>
409 <para>
410 to allow us to make as much software available as we can
411 </para>
412 </listitem>
413 <listitem>
414 <para>
415 to allow us to encourage everyone to write free software, and
416 </para>
417 </listitem>
418 <listitem>
419 <para>
420 to allow us to make it easy for people to produce CD-ROMs of our
421 system without violating any licenses, import/export
422 restrictions, or any other laws.
423 </para>
424 </listitem>
425 </itemizedlist>
426 <para>
427 The <emphasis>main</emphasis> archive area forms the
428 <emphasis>Debian distribution</emphasis>.
429 </para>
430 <para>
431 Packages in the other archive areas (<literal>contrib</literal>,
432 <literal>non-free</literal>) are not considered to be part of the
433 Debian distribution, although we support their use and provide
434 infrastructure for them (such as our bug-tracking system and mailing
435 lists). This Debian Policy Manual applies to these packages as
436 well.
437 </para>
439 <section id="s-dfsg">
440 <title>The Debian Free Software Guidelines</title>
442 <para>
443 The Debian Free Software Guidelines (DFSG) form our definition of
444 "free software". These are:
445 </para>
446 <variablelist>
447 <varlistentry>
448 <term>1. Free Redistribution</term>
449 <listitem>
450 <para>
451 The license of a Debian component may not restrict any party
452 from selling or giving away the software as a component of
453 an aggregate software distribution containing programs from
454 several different sources. The license may not require a
455 royalty or other fee for such sale.
456 </para>
457 </listitem>
458 </varlistentry>
459 <varlistentry>
460 <term>2. Source Code</term>
461 <listitem>
462 <para>
463 The program must include source code, and must allow
464 distribution in source code as well as compiled form.
465 </para>
466 </listitem>
467 </varlistentry>
468 <varlistentry>
469 <term>3. Derived Works</term>
470 <listitem>
471 <para>
472 The license must allow modifications and derived works, and
473 must allow them to be distributed under the same terms as
474 the license of the original software.
475 </para>
476 </listitem>
477 </varlistentry>
478 <varlistentry>
479 <term>4. Integrity of The Author's Source Code</term>
480 <listitem>
481 <para>
482 The license may restrict source-code from being distributed
483 in modified form <emphasis>only</emphasis> if the license
484 allows the distribution of "patch files" with the source
485 code for the purpose of modifying the program at build time.
486 The license must explicitly permit distribution of software
487 built from modified source code. The license may require
488 derived works to carry a different name or version number
489 from the original software. (This is a compromise. The
490 Debian Project encourages all authors to not restrict any
491 files, source or binary, from being modified.)
492 </para>
493 </listitem>
494 </varlistentry>
495 <varlistentry>
496 <term>5. No Discrimination Against Persons or Groups</term>
497 <listitem>
498 <para>
499 The license must not discriminate against any person or
500 group of persons.
501 </para>
502 </listitem>
503 </varlistentry>
504 <varlistentry>
505 <term>6. No Discrimination Against Fields of Endeavor</term>
506 <listitem>
507 <para>
508 The license must not restrict anyone from making use of the
509 program in a specific field of endeavor. For example, it
510 may not restrict the program from being used in a business,
511 or from being used for genetic research.
512 </para>
513 </listitem>
514 </varlistentry>
515 <varlistentry>
516 <term>7. Distribution of License</term>
517 <listitem>
518 <para>
519 The rights attached to the program must apply to all to whom
520 the program is redistributed without the need for execution
521 of an additional license by those parties.
522 </para>
523 </listitem>
524 </varlistentry>
525 <varlistentry>
526 <term>8. License Must Not Be Specific to Debian</term>
527 <listitem>
528 <para>
529 The rights attached to the program must not depend on the
530 program's being part of a Debian system. If the program is
531 extracted from Debian and used or distributed without Debian
532 but otherwise within the terms of the program's license, all
533 parties to whom the program is redistributed must have the
534 same rights as those that are granted in conjunction with
535 the Debian system.
536 </para>
537 </listitem>
538 </varlistentry>
539 <varlistentry>
540 <term>9. License Must Not Contaminate Other Software</term>
541 <listitem>
542 <para>
543 The license must not place restrictions on other software
544 that is distributed along with the licensed software. For
545 example, the license must not insist that all other programs
546 distributed on the same medium must be free software.
547 </para>
548 </listitem>
549 </varlistentry>
550 <varlistentry>
551 <term>10. Example Licenses</term>
552 <listitem>
553 <para>
554 The "GPL," "BSD," and "Artistic" licenses are examples of
555 licenses that we consider <emphasis>free</emphasis>.
556 </para>
557 </listitem>
558 </varlistentry>
559 </variablelist>
560 </section>
562 <section id="s-sections">
563 <title>Archive areas</title>
565 <section id="s-main">
566 <title>The main archive area</title>
568 <para>
569 The <emphasis>main</emphasis> archive area comprises the Debian
570 distribution. Only the packages in this area are considered
571 part of the distribution. None of the packages in the
572 <emphasis>main</emphasis> archive area require software outside
573 of that area to function. Anyone may use, share, modify and
574 redistribute the packages in this archive area
575 freely<footnote><para> See <ulink
576 url="https://www.debian.org/intro/free">What Does Free
577 Mean?</ulink> for more about what we mean by free software.
578 </para> </footnote>.
579 </para>
580 <para>
581 Every package in <emphasis>main</emphasis> must comply with the
582 DFSG (Debian Free Software Guidelines).
583 <footnote>
584 <para>
585 Debian's FTP Masters publish a <ulink
586 url="https://ftp-master.debian.org/REJECT-FAQ.html">REJECT-FAQ</ulink>
587 which details the project's current working
588 interpretation of the DFSG.
589 </para>
590 </footnote>
591 </para>
592 <para>
593 In addition, the packages in <emphasis>main</emphasis>
594 </para>
595 <itemizedlist>
596 <listitem>
597 <para>
598 must not require or recommend a package outside of
599 <emphasis>main</emphasis> for compilation or execution
600 (thus, the package must not declare a
601 <literal>Pre-Depends</literal>, <literal>Depends</literal>,
602 <literal>Recommends</literal>,
603 <literal>Build-Depends</literal>,
604 <literal>Build-Depends-Indep</literal>, or
605 <literal>Build-Depends-Arch</literal> relationship on a
606 non-<emphasis>main</emphasis> package),
607 </para>
608 </listitem>
609 <listitem>
610 <para>
611 must not be so buggy that we refuse to support them, and
612 </para>
613 </listitem>
614 <listitem>
615 <para>
616 must meet all policy requirements presented in this manual.
617 </para>
618 </listitem>
619 </itemizedlist>
620 </section>
622 <section id="s-contrib">
623 <title>The contrib archive area</title>
625 <para>
626 The <emphasis>contrib</emphasis> archive area contains
627 supplemental packages intended to work with the Debian
628 distribution, but which require software outside of the
629 distribution to either build or function.
630 </para>
631 <para>
632 Every package in <emphasis>contrib</emphasis> must comply with
633 the DFSG.
634 </para>
635 <para>
636 In addition, the packages in <emphasis>contrib</emphasis>
637 </para>
638 <itemizedlist>
639 <listitem>
640 <para>
641 must not be so buggy that we refuse to support them, and
642 </para>
643 </listitem>
644 <listitem>
645 <para>
646 must meet all policy requirements presented in this manual.
647 </para>
648 </listitem>
649 </itemizedlist>
650 <para>
651 Examples of packages which would be included in
652 <emphasis>contrib</emphasis> are:
653 </para>
654 <itemizedlist>
655 <listitem>
656 <para>
657 free packages which require <emphasis>contrib</emphasis>,
658 <emphasis>non-free</emphasis> packages or packages which are
659 not in our archive at all for compilation or execution, and
660 </para>
661 </listitem>
662 <listitem>
663 <para>
664 wrapper packages or other sorts of free accessories for
665 non-free programs.
666 </para>
667 </listitem>
668 </itemizedlist>
669 </section>
671 <section id="s-non-free">
672 <title>The non-free archive area</title>
674 <para>
675 The <emphasis>non-free</emphasis> archive area contains
676 supplemental packages intended to work with the Debian
677 distribution that do not comply with the DFSG or have other
678 problems that make their distribution problematic. They may not
679 comply with all of the policy requirements in this manual due to
680 restrictions on modifications or other limitations.
681 </para>
682 <para>
683 Packages must be placed in <emphasis>non-free</emphasis> if they
684 are not compliant with the DFSG or are encumbered by patents or
685 other legal issues that make their distribution problematic.
686 </para>
687 <para>
688 In addition, the packages in <emphasis>non-free</emphasis>
689 </para>
690 <itemizedlist>
691 <listitem>
692 <para>
693 must not be so buggy that we refuse to support them, and
694 </para>
695 </listitem>
696 <listitem>
697 <para>
698 must meet all policy requirements presented in this manual
699 that it is possible for them to meet.
700 <footnote>
701 <para>
702 It is possible that there are policy requirements which
703 the package is unable to meet, for example, if the
704 source is unavailable. These situations will need to be
705 handled on a case-by-case basis.
706 </para>
707 </footnote>
708 </para>
709 </listitem>
710 </itemizedlist>
711 </section>
712 </section>
714 <section id="s-pkgcopyright">
715 <title>Copyright considerations</title>
717 <para>
718 Every package must be accompanied by a verbatim copy of its
719 copyright information and distribution license in the file
720 <filename>/usr/share/doc/<replaceable>package</replaceable>/copyright</filename>
721 (see <xref linkend="s-copyrightfile"/> for further details).
722 </para>
723 <para>
724 We reserve the right to restrict files from being included
725 anywhere in our archives if
726 </para>
727 <itemizedlist>
728 <listitem>
729 <para>
730 their use or distribution would break a law,
731 </para>
732 </listitem>
733 <listitem>
734 <para>
735 there is an ethical conflict in their distribution or use,
736 </para>
737 </listitem>
738 <listitem>
739 <para>
740 we would have to sign a license for them, or
741 </para>
742 </listitem>
743 <listitem>
744 <para>
745 their distribution would conflict with other project policies.
746 </para>
747 </listitem>
748 </itemizedlist>
749 <para>
750 Programs whose authors encourage the user to make donations are
751 fine for the main distribution, provided that the authors do not
752 claim that not donating is immoral, unethical, illegal or
753 something similar; in such a case they must go in
754 <emphasis>non-free</emphasis>.
755 </para>
756 <para>
757 Packages whose copyright permission notices (or patent problems)
758 do not even allow redistribution of binaries only, and where no
759 special permission has been obtained, must not be placed on the
760 Debian FTP site and its mirrors at all.
761 </para>
762 <para>
763 Note that under international copyright law (this applies in the
764 United States, too), <emphasis>no</emphasis> distribution or
765 modification of a work is allowed without an explicit notice
766 saying so. Therefore a program without a copyright notice
767 <emphasis>is</emphasis> copyrighted and you may not do anything to
768 it without risking being sued! Likewise if a program has a
769 copyright notice but no statement saying what is permitted then
770 nothing is permitted.
771 </para>
772 <para>
773 Many authors are unaware of the problems that restrictive
774 copyrights (or lack of copyright notices) can cause for the users
775 of their supposedly-free software. It is often worthwhile
776 contacting such authors diplomatically to ask them to modify their
777 license terms. However, this can be a politically difficult thing
778 to do and you should ask for advice on the
779 <literal>debian-legal</literal> mailing list first, as explained
780 below.
781 </para>
782 <para>
783 When in doubt about a copyright, send mail to
784 <email>debian-legal@lists.debian.org</email>. Be prepared to
785 provide us with the copyright statement. Software covered by the
786 GPL, public domain software and BSD-like copyrights are safe; be
787 wary of the phrases "commercial use prohibited" and "distribution
788 restricted".
789 </para>
790 </section>
792 <section id="s-subsections">
793 <title>Sections</title>
795 <para>
796 The packages in the archive areas <emphasis>main</emphasis>,
797 <emphasis>contrib</emphasis> and <emphasis>non-free</emphasis> are
798 grouped further into <emphasis>sections</emphasis> to simplify
799 handling.
800 </para>
801 <para>
802 The archive area and section for each package should be specified
803 in the package's <literal>Section</literal> control record (see
804 <xref linkend="s-f-Section"/>). However, the maintainer of the
805 Debian archive may override this selection to ensure the
806 consistency of the Debian distribution. The
807 <literal>Section</literal> field should be of the form:
808 </para>
809 <itemizedlist>
810 <listitem>
811 <para>
812 <emphasis>section</emphasis> if the package is in the
813 <emphasis>main</emphasis> archive area,
814 </para>
815 </listitem>
816 <listitem>
817 <para>
818 <emphasis>area/section</emphasis> if the package is in the
819 <emphasis>contrib</emphasis> or <emphasis>non-free</emphasis>
820 archive areas.
821 </para>
822 </listitem>
823 </itemizedlist>
824 <para>
825 The Debian archive maintainers provide the authoritative list
826 of sections. At present, they are: admin, cli-mono, comm,
827 database, debug, devel, doc, editors, education, electronics,
828 embedded, fonts, games, gnome, gnu-r, gnustep, graphics,
829 hamradio, haskell, httpd, interpreters, introspection, java,
830 javascript, kde, kernel, libdevel, libs, lisp, localization,
831 mail, math, metapackages, misc, net, news, ocaml, oldlibs,
832 otherosfs, perl, php, python, ruby, rust, science, shells,
833 sound, tasks, tex, text, utils, vcs, video, web, x11, xfce,
834 zope. The additional section
835 <emphasis>debian-installer</emphasis> contains special
836 packages used by the installer and is not used for normal
837 Debian packages.
838 </para>
839 <para>
840 For more information about the sections and their definitions, see
841 the <ulink url="https://packages.debian.org/unstable/">list of
842 sections in unstable</ulink>.
843 </para>
844 </section>
846 <section id="s-priorities">
847 <title>Priorities</title>
849 <para>
850 Each package must have a <emphasis>priority</emphasis> value,
851 which is set in the metadata for the Debian archive and is also
852 included in the package's control files (see <xref
853 linkend="s-f-Priority"/>). This information is used to control
854 which packages are included in standard or minimal Debian
855 installations.
856 </para>
857 <para>
858 Most Debian packages will have a priority of
859 <literal>optional</literal>. Priority levels other than
860 <literal>optional</literal> are only used for packages that should
861 be included by default in a standard installation of Debian.
862 </para>
863 <para>
864 The priority of a package is determined solely by the
865 functionality it provides directly to the user. The priority of a
866 package should not be increased merely because another
867 higher-priority package depends on it; instead, the tools used to
868 construct Debian installations will correctly handle package
869 dependencies. In particular, this means that C-like libraries
870 will almost never have a priority above
871 <literal>optional</literal>, since they do not provide
872 functionality directly to users. However, as an exception, the
873 maintainers of Debian installers may request an increase of the
874 priority of a package to resolve installation issues and ensure
875 that the correct set of packages is included in a standard or
876 minimal install.
877 </para>
878 <para>
879 The following <emphasis>priority levels</emphasis> are recognized
880 by the Debian package management tools.
881 </para>
882 <variablelist>
883 <varlistentry>
884 <term><literal>required</literal></term>
885 <listitem>
886 <para>
887 Packages which are necessary for the proper functioning of
888 the system (usually, this means that dpkg functionality
889 depends on these packages). Removing a
890 <literal>required</literal> package may cause your system to
891 become totally broken and you may not even be able to use
892 <command>dpkg</command> to put things back, so only do so if
893 you know what you are doing.
894 </para>
895 <para>
896 Systems with only the <literal>required</literal>
897 packages installed have at least enough functionality
898 for the sysadmin to boot the system and install more
899 software.
900 </para>
901 </listitem>
902 </varlistentry>
903 <varlistentry>
904 <term><literal>important</literal></term>
905 <listitem>
906 <para>
907 Important programs, including those which one would expect
908 to find on any Unix-like system. If the expectation is that
909 an experienced Unix person who found it missing would say
910 "What on earth is going on, where is
911 <command>foo</command>?", it must be an
912 <literal>important</literal> package.
913 <footnote>
914 <para>
915 This is an important criterion because we are trying to
916 produce, amongst other things, a free Unix.
917 </para>
918 </footnote>
919 Other packages without which the system will not run well or
920 be usable must also have priority
921 <literal>important</literal>. This does
922 <emphasis>not</emphasis> include Emacs, the X Window System,
923 TeX or any other large applications. The
924 <literal>important</literal> packages are just a bare
925 minimum of commonly-expected and necessary tools.
926 </para>
927 </listitem>
928 </varlistentry>
929 <varlistentry>
930 <term><literal>standard</literal></term>
931 <listitem>
932 <para>
933 These packages provide a reasonably small but not too
934 limited character-mode system. This is what will be
935 installed by default if the user doesn't select anything
936 else. It doesn't include many large applications.
937 </para>
938 <para>
939 No two packages that both have a priority of
940 <literal>standard</literal> or higher may conflict with each
941 other.
942 </para>
943 </listitem>
944 </varlistentry>
945 <varlistentry>
946 <term><literal>optional</literal></term>
947 <listitem>
948 <para>
949 This is the default priority for the majority of the
950 archive. Unless a package should be installed by default on
951 standard Debian systems, it should have a priority of
952 <literal>optional</literal>. Packages with a priority of
953 <literal>optional</literal> may conflict with each other.
954 </para>
955 </listitem>
956 </varlistentry>
957 <varlistentry>
958 <term><literal>extra</literal></term>
959 <listitem>
960 <para>
961 <emphasis>This priority is deprecated.</emphasis> Use the
962 <literal>optional</literal> priority instead. This priority
963 should be treated as equivalent to
964 <literal>optional</literal>.
965 </para>
966 <para>
967 The <literal>extra</literal> priority was previously used
968 for packages that conflicted with other packages and
969 packages that were only likely to be useful to people with
970 specialized requirements. However, this distinction was
971 somewhat arbitrary, not consistently followed, and not
972 useful enough to warrant the maintenance effort.
973 </para>
974 </listitem>
975 </varlistentry>
976 </variablelist>
977 </section>
978 </chapter>
980 <chapter id="ch-binary">
981 <title>Binary packages</title>
983 <para>
984 The Debian distribution is based on the Debian package management
985 system, called <command>dpkg</command>. Thus, all packages in the
986 Debian distribution must be provided in the <literal>.deb</literal>
987 file format.
988 </para>
989 <para>
990 A <literal>.deb</literal> package contains two sets of files: a set
991 of files to install on the system when the package is installed, and
992 a set of files that provide additional metadata about the package or
993 which are executed when the package is installed or removed. This
994 second set of files is called <emphasis>control information
995 files</emphasis>. Among those files are the package maintainer
996 scripts and <filename>control</filename>, the <link
997 linkend="s-binarycontrolfiles">binary package control file</link>
998 that contains the control fields for the package. Other control
999 information files include the <link
1000 linkend="s-sharedlibs-symbols"><filename>symbols</filename>
1001 file</link> or <link
1002 linkend="s-sharedlibs-shlibdeps"><filename>shlibs</filename>
1003 file</link> used to store shared library dependency information and
1004 the <filename>conffiles</filename> file that lists the package's
1005 configuration files (described in <xref linkend="s-config-files"/>).
1006 </para>
1007 <para>
1008 There is unfortunately a collision of terminology here between
1009 control information files and files in the Debian control file
1010 format. Throughout this document, a <emphasis>control
1011 file</emphasis> refers to a file in the Debian control file format.
1012 These files are documented in <xref linkend="ch-controlfields"/>.
1013 Only files referred to specifically as <emphasis>control information
1014 files</emphasis> are the files included in the control information
1015 file member of the <filename>.deb</filename> file format used by
1016 binary packages. Most control information files are not in the
1017 Debian control file format.
1018 </para>
1020 <section id="s3.1">
1021 <title>The package name</title>
1023 <para>
1024 Every package must have a name that's unique within the Debian
1025 archive.
1026 </para>
1027 <para>
1028 The package name is included in the control field
1029 <literal>Package</literal>, the format of which is described in
1030 <xref linkend="s-f-Package"/>. The package name is also included
1031 as a part of the file name of the <literal>.deb</literal> file.
1032 </para>
1033 </section>
1035 <section id="s-versions">
1036 <title>The version of a package</title>
1038 <para>
1039 Every package has a version number recorded in its
1040 <literal>Version</literal> control file field, described in <xref
1041 linkend="s-f-Version"/>.
1042 </para>
1043 <para>
1044 The package management system imposes an ordering on version
1045 numbers, so that it can tell whether packages are being up- or
1046 downgraded and so that package system front end applications can
1047 tell whether a package it finds available is newer than the one
1048 installed on the system. The version number format has the most
1049 significant parts (as far as comparison is concerned) at the
1050 beginning.
1051 </para>
1052 <para>
1053 If an upstream package has problematic version numbers they should
1054 be converted to a sane form for use in the
1055 <literal>Version</literal> field.
1056 </para>
1058 <section id="s3.2.1">
1059 <title>Version numbers based on dates</title>
1061 <para>
1062 In general, Debian packages should use the same version numbers
1063 as the upstream sources. However, upstream version numbers
1064 based on some date formats (sometimes used for development or
1065 "snapshot" releases) will not be ordered correctly by the
1066 package management software. For example,
1067 <command>dpkg</command> will consider "96May01" to be greater
1068 than "96Dec24".
1069 </para>
1070 <para>
1071 To prevent having to use epochs for every new upstream version,
1072 the date-based portion of any upstream version number should be
1073 given in a way that sorts correctly: four-digit year first,
1074 followed by a two-digit numeric month, followed by a two-digit
1075 numeric date, possibly with punctuation between the components.
1076 </para>
1077 <para>
1078 Native Debian packages (i.e., packages which have been written
1079 especially for Debian) whose version numbers include dates
1080 should also follow these rules. If punctuation is desired
1081 between the date components, remember that hyphen
1082 (<literal>-</literal>) cannot be used in native package
1083 versions. Period (<literal>.</literal>) is normally a good
1084 choice.
1085 </para>
1086 </section>
1087 </section>
1089 <section id="s-maintainer">
1090 <title>The maintainer of a package</title>
1092 <para>
1093 Every package must have a maintainer, except for orphaned packages
1094 as described below. The maintainer may be one person or a group
1095 of people reachable from a common email address, such as a mailing
1096 list. The maintainer is responsible for maintaining the Debian
1097 packaging files, evaluating and responding appropriately to
1098 reported bugs, uploading new versions of the package (either
1099 directly or through a sponsor), ensuring that the package is
1100 placed in the appropriate archive area and included in Debian
1101 releases as appropriate for the stability and utility of the
1102 package, and requesting removal of the package from the Debian
1103 distribution if it is no longer useful or maintainable.
1104 </para>
1105 <para>
1106 The maintainer must be specified in the
1107 <literal>Maintainer</literal> control field with their correct
1108 name and a working email address. The email address given in the
1109 <literal>Maintainer</literal> control field must accept mail from
1110 those role accounts in Debian used to send automated mails
1111 regarding the package. This includes non-spam mail from the
1112 bug-tracking system, all mail from the Debian archive maintenance
1113 software, and other role accounts or automated processes that are
1114 commonly agreed on by the project.
1115 <footnote>
1116 <para>
1117 A sample implementation of such a whitelist written for the
1118 Mailman mailing list management software is used for mailing
1119 lists hosted by alioth.debian.org.
1120 </para>
1121 </footnote>
1122 If one person or team maintains several packages, they should use
1123 the same form of their name and email address in the
1124 <literal>Maintainer</literal> fields of those packages.
1125 </para>
1126 <para>
1127 The format of the <literal>Maintainer</literal> control field is
1128 described in <xref linkend="s-f-Maintainer"/>.
1129 </para>
1130 <para>
1131 If the maintainer of the package is a team of people with a shared
1132 email address, the <literal>Uploaders</literal> control field must
1133 be present and must contain at least one human with their personal
1134 email address. See <xref linkend="s-f-Uploaders"/> for the syntax
1135 of that field.
1136 </para>
1137 <para>
1138 An orphaned package is one with no current maintainer. Orphaned
1139 packages should have their <literal>Maintainer</literal> control
1140 field set to <literal>Debian QA Group
1141 <packages@qa.debian.org></literal>. These packages are
1142 considered maintained by the Debian project as a whole until
1143 someone else volunteers to take over maintenance.
1144 <footnote>
1145 <para>
1146 The detailed procedure for gracefully orphaning a package can
1147 be found in the Debian Developer's Reference (see <xref
1148 linkend="s-related"/>).
1149 </para>
1150 </footnote>
1151 </para>
1152 </section>
1154 <section id="s-descriptions">
1155 <title>The description of a package</title>
1157 <para>
1158 Every Debian package must have a <literal>Description</literal>
1159 control field which contains a synopsis and extended description
1160 of the package. Technical information about the format of the
1161 <literal>Description</literal> field is in <xref
1162 linkend="s-f-Description"/>.
1163 </para>
1164 <para>
1165 The description should describe the package (the program) to a
1166 user (system administrator) who has never met it before so that
1167 they have enough information to decide whether they want to
1168 install it. This description should not just be copied verbatim
1169 from the program's documentation.
1170 </para>
1171 <para>
1172 Put important information first, both in the synopsis and extended
1173 description. Sometimes only the first part of the synopsis or of
1174 the description will be displayed. You can assume that there will
1175 usually be a way to see the whole extended description.
1176 </para>
1177 <para>
1178 The description should also give information about the significant
1179 dependencies and conflicts between this package and others, so
1180 that the user knows why these dependencies and conflicts have been
1181 declared.
1182 </para>
1183 <para>
1184 Instructions for configuring or using the package should not be
1185 included (that is what installation scripts, manual pages, info
1186 files, etc., are for). Copyright statements and other
1187 administrivia should not be included either (that is what the
1188 copyright file is for).
1189 </para>
1191 <section id="s-synopsis">
1192 <title>The single line synopsis</title>
1194 <para>
1195 The single line synopsis should be kept brief - certainly under
1196 80 characters.
1197 </para>
1198 <para>
1199 Do not include the package name in the synopsis line. The
1200 display software knows how to display this already, and you do
1201 not need to state it. Remember that in many situations the user
1202 may only see the synopsis line - make it as informative as you
1203 can.
1204 </para>
1205 </section>
1207 <section id="s-extendeddesc">
1208 <title>The extended description</title>
1210 <para>
1211 Do not try to continue the single line synopsis into the
1212 extended description. This will not work correctly when the
1213 full description is displayed, and makes no sense where only the
1214 summary (the single line synopsis) is available.
1215 </para>
1216 <para>
1217 The extended description should describe what the package does
1218 and how it relates to the rest of the system (in terms of, for
1219 example, which subsystem it is which part of).
1220 </para>
1221 <para>
1222 The description field needs to make sense to anyone, even people
1223 who have no idea about any of the things the package deals
1224 with.
1225 <footnote>
1226 <para>
1227 The blurb that comes with a program in its announcements
1228 and/or <command>README</command> files is rarely suitable
1229 for use in a description. It is usually aimed at people who
1230 are already in the community where the package is used.
1231 </para>
1232 </footnote>
1233 </para>
1234 </section>
1235 </section>
1237 <section id="s-dependencies">
1238 <title>Dependencies</title>
1240 <para>
1241 Every package must specify the dependency information about other
1242 packages that are required for the first to work correctly.
1243 </para>
1244 <para>
1245 For example, a dependency entry must be provided for any shared
1246 libraries required by a dynamically-linked executable binary in a
1247 package.
1248 </para>
1249 <para>
1250 Packages are not required to declare any dependencies they have on
1251 other packages which are marked <literal>Essential</literal> (see
1252 below), and should not do so unless they depend on a particular
1253 version of that package.
1254 <footnote>
1255 <para>
1256 Essential is needed in part to avoid unresolvable dependency
1257 loops on upgrade. If packages add unnecessary dependencies on
1258 packages in this set, the chances that there <emphasis
1259 role="strong">will</emphasis> be an unresolvable dependency
1260 loop caused by forcing these Essential packages to be
1261 configured first before they need to be is greatly increased.
1262 It also increases the chances that frontends will be unable to
1263 <emphasis role="strong">calculate</emphasis> an upgrade path,
1264 even if one exists.
1265 </para>
1266 <para>
1267 Also, functionality is rarely ever removed from the Essential
1268 set, but <emphasis>packages</emphasis> have been removed from
1269 the Essential set when the functionality moved to a different
1270 package. So depending on these packages <emphasis>just in
1271 case</emphasis> they stop being essential does way more harm
1272 than good.
1273 </para>
1274 </footnote>
1275 </para>
1276 <para>
1277 Sometimes, unpacking one package requires that another package be
1278 first unpacked <emphasis>and</emphasis> configured. In this case,
1279 the depending package must specify this dependency in the
1280 <literal>Pre-Depends</literal> control field.
1281 </para>
1282 <para>
1283 You should not specify a <literal>Pre-Depends</literal> entry for
1284 a package before this has been discussed on the
1285 <literal>debian-devel</literal> mailing list and a consensus about
1286 doing that has been reached.
1287 </para>
1288 <para>
1289 The format of the package interrelationship control fields is
1290 described in <xref linkend="ch-relationships"/>.
1291 </para>
1292 </section>
1294 <section id="s-virtual-pkg">
1295 <title>Virtual packages</title>
1297 <para>
1298 Sometimes, there are several packages which offer more-or-less the
1299 same functionality. In this case, it's useful to define a
1300 <emphasis>virtual package</emphasis> whose name describes that
1301 common functionality. (The virtual packages only exist logically,
1302 not physically; that's why they are called
1303 <emphasis>virtual</emphasis>.) The packages with this particular
1304 function will then <emphasis>provide</emphasis> the virtual
1305 package. Thus, any other package requiring that function can
1306 simply depend on the virtual package without having to specify all
1307 possible packages individually.
1308 </para>
1309 <para>
1310 All packages should use virtual package names where appropriate,
1311 and arrange to create new ones if necessary. They should not use
1312 virtual package names (except privately, amongst a cooperating
1313 group of packages) unless they have been agreed upon and appear in
1314 the list of virtual package names. (See also <xref
1315 linkend="s-virtual"/>)
1316 </para>
1317 <para>
1318 The latest version of the authoritative list of virtual package
1319 names can be found in the <literal>debian-policy</literal>
1320 package. It is also available from the Debian web mirrors at
1321 <ulink
1322 url="https://www.debian.org/doc/packaging-manuals/virtual-package-names-list.txt">https://www.debian.org/doc/packaging-manuals/virtual-package-names-list.txt</ulink>.
1323 </para>
1324 <para>
1325 The procedure for updating the list is described in the preface to
1326 the list.
1327 </para>
1328 </section>
1330 <section id="s3.7">
1331 <title>Base system</title>
1333 <para>
1334 The <literal>base system</literal> is a minimum subset of the
1335 Debian system that is installed before everything else on a new
1336 system. Only very few packages are allowed to form part of the
1337 base system, in order to keep the required disk usage very small.
1338 </para>
1339 <para>
1340 The base system consists of all those packages with priority
1341 <literal>required</literal> or <literal>important</literal>. Many
1342 of them will be tagged <literal>essential</literal> (see below).
1343 </para>
1344 </section>
1346 <section id="s3.8">
1347 <title>Essential packages</title>
1349 <para>
1350 Essential is defined as the minimal set of functionality that must
1351 be available and usable on the system at all times, even when
1352 packages are in the "Unpacked" state. Packages are tagged
1353 <literal>essential</literal> for a system using the
1354 <literal>Essential</literal> control field. The format of the
1355 <literal>Essential</literal> control field is described in <xref
1356 linkend="s-f-Essential"/>.
1357 </para>
1358 <para>
1359 Since these packages cannot be easily removed (one has to specify
1360 an extra <emphasis>force option</emphasis> to
1361 <command>dpkg</command> to do so), this flag must not be used
1362 unless absolutely necessary. A shared library package must not be
1363 tagged <literal>essential</literal>; dependencies will prevent its
1364 premature removal, and we need to be able to remove it when it has
1365 been superseded.
1366 </para>
1367 <para>
1368 Since dpkg will not prevent upgrading of other packages while an
1369 <literal>essential</literal> package is in an unconfigured state,
1370 all <literal>essential</literal> packages must supply all of their
1371 core functionality even when unconfigured. If the package cannot
1372 satisfy this requirement it must not be tagged as essential, and
1373 any packages depending on this package must instead have explicit
1374 dependency fields as appropriate.
1375 </para>
1376 <para>
1377 Maintainers should take great care in adding any programs,
1378 interfaces, or functionality to <literal>essential</literal>
1379 packages. Packages may assume that functionality provided by
1380 <literal>essential</literal> packages is always available without
1381 declaring explicit dependencies, which means that removing
1382 functionality from the Essential set is very difficult and is
1383 almost never done. Any capability added to an
1384 <literal>essential</literal> package therefore creates an
1385 obligation to support that capability as part of the Essential set
1386 in perpetuity.
1387 </para>
1388 <para>
1389 You must not tag any packages <literal>essential</literal> before
1390 this has been discussed on the <literal>debian-devel</literal>
1391 mailing list and a consensus about doing that has been reached.
1392 </para>
1393 </section>
1395 <section id="s-maintscripts">
1396 <title>Maintainer Scripts</title>
1398 <para>
1399 The package installation scripts should avoid producing output
1400 which is unnecessary for the user to see and should rely on
1401 <command>dpkg</command> to stave off boredom on the part of a user
1402 installing many packages. This means, amongst other things, not
1403 passing the <literal>--verbose</literal> option to
1404 <command>update-alternatives</command>.
1405 </para>
1406 <para>
1407 Errors which occur during the execution of an installation script
1408 must be checked and the installation must not continue after an
1409 error.
1410 </para>
1411 <para>
1412 Note that in general <xref linkend="s-scripts"/> applies to
1413 package maintainer scripts, too.
1414 </para>
1415 <para>
1416 You should not use <command>dpkg-divert</command> on a file
1417 belonging to another package without consulting the maintainer of
1418 that package first. When adding or removing diversions, package
1419 maintainer scripts must provide the <literal>--package</literal>
1420 flag to <command>dpkg-divert</command> and must not use
1421 <literal>--local</literal>.
1422 </para>
1423 <para>
1424 All packages which supply an instance of a common command name
1425 (or, in general, filename) should generally use
1426 <command>update-alternatives</command>, so that they may be
1427 installed together. If <command>update-alternatives</command> is
1428 not used, then each package must use <literal>Conflicts</literal>
1429 to ensure that other packages are removed. (In this case, it may
1430 be appropriate to specify a conflict against earlier versions of
1431 something that previously did not use
1432 <command>update-alternatives</command>; this is an exception to
1433 the usual rule that versioned conflicts should be avoided.)
1434 </para>
1436 <section id="s-maintscriptprompt">
1437 <title>Prompting in maintainer scripts</title>
1439 <para>
1440 Package maintainer scripts may prompt the user if necessary.
1441 Prompting must be done by communicating through a program, such
1442 as <command>debconf</command>, which conforms to the Debian
1443 Configuration Management Specification, version 2 or higher.
1444 </para>
1445 <para>
1446 Packages which are essential, or which are dependencies of
1447 essential packages, may fall back on another prompting method if
1448 no such interface is available when they are executed.
1449 </para>
1450 <para>
1451 The Debian Configuration Management Specification is included in
1452 the <filename>debconf_specification</filename> files in the
1453 <systemitem role="package">debian-policy</systemitem> package.
1454 It is also available from the Debian web mirrors at <ulink
1455 url="https://www.debian.org/doc/packaging-manuals/debconf_specification.html">https://www.debian.org/doc/packaging-manuals/debconf_specification.html</ulink>.
1456 </para>
1457 <para>
1458 Packages which use the Debian Configuration Management
1459 Specification may contain the additional control information
1460 files <filename>config</filename> and
1461 <filename>templates</filename>. <filename>config</filename> is
1462 an additional maintainer script used for package configuration,
1463 and <filename>templates</filename> contains templates used for
1464 user prompting. The <command>config</command> script might be
1465 run before the <command>preinst</command> script and before the
1466 package is unpacked or any of its dependencies or
1467 pre-dependencies are satisfied. Therefore it must work using
1468 only the tools present in <emphasis>essential</emphasis>
1469 packages.
1470 <footnote>
1471 <para>
1472 <systemitem role="package">Debconf</systemitem> or another
1473 tool that implements the Debian Configuration Management
1474 Specification will also be installed, and any versioned
1475 dependencies on it will be satisfied before preconfiguration
1476 begins.
1477 </para>
1478 </footnote>
1479 </para>
1480 <para>
1481 Packages which use the Debian Configuration Management
1482 Specification must allow for translation of their user-visible
1483 messages by using a gettext-based system such as the one
1484 provided by the <systemitem
1485 role="package">po-debconf</systemitem> package.
1486 </para>
1487 <para>
1488 Packages should try to minimize the amount of prompting they
1489 need to do, and they should ensure that the user will only ever
1490 be asked each question once. This means that packages should
1491 try to use appropriate shared configuration files (such as
1492 <filename>/etc/papersize</filename> and
1493 <filename>/etc/news/server</filename>), and shared <systemitem
1494 role="package">debconf</systemitem> variables rather than each
1495 prompting for their own list of required pieces of information.
1496 </para>
1497 <para>
1498 It also means that an upgrade should not ask the same questions
1499 again, unless the user has used <literal>dpkg --purge</literal>
1500 to remove the package's configuration. The answers to
1501 configuration questions should be stored in an appropriate place
1502 in <filename>/etc</filename> so that the user can modify them,
1503 and how this has been done should be documented.
1504 </para>
1505 <para>
1506 If a package has a vitally important piece of information to
1507 pass to the user (such as "don't run me as I am, you must edit
1508 the following configuration files first or you risk your system
1509 emitting badly-formatted messages"), it should display this in
1510 the <command>config</command> or <command>postinst</command>
1511 script and prompt the user to hit return to acknowledge the
1512 message. Copyright messages do not count as vitally important
1513 (they belong in
1514 <filename>/usr/share/doc/<replaceable>package</replaceable>/copyright</filename>);
1515 neither do instructions on how to use a program (these should be
1516 in on-line documentation, where all the users can see them).
1517 </para>
1518 <para>
1519 Any necessary prompting should almost always be confined to the
1520 <command>config</command> or <command>postinst</command> script.
1521 If it is done in the <command>postinst</command>, it should be
1522 protected with a conditional so that unnecessary prompting
1523 doesn't happen if a package's installation fails and the
1524 <command>postinst</command> is called with
1525 <literal>abort-upgrade</literal>,
1526 <literal>abort-remove</literal> or
1527 <literal>abort-deconfigure</literal>.
1528 </para>
1529 </section>
1530 </section>
1531 </chapter>
1533 <chapter id="ch-source">
1534 <title>Source packages</title>
1536 <section id="s-standardsversion">
1537 <title>Standards conformance</title>
1539 <para>
1540 Source packages should specify the most recent version number of
1541 this policy document with which your package complied when it was
1542 last updated.
1543 </para>
1544 <para>
1545 This information may be used to file bug reports automatically if
1546 your package becomes too much out of date.
1547 </para>
1548 <para>
1549 The version is specified in the
1550 <literal>Standards-Version</literal> control field. The format of
1551 the <literal>Standards-Version</literal> field is described in
1552 <xref linkend="s-f-Standards-Version"/>.
1553 </para>
1554 <para>
1555 You should regularly, and especially if your package has become
1556 out of date, check for the newest Policy Manual available and
1557 update your package, if necessary. When your package complies
1558 with the new standards you should update the
1559 <literal>Standards-Version</literal> source package field and
1560 release it.
1561 <footnote>
1562 <para>
1563 See the file <filename>upgrading-checklist</filename> for
1564 information about policy which has changed between different
1565 versions of this document.
1566 </para>
1567 </footnote>
1568 </para>
1569 </section>
1571 <section id="s-pkg-relations">
1572 <title>Package relationships</title>
1574 <para>
1575 Source packages should specify which binary packages they require
1576 to be installed or not to be installed in order to build
1577 correctly. For example, if building a package requires a certain
1578 compiler, then the compiler should be specified as a build-time
1579 dependency.
1580 </para>
1581 <para>
1582 It is not necessary to explicitly specify build-time relationships
1583 on a minimal set of packages that are always needed to compile,
1584 link and put in a Debian package a standard "Hello World!"
1585 program written in C or C++. The required packages are called
1586 <emphasis>build-essential</emphasis>, and an informational list
1587 can be found in
1588 <filename>/usr/share/doc/build-essential/list</filename> (which is
1589 contained in the <literal>build-essential</literal>
1590 package).
1591 <footnote>
1592 <para>
1593 Rationale:
1594 </para>
1595 <itemizedlist>
1596 <listitem>
1597 <para>
1598 This allows maintaining the list separately from the
1599 policy documents (the list does not need the kind of
1600 control that the policy documents do).
1601 </para>
1602 </listitem>
1603 <listitem>
1604 <para>
1605 Having a separate package allows one to install the
1606 build-essential packages on a machine, as well as allowing
1607 other packages such as tasks to require installation of
1608 the build-essential packages using the depends relation.
1609 </para>
1610 </listitem>
1611 <listitem>
1612 <para>
1613 The separate package allows bug reports against the list
1614 to be categorized separately from the policy management
1615 process in the BTS.
1616 </para>
1617 </listitem>
1618 </itemizedlist>
1619 </footnote>
1620 </para>
1621 <para>
1622 When specifying the set of build-time dependencies, one should
1623 list only those packages explicitly required by the build. It is
1624 not necessary to list packages which are required merely because
1625 some other package in the list of build-time dependencies depends
1626 on them.
1627 <footnote>
1628 <para>
1629 The reason for this is that dependencies change, and you
1630 should list all those packages, and <emphasis>only</emphasis>
1631 those packages that <emphasis>you</emphasis> need directly.
1632 What others need is their business. For example, if you only
1633 link against <filename>libimlib</filename>, you will need to
1634 build-depend on <systemitem
1635 role="package">libimlib2-dev</systemitem> but not against any
1636 <literal>libjpeg*</literal> packages, even though
1637 <literal>libimlib2-dev</literal> currently depends on them:
1638 installation of <systemitem
1639 role="package">libimlib2-dev</systemitem> will automatically
1640 ensure that all of its run-time dependencies are satisfied.
1641 </para>
1642 </footnote>
1643 </para>
1644 <para>
1645 If build-time dependencies are specified, it must be possible to
1646 build the package and produce working binaries on a system with
1647 only essential and build-essential packages installed and also
1648 those required to satisfy the build-time relationships (including
1649 any implied relationships). In particular, this means that
1650 version clauses should be used rigorously in build-time
1651 relationships so that one cannot produce bad or inconsistently
1652 configured packages when the relationships are properly satisfied.
1653 </para>
1654 <para>
1655 <xref linkend="ch-relationships"/> explains the technical details.
1656 </para>
1657 </section>
1659 <section id="s4.3">
1660 <title>Changes to the upstream sources</title>
1662 <para>
1663 If changes to the source code are made that are not specific to
1664 the needs of the Debian system, they should be sent to the
1665 upstream authors in whatever form they prefer so as to be included
1666 in the upstream version of the package.
1667 </para>
1668 <para>
1669 If you need to configure the package differently for Debian or for
1670 Linux, and the upstream source doesn't provide a way to do so, you
1671 should add such configuration facilities (for example, a new
1672 <command>autoconf</command> test or <literal>#define</literal>)
1673 and send the patch to the upstream authors, with the default set
1674 to the way they originally had it. You can then easily override
1675 the default in your <filename>debian/rules</filename> or wherever
1676 is appropriate.
1677 </para>
1678 <para>
1679 You should make sure that the <command>configure</command> utility
1680 detects the correct architecture specification string (refer to
1681 <xref linkend="s-arch-spec"/> for details).
1682 </para>
1683 <para>
1684 If your package includes the scripts <command>config.sub</command>
1685 and <command>config.guess</command>, you should arrange for the
1686 versions provided by the package <systemitem
1687 role="package">autotools-dev</systemitem> be used instead (see
1688 <systemitem role="package">autotools-dev</systemitem>
1689 documentation for details how to achieve that). This ensures that
1690 these files can be updated distribution-wide at build time when
1691 introducing new architectures.
1692 </para>
1693 <para>
1694 If you need to edit a <command>Makefile</command> where GNU-style
1695 <command>configure</command> scripts are used, you should edit the
1696 <filename>.in</filename> files rather than editing the
1697 <command>Makefile</command> directly. This allows the user to
1698 reconfigure the package if necessary. You should
1699 <emphasis>not</emphasis> configure the package and edit the
1700 generated <command>Makefile</command>! This makes it impossible
1701 for someone else to later reconfigure the package without losing
1702 the changes you made.
1703 </para>
1704 </section>
1706 <section id="s-dpkgchangelog">
1707 <title>Debian changelog: <filename>debian/changelog</filename></title>
1709 <para>
1710 Changes in the Debian version of the package should be briefly
1711 explained in the Debian changelog file
1712 <filename>debian/changelog</filename>.
1713 <footnote>
1714 <para>
1715 Mistakes in changelogs are usually best rectified by making a
1716 new changelog entry rather than "rewriting history" by editing
1717 old changelog entries.
1718 </para>
1719 </footnote>
1720 This includes modifications made in the Debian package compared to
1721 the upstream one as well as other changes and updates to the
1722 package.
1723 <footnote>
1724 <para>
1725 Although there is nothing stopping an author who is also the
1726 Debian maintainer from using this changelog for all their
1727 changes, it will have to be renamed if the Debian and upstream
1728 maintainers become different people. In such a case, however,
1729 it might be better to maintain the package as a non-native
1730 package.
1731 </para>
1732 </footnote>
1733 </para>
1734 <para>
1735 The format of the <filename>debian/changelog</filename> allows the
1736 package building tools to discover which version of the package is
1737 being built and find out other release-specific information.
1738 </para>
1739 <para>
1740 That format is a series of entries like this:
1741 </para>
1742 <programlisting>
1743 <replaceable>package</replaceable> (<replaceable>version</replaceable>) <replaceable>distribution(s)</replaceable>; urgency=<replaceable>urgency</replaceable>
1744 <replaceable>[optional blank line(s), stripped]</replaceable>
1745 * <replaceable>change details</replaceable>
1746 <replaceable>more change details</replaceable>
1747 <replaceable>[blank line(s), included in output of dpkg-parsechangelog]</replaceable>
1748 * <replaceable>even more change details</replaceable>
1749 <replaceable>[optional blank line(s), stripped]</replaceable>
1750 -- <replaceable>maintainer name</replaceable> <<replaceable>email address</replaceable>><replaceable>[two spaces]</replaceable> <replaceable>date</replaceable></programlisting>
1751 <para>
1752 <replaceable>package</replaceable> and
1753 <replaceable>version</replaceable> are the source package name and
1754 version number.
1755 </para>
1756 <para>
1757 <replaceable>distribution(s)</replaceable> lists the distributions
1758 where this version should be installed when it is uploaded - it is
1759 copied to the <literal>Distribution</literal> field in the
1760 <filename>.changes</filename> file. See <xref
1761 linkend="s-f-Distribution"/>.
1762 </para>
1763 <para>
1764 <replaceable>urgency</replaceable> is the value for the
1765 <literal>Urgency</literal> field in the
1766 <filename>.changes</filename> file for the upload (see <xref
1767 linkend="s-f-Urgency"/>). It is not possible to specify an
1768 urgency containing commas; commas are used to separate
1769 <literal><replaceable>keyword</replaceable>=<replaceable>value</replaceable></literal>
1770 settings in the <command>dpkg</command> changelog format (though
1771 there is currently only one useful
1772 <replaceable>keyword</replaceable>, <literal>urgency</literal>).
1773 </para>
1774 <para>
1775 The change details may in fact be any series of lines starting
1776 with at least two spaces, but conventionally each change starts
1777 with an asterisk and a separating space and continuation lines are
1778 indented so as to bring them in line with the start of the text
1779 above. Blank lines may be used here to separate groups of
1780 changes, if desired.
1781 </para>
1782 <para>
1783 If this upload resolves bugs recorded in the Bug Tracking System
1784 (BTS), they may be automatically closed on the inclusion of this
1785 package into the Debian archive by including the string:
1786 <literal>closes: Bug#<replaceable>nnnnn</replaceable></literal>
1787 in the change details.
1788 <footnote>
1789 <para>
1790 To be precise, the string should match the following Perl
1791 regular expression:
1792 </para>
1793 <screen>/closes:\s*(?:bug)?\#?\s?\d+(?:,\s*(?:bug)?\#?\s?\d+)*/i</screen>
1794 <para>
1795 Then all of the bug numbers listed will be closed by the
1796 archive maintenance software (<command>dak</command>) using
1797 the <replaceable>version</replaceable> of the changelog entry.
1798 </para>
1799 </footnote>
1800 This information is conveyed via the <literal>Closes</literal>
1801 field in the <literal>.changes</literal> file (see <xref
1802 linkend="s-f-Closes"/>).
1803 </para>
1804 <para>
1805 The maintainer name and email address used in the changelog should
1806 be the details of the person who prepared this release of the
1807 package. They are <emphasis>not</emphasis> necessarily those of
1808 the uploader or usual package maintainer.
1809 <footnote>
1810 <para>
1811 In the case of a sponsored upload, the uploader signs the
1812 files, but the changelog maintainer name and address are those
1813 of the person who prepared this release. If the preparer of
1814 the release is not one of the usual maintainers of the package
1815 (as listed in the <link
1816 linkend="s-f-Maintainer"><literal>Maintainer</literal></link>
1817 or <link
1818 linkend="s-f-Uploaders"><literal>Uploaders</literal></link>
1819 control fields of the package), the first line of the
1820 changelog is conventionally used to explain why a
1821 non-maintainer is uploading the package. The Debian
1822 Developer's Reference (see <xref linkend="s-related"/>)
1823 documents the conventions used.
1824 </para>
1825 </footnote>
1826 The information here will be copied to the
1827 <literal>Changed-By</literal> field in the
1828 <literal>.changes</literal> file (see <xref
1829 linkend="s-f-Changed-By"/>), and then later used to send an
1830 acknowledgement when the upload has been installed.
1831 </para>
1832 <para>
1833 The <replaceable>date</replaceable> has the following format
1834 <footnote>
1835 <para>
1836 This is the same as the format generated by <literal>date
1837 -R</literal>.
1838 </para>
1839 </footnote>
1840 (compatible and with the same semantics of RFC 2822 and RFC 5322):
1841 </para>
1842 <screen>day-of-week, dd month yyyy hh:mm:ss +zzzz</screen>
1843 <para>
1844 where:
1845 </para>
1846 <itemizedlist>
1847 <listitem>
1848 <para>
1849 day-of week is one of: Mon, Tue, Wed, Thu, Fri, Sat, Sun
1850 </para>
1851 </listitem>
1852 <listitem>
1853 <para>
1854 dd is a one- or two-digit day of the month (01-31)
1855 </para>
1856 </listitem>
1857 <listitem>
1858 <para>
1859 month is one of: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep,
1860 Oct, Nov, Dec
1861 </para>
1862 </listitem>
1863 <listitem>
1864 <para>
1865 yyyy is the four-digit year (e.g. 2010)
1866 </para>
1867 </listitem>
1868 <listitem>
1869 <para>
1870 hh is the two-digit hour (00-23)
1871 </para>
1872 </listitem>
1873 <listitem>
1874 <para>
1875 mm is the two-digit minutes (00-59)
1876 </para>
1877 </listitem>
1878 <listitem>
1879 <para>
1880 ss is the two-digit seconds (00-60)
1881 </para>
1882 </listitem>
1883 <listitem>
1884 <para>
1885 +zzzz or -zzzz is the time zone offset from Coordinated
1886 Universal Time (UTC). "+" indicates that the time is ahead of
1887 (i.e., east of) UTC and "-" indicates that the time is behind
1888 (i.e., west of) UTC. The first two digits indicate the hour
1889 difference from UTC and the last two digits indicate the
1890 number of additional minutes difference from UTC. The last
1891 two digits must be in the range 00-59.
1892 </para>
1893 </listitem>
1894 </itemizedlist>
1895 <para>
1896 The first "title" line with the package name must start at the
1897 left hand margin. The "trailer" line with the maintainer and date
1898 details must be preceded by exactly one space. The maintainer
1899 details and the date must be separated by exactly two spaces.
1900 </para>
1901 <para>
1902 The entire changelog must be encoded in UTF-8.
1903 </para>
1904 <para>
1905 For more information on placement of the changelog files within
1906 binary packages, please see <xref linkend="s-changelogs"/>.
1907 </para>
1908 </section>
1910 <section id="s-dpkgcopyright">
1911 <title>Copyright: <filename>debian/copyright</filename></title>
1913 <para>
1914 Every package must be accompanied by a verbatim copy of its
1915 copyright information and distribution license in the file
1916 <filename>/usr/share/doc/<replaceable>package</replaceable>/copyright</filename>
1917 (see <xref linkend="s-copyrightfile"/> for further details). Also
1918 see <xref linkend="s-pkgcopyright"/> for further considerations
1919 related to copyrights for packages.
1920 </para>
1921 </section>
1923 <section id="s4.6">
1924 <title>Error trapping in makefiles</title>
1926 <para>
1927 When <command>make</command> invokes a command in a makefile
1928 (including your package's upstream makefiles and
1929 <filename>debian/rules</filename>), it does so using
1930 <command>sh</command>. This means that <command>sh</command>'s
1931 usual bad error handling properties apply: if you include a
1932 miniature script as one of the commands in your makefile you'll
1933 find that if you don't do anything about it then errors are not
1934 detected and <command>make</command> will blithely continue after
1935 problems.
1936 </para>
1937 <para>
1938 Every time you put more than one shell command (this includes
1939 using a loop) in a makefile command you must make sure that errors
1940 are trapped. For simple compound commands, such as changing
1941 directory and then running a program, using
1942 <literal>&&</literal> rather than semicolon as a command
1943 separator is sufficient. For more complex commands including most
1944 loops and conditionals you should include a separate <literal>set
1945 -e</literal> command at the start of every makefile command that's
1946 actually one of these miniature shell scripts.
1947 </para>
1948 </section>
1950 <section id="s-timestamps">
1951 <title>Time Stamps</title>
1953 <para>
1954 Maintainers should preserve the modification times of the upstream
1955 source files in a package, as far as is reasonably possible.
1956 <footnote>
1957 <para>
1958 The rationale is that there is some information conveyed by
1959 knowing the age of the file, for example, you could recognize
1960 that some documentation is very old by looking at the
1961 modification time, so it would be nice if the modification
1962 time of the upstream source would be preserved.
1963 </para>
1964 </footnote>
1965 </para>
1966 </section>
1968 <section id="s-restrictions">
1969 <title>Restrictions on objects in source packages</title>
1971 <para>
1972 The source package may not contain any hard links,
1973 <footnote>
1974 <para>
1975 This is not currently detected when building source packages,
1976 but only when extracting them.
1977 </para>
1978 <para>
1979 Hard links may be permitted at some point in the future, but
1980 would require a fair amount of work.
1981 </para>
1982 </footnote>
1983 device special files, sockets or setuid or setgid files.
1984 <footnote>
1985 <para>
1986 Setgid directories are allowed.
1987 </para>
1988 </footnote>
1989 </para>
1990 </section>
1992 <section id="s-debianrules">
1993 <title>Main building script: <filename>debian/rules</filename></title>
1995 <para>
1996 This file must be an executable makefile, and contains the
1997 package-specific recipes for compiling the package and building
1998 binary package(s) from the source.
1999 </para>
2000 <para>
2001 It must start with the line <literal>#!/usr/bin/make -f</literal>,
2002 so that it can be invoked by saying its name rather than invoking
2003 <command>make</command> explicitly. That is, invoking either of
2004 <literal>make -f debian/rules
2005 <replaceable>args...</replaceable></literal> or
2006 <literal>./debian/rules
2007 <replaceable>args...</replaceable></literal> must result in
2008 identical behavior.
2009 </para>
2010 <para>
2011 The following targets are required and must be implemented by
2012 <filename>debian/rules</filename>: <literal>clean</literal>,
2013 <literal>binary</literal>, <literal>binary-arch</literal>,
2014 <literal>binary-indep</literal>, <literal>build</literal>,
2015 <literal>build-arch</literal> and <literal>build-indep</literal>.
2016 These are the targets called by
2017 <command>dpkg-buildpackage</command>.
2018 </para>
2019 <para>
2020 Since an interactive <filename>debian/rules</filename> script
2021 makes it impossible to auto-compile that package and also makes it
2022 hard for other people to reproduce the same binary package, all
2023 required targets must be non-interactive. It also follows that
2024 any target that these targets depend on must also be
2025 non-interactive.
2026 </para>
2027 <para>
2028 For packages in the main archive, no required targets may attempt
2029 network access.
2030 </para>
2031 <para>
2032 The targets are as follows:
2033 </para>
2034 <variablelist>
2035 <varlistentry>
2036 <term><literal>build</literal> (required)</term>
2037 <listitem>
2038 <para>
2039 The <literal>build</literal> target should perform all the
2040 configuration and compilation of the package. If a package
2041 has an interactive pre-build configuration routine, the
2042 Debian source package must either be built after this has
2043 taken place (so that the binary package can be built without
2044 rerunning the configuration) or the configuration routine
2045 modified to become non-interactive. (The latter is
2046 preferable if there are architecture-specific features
2047 detected by the configuration routine.)
2048 </para>
2049 <para>
2050 For some packages, notably ones where the same source tree
2051 is compiled in different ways to produce two binary
2052 packages, the <literal>build</literal> target does not make
2053 much sense. For these packages it is good enough to provide
2054 two (or more) targets (<literal>build-a</literal> and
2055 <literal>build-b</literal> or whatever) for each of the ways
2056 of building the package, and a <literal>build</literal>
2057 target that does nothing. The <literal>binary</literal>
2058 target will have to build the package in each of the
2059 possible ways and make the binary package out of each.
2060 </para>
2061 <para>
2062 The <literal>build</literal> target must not do anything
2063 that might require root privilege.
2064 </para>
2065 <para>
2066 The <literal>build</literal> target may need to run the
2067 <literal>clean</literal> target first - see below.
2068 </para>
2069 <para>
2070 When a package has a configuration and build routine which
2071 takes a long time, or when the makefiles are poorly
2072 designed, or when <literal>build</literal> needs to run
2073 <literal>clean</literal> first, it is a good idea to
2074 <literal>touch build</literal> when the build process is
2075 complete. This will ensure that if <literal>debian/rules
2076 build</literal> is run again it will not rebuild the whole
2077 program.
2078 <footnote>
2079 <para>
2080 Another common way to do this is for
2081 <literal>build</literal> to depend on
2082 <command>build-stamp</command> and to do nothing else,
2083 and for the <command>build-stamp</command> target to do
2084 the building and to <literal>touch build-stamp</literal>
2085 on completion. This is especially useful if the build
2086 routine creates a file or directory called
2087 <literal>build</literal>; in such a case,
2088 <literal>build</literal> will need to be listed as a
2089 phony target (i.e., as a dependency of the
2090 <literal>.PHONY</literal> target). See the
2091 documentation of <command>make</command> for more
2092 information on phony targets.
2093 </para>
2094 </footnote>
2095 </para>
2096 </listitem>
2097 </varlistentry>
2098 <varlistentry>
2099 <term>
2100 <literal>build-arch</literal> (required),
2101 <literal>build-indep</literal> (required)
2102 </term>
2103 <listitem>
2104 <para>
2105 The <literal>build-arch</literal> target must perform all
2106 the configuration and compilation required for producing all
2107 architecture-dependent binary packages (those packages for
2108 which the body of the <literal>Architecture</literal> field
2109 in <literal>debian/control</literal> is not
2110 <literal>all</literal>). Similarly, the
2111 <literal>build-indep</literal> target must perform all the
2112 configuration and compilation required for producing all
2113 architecture-independent binary packages (those packages for
2114 which the body of the <literal>Architecture</literal> field
2115 in <literal>debian/control</literal> is
2116 <literal>all</literal>). The <literal>build</literal>
2117 target should either depend on those targets or take the
2118 same actions as invoking those targets would
2119 perform.
2120 <footnote>
2121 <para>
2122 This split allows binary-only builds to not install the
2123 dependencies required for the
2124 <literal>build-indep</literal> target and skip any
2125 resource-intensive build tasks that are only required
2126 when building architecture-independent binary packages.
2127 </para>
2128 </footnote>
2129 </para>
2130 <para>
2131 The <literal>build-arch</literal> and
2132 <literal>build-indep</literal> targets must not do anything
2133 that might require root privilege.
2134 </para>
2135 </listitem>
2136 </varlistentry>
2137 <varlistentry>
2138 <term>
2139 <literal>binary</literal> (required),
2140 <literal>binary-arch</literal> (required),
2141 <literal>binary-indep</literal> (required)
2142 </term>
2143 <listitem>
2144 <para>
2145 The <literal>binary</literal> target must be all that is
2146 necessary for the user to build the binary package(s)
2147 produced from this source package. It is split into two
2148 parts: <command>binary-arch</command> builds the binary
2149 packages which are specific to a particular architecture,
2150 and <literal>binary-indep</literal> builds those which are
2151 not.
2152 </para>
2153 <para>
2154 <literal>binary</literal> may be (and commonly is) a target
2155 with no commands which simply depends on
2156 <literal>binary-arch</literal> and
2157 <literal>binary-indep</literal>.
2158 </para>
2159 <para>
2160 Both <literal>binary-*</literal> targets should depend on
2161 the <literal>build</literal> target, or on the appropriate
2162 <literal>build-arch</literal> or
2163 <literal>build-indep</literal> target, so that the package
2164 is built if it has not been already. It should then create
2165 the relevant binary package(s), using
2166 <command>dpkg-gencontrol</command> to make their control
2167 files and <command>dpkg-deb</command> to build them and
2168 place them in the parent of the top level directory.
2169 </para>
2170 <para>
2171 Both the <literal>binary-arch</literal> and
2172 <literal>binary-indep</literal> targets
2173 <emphasis>must</emphasis> exist. If one of them has nothing
2174 to do (which will always be the case if the source generates
2175 only a single binary package, whether architecture-dependent
2176 or not), it must still exist and must always succeed.
2177 </para>
2178 <para>
2179 The <literal>binary</literal> targets must be invoked as
2180 root.
2181 <footnote>
2182 <para>
2183 The <command>fakeroot</command> package often allows one
2184 to build a package correctly even without being root.
2185 </para>
2186 </footnote>
2187 </para>
2188 </listitem>
2189 </varlistentry>
2190 <varlistentry>
2191 <term><literal>clean</literal> (required)</term>
2192 <listitem>
2193 <para>
2194 This must undo any effects that the <literal>build</literal>
2195 and <literal>binary</literal> targets may have had, except
2196 that it should leave alone any output files created in the
2197 parent directory by a run of a <literal>binary</literal>
2198 target.
2199 </para>
2200 <para>
2201 If a <literal>build</literal> file is touched at the end of
2202 the <literal>build</literal> target, as suggested above, it
2203 should be removed as the first action that
2204 <literal>clean</literal> performs, so that running
2205 <literal>build</literal> again after an interrupted
2206 <literal>clean</literal> doesn't think that everything is
2207 already done.
2208 </para>
2209 <para>
2210 The <literal>clean</literal> target may need to be invoked
2211 as root if <literal>binary</literal> has been invoked since
2212 the last <literal>clean</literal>, or if
2213 <literal>build</literal> has been invoked as root (since
2214 <literal>build</literal> may create directories, for
2215 example).
2216 </para>
2217 <para>
2218 The <literal>clean</literal> target cannot be used to
2219 remove files in the source tree that are not compatible
2220 with the DFSG. This is because the files would remain
2221 in the upstream tarball, and thus in the source package,
2222 so the source package would continue to violate DFSG.
2223 Instead, the upstream source should be repacked to
2224 remove those files.
2225 </para>
2226 </listitem>
2227 </varlistentry>
2228 <varlistentry>
2229 <term><literal>get-orig-source</literal> (optional)</term>
2230 <listitem>
2231 <para>
2232 This target fetches the most recent version of the original
2233 source package from a canonical archive site (via FTP or
2234 WWW, for example), does any necessary rearrangement to turn
2235 it into the original source tar file format described below,
2236 and leaves it in the current directory.
2237 </para>
2238 <para>
2239 This target may be invoked in any directory, and should take
2240 care to clean up any temporary files it may have left.
2241 </para>
2242 <para>
2243 This target is optional, but providing it if possible is a
2244 good idea.
2245 </para>
2246 </listitem>
2247 </varlistentry>
2248 <varlistentry>
2249 <term><literal>patch</literal> (optional)</term>
2250 <listitem>
2251 <para>
2252 This target performs whatever additional actions are
2253 required to make the source ready for editing (unpacking
2254 additional upstream archives, applying patches, etc.). It
2255 is recommended to be implemented for any package where
2256 <literal>dpkg-source -x</literal> does not result in source
2257 ready for additional modification. See <xref
2258 linkend="s-readmesource"/>.
2259 </para>
2260 </listitem>
2261 </varlistentry>
2262 </variablelist>
2263 <para>
2264 The <literal>build</literal>, <literal>binary</literal> and
2265 <literal>clean</literal> targets must be invoked with the current
2266 directory being the package's top-level directory.
2267 </para>
2268 <para>
2269 Additional targets may exist in <filename>debian/rules</filename>,
2270 either as published or undocumented interfaces or for the
2271 package's internal use.
2272 </para>
2273 <para>
2274 The architectures we build on and build for are determined by
2275 <command>make</command> variables using the utility
2276 <command>dpkg-architecture</command>. You can determine the
2277 Debian architecture and the GNU style architecture specification
2278 string for the build architecture as well as for the host
2279 architecture. The build architecture is the architecture on which
2280 <filename>debian/rules</filename> is run and the package build is
2281 performed. The host architecture is the architecture on which the
2282 resulting package will be installed and run. The target
2283 architecture is the architecture of the packages that the compiler
2284 currently being built will generate. These are normally the same,
2285 but may be different in the case of cross-compilation (building
2286 packages for one architecture on machines of a different
2287 architecture), building a cross-compiler (a compiler package that
2288 will generate objects for one architecture, built on a machine of
2289 a different architecture) or a Canadian cross-compiler (a compiler
2290 that will generate objects for one architecture, built on a
2291 machine of a different architecture, that will run on yet a
2292 different architecture).
2293 </para>
2294 <para>
2295 Here is a list of supported <command>make</command> variables:
2296 </para>
2297 <itemizedlist>
2298 <listitem>
2299 <para>
2300 <literal>DEB_*_ARCH</literal> (the Debian architecture)
2301 </para>
2302 </listitem>
2303 <listitem>
2304 <para>
2305 <literal>DEB_*_ARCH_CPU</literal> (the Debian CPU name)
2306 </para>
2307 </listitem>
2308 <listitem>
2309 <para>
2310 <literal>DEB_*_ARCH_BITS</literal> (the Debian CPU pointer
2311 size in bits)
2312 </para>
2313 </listitem>
2314 <listitem>
2315 <para>
2316 <literal>DEB_*_ARCH_ENDIAN</literal> (the Debian CPU endianness)
2317 </para>
2318 </listitem>
2319 <listitem>
2320 <para>
2321 <literal>DEB_*_ARCH_OS</literal> (the Debian System name)
2322 </para>
2323 </listitem>
2324 <listitem>
2325 <para>
2326 <literal>DEB_*_GNU_TYPE</literal> (the GNU style architecture
2327 specification string)
2328 </para>
2329 </listitem>
2330 <listitem>
2331 <para>
2332 <literal>DEB_*_GNU_CPU</literal> (the CPU part of
2333 <literal>DEB_*_GNU_TYPE</literal>)
2334 </para>
2335 </listitem>
2336 <listitem>
2337 <para>
2338 <literal>DEB_*_GNU_SYSTEM</literal> (the System part of
2339 <literal>DEB_*_GNU_TYPE</literal>)
2340 </para>
2341 </listitem>
2342 </itemizedlist>
2343 <para>
2344 where <literal>*</literal> is either <literal>BUILD</literal> for
2345 specification of the build architecture, <literal>HOST</literal>
2346 for specification of the host architecture or
2347 <literal>TARGET</literal> for specification of the target
2348 architecture.
2349 </para>
2350 <para>
2351 Backward compatibility can be provided in the rules file by
2352 setting the needed variables to suitable default values; please
2353 refer to the documentation of <command>dpkg-architecture</command>
2354 for details.
2355 </para>
2356 <para>
2357 It is important to understand that the
2358 <literal>DEB_*_ARCH</literal> string only determines which Debian
2359 architecture we are building on or for. It should not be used to
2360 get the CPU or system information; the
2361 <literal>DEB_*_ARCH_CPU</literal> and
2362 <literal>DEB_*_ARCH_OS</literal> variables should be used for
2363 that. GNU style variables should generally only be used with
2364 upstream build systems.
2365 </para>
2367 <section id="s-debianrules-options">
2368 <title>
2369 <filename>debian/rules</filename> and
2370 <literal>DEB_BUILD_OPTIONS</literal>
2371 </title>
2373 <para>
2374 Supporting the standardized environment variable
2375 <literal>DEB_BUILD_OPTIONS</literal> is recommended. This
2376 variable can contain several flags to change how a package is
2377 compiled and built. Each flag must be in the form
2378 <replaceable>flag</replaceable> or
2379 <replaceable>flag</replaceable>=<replaceable>options</replaceable>.
2380 If multiple flags are given, they must be separated by
2381 whitespace.
2382 <footnote>
2383 <para>
2384 Some packages support any delimiter, but whitespace is the
2385 easiest to parse inside a makefile and avoids ambiguity with
2386 flag values that contain commas.
2387 </para>
2388 </footnote>
2389 <replaceable>flag</replaceable> must start with a lowercase
2390 letter (<literal>a-z</literal>) and consist only of lowercase
2391 letters, numbers (<literal>0-9</literal>), and the characters
2392 <literal>-</literal> and <literal>_</literal> (hyphen and
2393 underscore). <replaceable>options</replaceable> must not
2394 contain whitespace. The same tag should not be given multiple
2395 times with conflicting values. Package maintainers may assume
2396 that <literal>DEB_BUILD_OPTIONS</literal> will not contain
2397 conflicting tags.
2398 </para>
2399 <para>
2400 The meaning of the following tags has been standardized:
2401 </para>
2402 <variablelist>
2403 <varlistentry>
2404 <term>nocheck</term>
2405 <listitem>
2406 <para>
2407 This tag says to not run any build-time test suite
2408 provided by the package.
2409 </para>
2410 </listitem>
2411 </varlistentry>
2412 <varlistentry>
2413 <term>nodoc</term>
2414 <listitem>
2415 <para>
2416 This tag says to skip any build steps that only generate
2417 package documentation. Files required by other sections
2418 of Debian Policy, such as copyright and changelog files,
2419 must still be generated and put in the package, but other
2420 generated documentation such as help2man-generated pages,
2421 Doxygen-generated API documentation, or info pages
2422 generated from Texinfo sources should be skipped if
2423 possible. This option does not change the set of binary
2424 packages generated by the source package, but
2425 documentation-only binary packages may be nearly empty
2426 when built with this option.
2427 </para>
2428 </listitem>
2429 </varlistentry>
2430 <varlistentry>
2431 <term>noopt</term>
2432 <listitem>
2433 <para>
2434 The presence of this tag means that the package should be
2435 compiled with a minimum of optimization. For C programs,
2436 it is best to add <literal>-O0</literal> to
2437 <literal>CFLAGS</literal> (although this is usually the
2438 default). Some programs might fail to build or run at
2439 this level of optimization; it may be necessary to use
2440 <literal>-O1</literal>, for example.
2441 </para>
2442 </listitem>
2443 </varlistentry>
2444 <varlistentry>
2445 <term>nostrip</term>
2446 <listitem>
2447 <para>
2448 This tag means that the debugging symbols should not be
2449 stripped from the binary during installation, so that
2450 debugging information may be included in the package.
2451 </para>
2452 </listitem>
2453 </varlistentry>
2454 <varlistentry>
2455 <term>parallel=n</term>
2456 <listitem>
2457 <para>
2458 This tag means that the package should be built using up
2459 to <literal>n</literal> parallel processes if the package
2460 build system supports this.
2461 <footnote>
2462 <para>
2463 Packages built with <literal>make</literal> can often
2464 implement this by passing the
2465 <literal>-j</literal><replaceable>n</replaceable>
2466 option to <literal>make</literal>.
2467 </para>
2468 </footnote>
2469 If the package build system does not support parallel
2470 builds, this string must be ignored. If the package build
2471 system only supports a lower level of concurrency than
2472 <replaceable>n</replaceable>, the package should be built
2473 using as many parallel processes as the package build
2474 system supports. It is up to the package maintainer to
2475 decide whether the package build times are long enough and
2476 the package build system is robust enough to make
2477 supporting parallel builds worthwhile.
2478 </para>
2479 </listitem>
2480 </varlistentry>
2481 </variablelist>
2482 <para>
2483 Unknown flags must be ignored by
2484 <filename>debian/rules</filename>.
2485 </para>
2486 <para>
2487 The following makefile snippet is an example of how one may
2488 implement the build options; you will probably have to massage
2489 this example in order to make it work for your package.
2490 </para>
2491 <programlisting>
2492 CFLAGS = -Wall -g
2493 INSTALL = install
2494 INSTALL_FILE = $(INSTALL) -p -o root -g root -m 644
2495 INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755
2496 INSTALL_SCRIPT = $(INSTALL) -p -o root -g root -m 755
2497 INSTALL_DIR = $(INSTALL) -p -d -o root -g root -m 755
2499 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
2500 CFLAGS += -O0
2501 else
2502 CFLAGS += -O2
2503 endif
2504 ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS)))
2505 INSTALL_PROGRAM += -s
2506 endif
2507 ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2508 NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
2509 MAKEFLAGS += -j$(NUMJOBS)
2510 endif
2512 build:
2513 # ...
2514 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
2515 # Code to run the package test suite.
2516 endif</programlisting>
2517 </section>
2518 </section>
2520 <section id="s-substvars">
2521 <title>
2522 Variable substitutions: <filename>debian/substvars</filename>
2523 </title>
2525 <para>
2526 When <command>dpkg-gencontrol</command> generates <link
2527 linkend="s-binarycontrolfiles">binary package control files</link>
2528 (<filename>DEBIAN/control</filename>), it performs variable
2529 substitutions on its output just before writing it. Variable
2530 substitutions have the form
2531 <literal>${<replaceable>variable</replaceable>}</literal>. The
2532 optional file <filename>debian/substvars</filename> contains
2533 variable substitutions to be used; variables can also be set
2534 directly from <filename>debian/rules</filename> using the
2535 <literal>-V</literal> option to the source packaging commands, and
2536 certain predefined variables are also available.
2537 </para>
2538 <para>
2539 The <filename>debian/substvars</filename> file is usually
2540 generated and modified dynamically by
2541 <filename>debian/rules</filename> targets, in which case it must
2542 be removed by the <literal>clean</literal> target.
2543 </para>
2544 <para>
2545 See
2546 <citerefentry><refentrytitle>deb-substvars</refentrytitle><manvolnum>5</manvolnum></citerefentry>
2547 for full details about source variable substitutions, including
2548 the format of <filename>debian/substvars</filename>.
2549 </para>
2550 </section>
2552 <section id="s-debianwatch">
2553 <title>
2554 Optional upstream source location: <filename>debian/watch</filename>
2555 </title>
2557 <para>
2558 This is an optional, recommended configuration file for
2559 the <command>uscan</command> utility which defines how to
2560 automatically scan ftp or http sites for newly available updates
2561 of the package. This is also used by some Debian QA tools to help
2562 with quality control and maintenance of the distribution as a
2563 whole.
2564 </para>
2565 <para>
2566 If the upstream maintainer of the software provides OpenPGP
2567 signatures for new releases, including the information
2568 required for <command>uscan</command> to verify signatures
2569 for new upstream releases is also recommended. To do
2570 this, use the <literal>pgpsigurlmangle</literal> option in
2571 <filename>debian/watch</filename> to specify the location
2572 of the upstream signature, and include the key or keys used
2573 to sign upstream releases in the Debian source package as
2574 <filename>debian/upstream/signing-key.asc</filename>.
2575 </para>
2576 <para>
2577 For more information about <command>uscan</command> and these
2578 options, including how to generate the file containing upstream
2579 signing keys, see
2580 <citerefentry><refentrytitle>uscan</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
2581 </para>
2582 </section>
2584 <section id="s-debianfiles">
2585 <title>Generated files list: <filename>debian/files</filename></title>
2587 <para>
2588 This file is not a permanent part of the source tree; it is used
2589 while building packages to record which files are being generated.
2590 <command>dpkg-genchanges</command> uses it when it generates a
2591 <filename>.changes</filename> file.
2592 </para>
2593 <para>
2594 It should not exist in a shipped source package, and so it (and
2595 any backup files or temporary files such as
2596 <filename>files.new</filename>)
2597 <footnote>
2598 <para>
2599 <filename>files.new</filename> is used as a temporary file by
2600 <command>dpkg-gencontrol</command> and
2601 <command>dpkg-distaddfile</command> - they write a new version
2602 of <literal>files</literal> here before renaming it, to avoid
2603 leaving a corrupted copy if an error occurs.
2604 </para>
2605 </footnote>
2606 should be removed by the <literal>clean</literal> target. It may
2607 also be wise to ensure a fresh start by emptying or removing it at
2608 the start of the <literal>binary</literal> target.
2609 </para>
2610 <para>
2611 When <command>dpkg-gencontrol</command> is run for a binary
2612 package, it adds an entry to <filename>debian/files</filename> for
2613 the <filename>.deb</filename> file that will be created when
2614 <literal>dpkg-deb --build</literal> is run for that binary
2615 package. So for most packages all that needs to be done with this
2616 file is to delete it in the <literal>clean</literal> target.
2617 </para>
2618 <para>
2619 If a package upload includes files besides the source package and
2620 any binary packages whose control files were made with
2621 <command>dpkg-gencontrol</command> then they should be placed in
2622 the parent of the package's top-level directory and
2623 <command>dpkg-distaddfile</command> should be called to add the
2624 file to the list in <filename>debian/files</filename>.
2625 </para>
2626 </section>
2628 <section id="s-embeddedfiles">
2629 <title>Convenience copies of code</title>
2631 <para>
2632 Some software packages include in their distribution convenience
2633 copies of code from other software packages, generally so that
2634 users compiling from source don't have to download multiple
2635 packages. Debian packages should not make use of these
2636 convenience copies unless the included package is explicitly
2637 intended to be used in this way.
2638 <footnote>
2639 <para>
2640 For example, parts of the GNU build system work like this.
2641 </para>
2642 </footnote>
2643 If the included code is already in the Debian archive in the form
2644 of a library, the Debian packaging should ensure that binary
2645 packages reference the libraries already in Debian and the
2646 convenience copy is not used. If the included code is not already
2647 in Debian, it should be packaged separately as a prerequisite if
2648 possible.
2649 <footnote>
2650 <para>
2651 Having multiple copies of the same code in Debian is
2652 inefficient, often creates either static linking or shared
2653 library conflicts, and, most importantly, increases the
2654 difficulty of handling security vulnerabilities in the
2655 duplicated code.
2656 </para>
2657 </footnote>
2658 </para>
2659 </section>
2661 <section id="s-readmesource">
2662 <title>
2663 Source package handling: <filename>debian/README.source</filename>
2664 </title>
2665 <para>
2666 If running <command>dpkg-source -x</command> on a source package
2667 doesn't produce the source of the package, ready for editing, and
2668 allow one to make changes and run
2669 <command>dpkg-buildpackage</command> to produce a modified package
2670 without taking any additional steps, creating a
2671 <filename>debian/README.source</filename> documentation file is
2672 recommended. This file should explain how to do all of the
2673 following:
2674 </para>
2675 <orderedlist numeration="arabic">
2676 <listitem>
2677 <para>
2678 Generate the fully patched source, in a form ready for
2679 editing, that would be built to create Debian packages. Doing
2680 this with a <literal>patch</literal> target in
2681 <filename>debian/rules</filename> is recommended; see <xref
2682 linkend="s-debianrules"/>.
2683 </para>
2684 </listitem>
2685 <listitem>
2686 <para>
2687 Modify the source and save those modifications so that they
2688 will be applied when building the package.
2689 </para>
2690 </listitem>
2691 <listitem>
2692 <para>
2693 Remove source modifications that are currently being applied
2694 when building the package.
2695 </para>
2696 </listitem>
2697 <listitem>
2698 <para>
2699 Optionally, document what steps are necessary to upgrade the
2700 Debian source package to a new upstream version, if
2701 applicable.
2702 </para>
2703 </listitem>
2704 </orderedlist>
2705 <para>
2706 This explanation should include specific commands and mention any
2707 additional required Debian packages. It should not assume
2708 familiarity with any specific Debian packaging system or patch
2709 management tools.
2710 </para>
2711 <para>
2712 This explanation may refer to a documentation file installed by
2713 one of the package's build dependencies provided that the
2714 referenced documentation clearly explains these tasks and is not a
2715 general reference manual.
2716 </para>
2717 <para>
2718 <filename>debian/README.source</filename> may also include any
2719 other information that would be helpful to someone modifying the
2720 source package. Even if the package doesn't fit the above
2721 description, maintainers are encouraged to document in a
2722 <filename>debian/README.source</filename> file any source package
2723 with a particularly complex or unintuitive source layout or build
2724 system (for example, a package that builds the same source
2725 multiple times to generate different binary packages).
2726 </para>
2727 </section>
2728 </chapter>
2730 <chapter id="ch-controlfields">
2731 <title>Control files and their fields</title>
2733 <para>
2734 The package management system manipulates data represented in a
2735 common format, known as <emphasis>control data</emphasis>, stored in
2736 <emphasis>control files</emphasis>. Control files are used for
2737 source packages, binary packages and the
2738 <filename>.changes</filename> files which control the installation
2739 of uploaded files.
2740 <footnote>
2741 <para>
2742 <command>dpkg</command>'s internal databases are in a similar
2743 format.
2744 </para>
2745 </footnote>
2746 </para>
2748 <section id="s-controlsyntax">
2749 <title>Syntax of control files</title>
2751 <para>
2752 A control file consists of one or more paragraphs of fields.
2753 <footnote>
2754 <para>
2755 The paragraphs are also sometimes referred to as stanzas.
2756 </para>
2757 </footnote>
2758 The paragraphs are separated by empty lines. Parsers may accept
2759 lines consisting solely of spaces and tabs as paragraph
2760 separators, but control files should use empty lines. Some
2761 control files allow only one paragraph; others allow several, in
2762 which case each paragraph usually refers to a different package.
2763 (For example, in source packages, the first paragraph refers to
2764 the source package, and later paragraphs refer to binary packages
2765 generated from the source.) The ordering of the paragraphs in
2766 control files is significant.
2767 </para>
2768 <para>
2769 Each paragraph consists of a series of data fields. Each field
2770 consists of the field name followed by a colon and then the
2771 data/value associated with that field. The field name is composed
2772 of US-ASCII characters excluding control characters, space, and
2773 colon (i.e., characters in the ranges U+0021
2774 (<literal>!</literal>) through U+0039 (<literal>9</literal>), and
2775 U+003B (<literal>;</literal>) through U+007E
2776 (<literal>~</literal>), inclusive). Field names must not begin
2777 with the comment character (U+0023 <literal>#</literal>), nor with
2778 the hyphen character (U+002D <literal>-</literal>).
2779 </para>
2780 <para>
2781 The field ends at the end of the line or at the end of the last
2782 continuation line (see below). Horizontal whitespace (spaces and
2783 tabs) may occur immediately before or after the value and is
2784 ignored there; it is conventional to put a single space after the
2785 colon. For example, a field might be:
2786 </para>
2787 <programlisting>Package: libc6</programlisting>
2788 <para>
2789 the field name is <literal>Package</literal> and the field value
2790 <literal>libc6</literal>.
2791 </para>
2792 <para>
2793 Empty field values are only permitted in source package control
2794 files (<filename>debian/control</filename>). Such fields are
2795 ignored.
2796 </para>
2797 <para>
2798 A paragraph must not contain more than one instance of a
2799 particular field name.
2800 </para>
2801 <para>
2802 There are three types of fields:
2803 </para>
2804 <variablelist>
2805 <varlistentry>
2806 <term>simple</term>
2807 <listitem>
2808 <para>
2809 The field, including its value, must be a single line.
2810 Folding of the field is not permitted. This is the default
2811 field type if the definition of the field does not specify a
2812 different type.
2813 </para>
2814 </listitem>
2815 </varlistentry>
2816 <varlistentry>
2817 <term>folded</term>
2818 <listitem>
2819 <para>
2820 The value of a folded field is a logical line that may span
2821 several lines. The lines after the first are called
2822 continuation lines and must start with a space or a tab.
2823 Whitespace, including any newlines, is not significant in
2824 the field values of folded fields.
2825 <footnote>
2826 <para>
2827 This folding method is similar to RFC 5322, allowing
2828 control files that contain only one paragraph and no
2829 multiline fields to be read by parsers written for RFC
2830 5322.
2831 </para>
2832 </footnote>
2833 </para>
2834 </listitem>
2835 </varlistentry>
2836 <varlistentry>
2837 <term>multiline</term>
2838 <listitem>
2839 <para>
2840 The value of a multiline field may comprise multiple
2841 continuation lines. The first line of the value, the part
2842 on the same line as the field name, often has special
2843 significance or may have to be empty. Other lines are added
2844 following the same syntax as the continuation lines of the
2845 folded fields. Whitespace, including newlines, is
2846 significant in the values of multiline fields.
2847 </para>
2848 </listitem>
2849 </varlistentry>
2850 </variablelist>
2851 <para>
2852 Whitespace must not appear inside names (of packages,
2853 architectures, files or anything else) or version numbers, or
2854 between the characters of multi-character version relationships.
2855 </para>
2856 <para>
2857 The presence and purpose of a field, and the syntax of its value
2858 may differ between types of control files.
2859 </para>
2860 <para>
2861 Field names are not case-sensitive, but it is usual to capitalize
2862 the field names using mixed case as shown below. Field values are
2863 case-sensitive unless the description of the field says otherwise.
2864 </para>
2865 <para>
2866 Paragraph separators (empty lines), and lines consisting only of
2867 U+0020 SPACE and U+0009 TAB, are not allowed within field values
2868 or between fields. Empty lines in field values are usually
2869 escaped by representing them by a U+0020 SPACE followed by a
2870 U+002E (<literal>.</literal>).
2871 </para>
2872 <para>
2873 Lines starting with U+0023 (<literal>#</literal>), without any
2874 preceding whitespace, are comment lines that are only permitted in
2875 source package control files
2876 (<filename>debian/control</filename>). These comment lines are
2877 ignored, even between two continuation lines. They do not end
2878 logical lines.
2879 </para>
2880 <para>
2881 All control files must be encoded in UTF-8.
2882 </para>
2883 </section>
2885 <section id="s-sourcecontrolfiles">
2886 <title>
2887 Source package control files -- <filename>debian/control</filename>
2888 </title>
2890 <para>
2891 The <filename>debian/control</filename> file contains the most
2892 vital (and version-independent) information about the source
2893 package and about the binary packages it creates.
2894 </para>
2895 <para>
2896 The first paragraph of the control file contains information about
2897 the source package in general. The subsequent paragraphs each
2898 describe a binary package that the source tree builds. Each
2899 binary package built from this source package has a corresponding
2900 paragraph, except for any automatically-generated debug packages
2901 that do not require one.
2902 </para>
2903 <para>
2904 The fields in the general paragraph (the first one, for the source
2905 package) are:
2906 </para>
2907 <itemizedlist>
2908 <listitem>
2909 <para>
2910 <link linkend="s-f-Source"><literal>Source</literal></link>
2911 (mandatory)
2912 </para>
2913 </listitem>
2914 <listitem>
2915 <para>
2916 <link
2917 linkend="s-f-Maintainer"><literal>Maintainer</literal></link>
2918 (mandatory)
2919 </para>
2920 </listitem>
2921 <listitem>
2922 <para>
2923 <link linkend="s-f-Uploaders"><literal>Uploaders</literal></link>
2924 </para>
2925 </listitem>
2926 <listitem>
2927 <para>
2928 <link linkend="s-f-Section"><literal>Section</literal></link>
2929 (recommended)
2930 </para>
2931 </listitem>
2932 <listitem>
2933 <para>
2934 <link
2935 linkend="s-f-Priority"><literal>Priority</literal></link>
2936 (recommended)
2937 </para>
2938 </listitem>
2939 <listitem>
2940 <para>
2941 <link
2942 linkend="s-sourcebinarydeps"><literal>Build-Depends</literal>
2943 et al</link>
2944 </para>
2945 </listitem>
2946 <listitem>
2947 <para>
2948 <link
2949 linkend="s-f-Standards-Version"><literal>Standards-Version</literal></link>
2950 (recommended)
2951 </para>
2952 </listitem>
2953 <listitem>
2954 <para>
2955 <link
2956 linkend="s-f-Homepage"><literal>Homepage</literal></link>
2957 </para>
2958 </listitem>
2959 <listitem>
2960 <para>
2961 <link linkend="s-f-VCS-fields"><literal>Vcs-Browser</literal>,
2962 <literal>Vcs-Git</literal>, et al.</link>
2963 </para>
2964 </listitem>
2965 <listitem>
2966 <para>
2967 <link
2968 linkend="s-f-Testsuite"><literal>Testsuite</literal></link>
2969 </para>
2970 </listitem>
2971 </itemizedlist>
2972 <para>
2973 The fields in the binary package paragraphs are:
2974 </para>
2975 <itemizedlist>
2976 <listitem>
2977 <para>
2978 <link linkend="s-f-Package"><literal>Package</literal></link>
2979 (mandatory)
2980 </para>
2981 </listitem>
2982 <listitem>
2983 <para>
2984 <link
2985 linkend="s-f-Architecture"><literal>Architecture</literal></link>
2986 (mandatory)
2987 </para>
2988 </listitem>
2989 <listitem>
2990 <para>
2991 <link linkend="s-f-Section"><literal>Section</literal></link>
2992 (recommended)
2993 </para>
2994 </listitem>
2995 <listitem>
2996 <para>
2997 <link
2998 linkend="s-f-Priority"><literal>Priority</literal></link>
2999 (recommended)
3000 </para>
3001 </listitem>
3002 <listitem>
3003 <para>
3004 <link linkend="s-f-Essential"><literal>Essential</literal></link>
3005 </para>
3006 </listitem>
3007 <listitem>
3008 <para>
3009 <link linkend="s-binarydeps"><literal>Depends</literal> et al</link>
3010 </para>
3011 </listitem>
3012 <listitem>
3013 <para>
3014 <link
3015 linkend="s-f-Description"><literal>Description</literal></link>
3016 (mandatory)
3017 </para>
3018 </listitem>
3019 <listitem>
3020 <para>
3021 <link linkend="s-f-Homepage"><literal>Homepage</literal></link>
3022 </para>
3023 </listitem>
3024 <listitem>
3025 <para>
3026 <link
3027 linkend="s-built-using"><literal>Built-Using</literal></link>
3028 </para>
3029 </listitem>
3030 <listitem>
3031 <para>
3032 <link
3033 linkend="s-f-Package-Type"><literal>Package-Type</literal></link>
3034 </para>
3035 </listitem>
3036 </itemizedlist>
3037 <para>
3038 The syntax and semantics of the fields are described below.
3039 </para>
3040 <para>
3041 These fields are used by <command>dpkg-gencontrol</command> to
3042 generate control files for binary packages (see below), by
3043 <command>dpkg-genchanges</command> to generate the
3044 <filename>.changes</filename> file to accompany the upload, and by
3045 <command>dpkg-source</command> when it creates the
3046 <filename>.dsc</filename> source control file as part of a source
3047 archive. Some fields are folded in
3048 <filename>debian/control</filename>, but not in any other control
3049 file. These tools are responsible for removing the line breaks
3050 from such fields when using fields from
3051 <filename>debian/control</filename> to generate other control
3052 files. They are also responsible for discarding empty fields.
3053 </para>
3054 <para>
3055 The fields here may contain variable references - their values
3056 will be substituted by <command>dpkg-gencontrol</command>,
3057 <command>dpkg-genchanges</command> or
3058 <command>dpkg-source</command> when they generate output control
3059 files. See <xref linkend="s-substvars"/> for details.
3060 </para>
3061 </section>
3063 <section id="s-binarycontrolfiles">
3064 <title>
3065 Binary package control files -- <filename>DEBIAN/control</filename>
3066 </title>
3068 <para>
3069 The <filename>DEBIAN/control</filename> file contains the most
3070 vital (and version-dependent) information about a binary package.
3071 It consists of a single paragraph.
3072 </para>
3073 <para>
3074 The fields in this file are:
3075 </para>
3076 <itemizedlist>
3077 <listitem>
3078 <para>
3079 <link linkend="s-f-Package"><literal>Package</literal></link>
3080 (mandatory)
3081 </para>
3082 </listitem>
3083 <listitem>
3084 <para>
3085 <link linkend="s-f-Source"><literal>Source</literal></link>
3086 </para>
3087 </listitem>
3088 <listitem>
3089 <para>
3090 <link linkend="s-f-Version"><literal>Version</literal></link>
3091 (mandatory)
3092 </para>
3093 </listitem>
3094 <listitem>
3095 <para>
3096 <link linkend="s-f-Section"><literal>Section</literal></link>
3097 (recommended)
3098 </para>
3099 </listitem>
3100 <listitem>
3101 <para>
3102 <link
3103 linkend="s-f-Priority"><literal>Priority</literal></link>
3104 (recommended)
3105 </para>
3106 </listitem>
3107 <listitem>
3108 <para>
3109 <link
3110 linkend="s-f-Architecture"><literal>Architecture</literal></link>
3111 (mandatory)
3112 </para>
3113 </listitem>
3114 <listitem>
3115 <para>
3116 <link
3117 linkend="s-f-Essential"><literal>Essential</literal></link>
3118 </para>
3119 </listitem>
3120 <listitem>
3121 <para>
3122 <link linkend="s-binarydeps"><literal>Depends</literal> et
3123 al</link>
3124 </para>
3125 </listitem>
3126 <listitem>
3127 <para>
3128 <link
3129 linkend="s-f-Installed-Size"><literal>Installed-Size</literal></link>
3130 </para>
3131 </listitem>
3132 <listitem>
3133 <para>
3134 <link
3135 linkend="s-f-Maintainer"><literal>Maintainer</literal></link>
3136 (mandatory)
3137 </para>
3138 </listitem>
3139 <listitem>
3140 <para>
3141 <link
3142 linkend="s-f-Description"><literal>Description</literal></link>
3143 (mandatory)
3144 </para>
3145 </listitem>
3146 <listitem>
3147 <para>
3148 <link linkend="s-f-Homepage"><literal>Homepage</literal></link>
3149 </para>
3150 </listitem>
3151 <listitem>
3152 <para>
3153 <link linkend="s-built-using"><literal>Built-Using</literal></link>
3154 </para>
3155 </listitem>
3156 </itemizedlist>
3157 </section>
3159 <section id="s-debiansourcecontrolfiles">
3160 <title>Debian source control files -- <literal>.dsc</literal></title>
3162 <para>
3163 This file consists of a single paragraph, possibly surrounded by a
3164 PGP signature. The fields of that paragraph are listed below.
3165 Their syntax is described above, in <xref
3166 linkend="s-controlsyntax"/>.
3167 </para>
3168 <itemizedlist>
3169 <listitem>
3170 <para>
3171 <link linkend="s-f-Format"><literal>Format</literal></link>
3172 (mandatory)
3173 </para>
3174 </listitem>
3175 <listitem>
3176 <para>
3177 <link linkend="s-f-Source"><literal>Source</literal></link>
3178 (mandatory)
3179 </para>
3180 </listitem>
3181 <listitem>
3182 <para>
3183 <link linkend="s-f-Binary"><literal>Binary</literal></link>
3184 </para>
3185 </listitem>
3186 <listitem>
3187 <para>
3188 <link
3189 linkend="s-f-Architecture"><literal>Architecture</literal></link>
3190 </para>
3191 </listitem>
3192 <listitem>
3193 <para>
3194 <link linkend="s-f-Version"><literal>Version</literal></link>
3195 (mandatory)
3196 </para>
3197 </listitem>
3198 <listitem>
3199 <para>
3200 <link
3201 linkend="s-f-Maintainer"><literal>Maintainer</literal></link>
3202 (mandatory)
3203 </para>
3204 </listitem>
3205 <listitem>
3206 <para>
3207 <link linkend="s-f-Uploaders"><literal>Uploaders</literal></link>
3208 </para>
3209 </listitem>
3210 <listitem>
3211 <para>
3212 <link linkend="s-f-Homepage"><literal>Homepage</literal></link>
3213 </para>
3214 </listitem>
3215 <listitem>
3216 <para>
3217 <link linkend="s-f-VCS-fields"><literal>Vcs-Browser</literal>,
3218 <literal>Vcs-Git</literal>, et al.</link>
3219 </para>
3220 </listitem>
3221 <listitem>
3222 <para>
3223 <link linkend="s-f-Testsuite"><literal>Testsuite</literal></link>
3224 </para>
3225 </listitem>
3226 <listitem>
3227 <para>
3228 <link linkend="s-f-Dgit"><literal>Dgit</literal></link>
3229 </para>
3230 </listitem>
3231 <listitem>
3232 <para>
3233 <link
3234 linkend="s-f-Standards-Version"><literal>Standards-Version</literal></link>
3235 (recommended)
3236 </para>
3237 </listitem>
3238 <listitem>
3239 <para>
3240 <link
3241 linkend="s-sourcebinarydeps"><literal>Build-Depends</literal>
3242 et al</link>
3243 </para>
3244 </listitem>
3245 <listitem>
3246 <para>
3247 <link
3248 linkend="s-f-Package-List"><literal>Package-List</literal></link>
3249 (recommended)
3250 </para>
3251 </listitem>
3252 <listitem>
3253 <para>
3254 <link
3255 linkend="s-f-Checksums"><literal>Checksums-Sha1</literal> and
3256 <literal>Checksums-Sha256</literal></link> (mandatory)
3257 </para>
3258 </listitem>
3259 <listitem>
3260 <para>
3261 <link linkend="s-f-Files"><literal>Files</literal></link>
3262 (mandatory)
3263 </para>
3264 </listitem>
3265 </itemizedlist>
3266 <para>
3267 The Debian source control file is generated by
3268 <command>dpkg-source</command> when it builds the source archive,
3269 from other files in the source package, described above. When
3270 unpacking, it is checked against the files and directories in the
3271 other parts of the source package.
3272 </para>
3273 </section>
3275 <section id="s-debianchangesfiles">
3276 <title>Debian changes files -- <filename>.changes</filename></title>
3278 <para>
3279 The <filename>.changes</filename> files are used by the Debian
3280 archive maintenance software to process updates to packages. They
3281 consist of a single paragraph, possibly surrounded by a PGP
3282 signature. That paragraph contains information from the
3283 <filename>debian/control</filename> file and other data about the
3284 source package gathered via <filename>debian/changelog</filename>
3285 and <filename>debian/rules</filename>.
3286 </para>
3287 <para>
3288 <filename>.changes</filename> files have a format version that is
3289 incremented whenever the documented fields or their meaning
3290 change. This document describes format &changesversion;.
3291 </para>
3292 <para>
3293 The fields in this file are:
3294 </para>
3295 <itemizedlist>
3296 <listitem>
3297 <para>
3298 <link linkend="s-f-Format"><literal>Format</literal></link>
3299 (mandatory)
3300 </para>
3301 </listitem>
3302 <listitem>
3303 <para>
3304 <link linkend="s-f-Date"><literal>Date</literal></link>
3305 (mandatory)
3306 </para>
3307 </listitem>
3308 <listitem>
3309 <para>
3310 <link linkend="s-f-Source"><literal>Source</literal></link>
3311 (mandatory)
3312 </para>
3313 </listitem>
3314 <listitem>
3315 <para>
3316 <link linkend="s-f-Binary"><literal>Binary</literal></link>
3317 (mandatory)
3318 </para>
3319 </listitem>
3320 <listitem>
3321 <para>
3322 <link
3323 linkend="s-f-Architecture"><literal>Architecture</literal></link>
3324 (mandatory)
3325 </para>
3326 </listitem>
3327 <listitem>
3328 <para>
3329 <link linkend="s-f-Version"><literal>Version</literal></link>
3330 (mandatory)
3331 </para>
3332 </listitem>
3333 <listitem>
3334 <para>
3335 <link
3336 linkend="s-f-Distribution"><literal>Distribution</literal></link>
3337 (mandatory)
3338 </para>
3339 </listitem>
3340 <listitem>
3341 <para>
3342 <link linkend="s-f-Urgency"><literal>Urgency</literal></link>
3343 (recommended)
3344 </para>
3345 </listitem>
3346 <listitem>
3347 <para>
3348 <link
3349 linkend="s-f-Maintainer"><literal>Maintainer</literal></link>
3350 (mandatory)
3351 </para>
3352 </listitem>
3353 <listitem>
3354 <para>
3355 <link
3356 linkend="s-f-Changed-By"><literal>Changed-By</literal></link>
3357 </para>
3358 </listitem>
3359 <listitem>
3360 <para>
3361 <link
3362 linkend="s-f-Description"><literal>Description</literal></link>
3363 (mandatory)
3364 </para>
3365 </listitem>
3366 <listitem>
3367 <para>
3368 <link linkend="s-f-Closes"><literal>Closes</literal></link>
3369 </para>
3370 </listitem>
3371 <listitem>
3372 <para>
3373 <link linkend="s-f-Changes"><literal>Changes</literal></link>
3374 (mandatory)
3375 </para>
3376 </listitem>
3377 <listitem>
3378 <para>
3379 <link
3380 linkend="s-f-Checksums"><literal>Checksums-Sha1</literal> and
3381 <literal>Checksums-Sha256</literal></link> (mandatory)
3382 </para>
3383 </listitem>
3384 <listitem>
3385 <para>
3386 <link linkend="s-f-Files"><literal>Files</literal></link>
3387 (mandatory)
3388 </para>
3389 </listitem>
3390 </itemizedlist>
3391 </section>
3393 <section id="s-controlfieldslist">
3394 <title>List of fields</title>
3396 <section id="s-f-Source">
3397 <title><literal>Source</literal></title>
3399 <para>
3400 This field identifies the source package name.
3401 </para>
3402 <para>
3403 In <filename>debian/control</filename> or a
3404 <filename>.dsc</filename> file, this field must contain only the
3405 name of the source package.
3406 </para>
3407 <para>
3408 In a binary package control file or a
3409 <filename>.changes</filename> file, the source package name may
3410 be followed by a version number in parentheses.
3411 <footnote>
3412 <para>
3413 It is customary to leave a space after the package name if a
3414 version number is specified.
3415 </para>
3416 </footnote>
3417 This version number may be omitted (and is, by
3418 <command>dpkg-gencontrol</command>) if it has the same value as
3419 the <literal>Version</literal> field of the binary package in
3420 question. The field itself may be omitted from a binary package
3421 control file when the source package has the same name and
3422 version as the binary package.
3423 </para>
3424 <para>
3425 Package names (both source and binary, see <xref
3426 linkend="s-f-Package"/>) must consist only of lower case letters
3427 (<literal>a-z</literal>), digits (<literal>0-9</literal>), plus
3428 (<literal>+</literal>) and minus (<literal>-</literal>) signs,
3429 and periods (<literal>.</literal>). They must be at least two
3430 characters long and must start with an alphanumeric character.
3431 </para>
3432 </section>
3434 <section id="s-f-Maintainer">
3435 <title><literal>Maintainer</literal></title>
3437 <para>
3438 The package maintainer's name and email address. The name must
3439 come first, then the email address inside angle brackets
3440 <literal><></literal> (in RFC822 format).
3441 </para>
3442 <para>
3443 If the maintainer's name contains a full stop then the whole
3444 field will not work directly as an email address due to a
3445 misfeature in the syntax specified in RFC822; a program using
3446 this field as an address must check for this and correct the
3447 problem if necessary (for example by putting the name in round
3448 brackets and moving it to the end, and bringing the email
3449 address forward).
3450 </para>
3451 <para>
3452 See <xref linkend="s-maintainer"/> for additional requirements
3453 and information about package maintainers.
3454 </para>
3455 </section>
3457 <section id="s-f-Uploaders">
3458 <title><literal>Uploaders</literal></title>
3460 <para>
3461 List of the names and email addresses of co-maintainers of the
3462 package, if any. If the package has other maintainers besides
3463 the one named in the <link linkend="s-f-Maintainer">Maintainer
3464 field</link>, their names and email addresses should be listed
3465 here. The format of each entry is the same as that of the
3466 Maintainer field, and multiple entries must be comma separated.
3467 </para>
3468 <para>
3469 This is normally an optional field, but if the
3470 <literal>Maintainer</literal> control field names a group of
3471 people and a shared email address, the
3472 <literal>Uploaders</literal> field must be present and must
3473 contain at least one human with their personal email address.
3474 </para>
3475 <para>
3476 The Uploaders field in <filename>debian/control</filename> can
3477 be folded.
3478 </para>
3479 </section>
3481 <section id="s-f-Changed-By">
3482 <title><literal>Changed-By</literal></title>
3484 <para>
3485 The name and email address of the person who prepared this
3486 version of the package, usually a maintainer. The syntax is the
3487 same as for the <link linkend="s-f-Maintainer">Maintainer
3488 field</link>.
3489 </para>
3490 </section>
3492 <section id="s-f-Section">
3493 <title><literal>Section</literal></title>
3495 <para>
3496 This field specifies an application area into which the package
3497 has been classified. See <xref linkend="s-subsections"/>.
3498 </para>
3499 <para>
3500 When it appears in the <filename>debian/control</filename> file,
3501 it gives the value for the subfield of the same name in the
3502 <literal>Files</literal> field of the
3503 <filename>.changes</filename> file. It also gives the default
3504 for the same field in the binary packages.
3505 </para>
3506 </section>
3508 <section id="s-f-Priority">
3509 <title><literal>Priority</literal></title>
3511 <para>
3512 This field represents how important it is that the user have the
3513 package installed. See <xref linkend="s-priorities"/>.
3514 </para>
3515 <para>
3516 When it appears in the <filename>debian/control</filename> file,
3517 it gives the value for the subfield of the same name in the
3518 <literal>Files</literal> field of the
3519 <filename>.changes</filename> file. It also gives the default
3520 for the same field in the binary packages.
3521 </para>
3522 </section>
3524 <section id="s-f-Package">
3525 <title><literal>Package</literal></title>
3527 <para>
3528 The name of the binary package.
3529 </para>
3530 <para>
3531 Binary package names must follow the same syntax and
3532 restrictions as source package names. See <xref
3533 linkend="s-f-Source"/> for the details.
3534 </para>
3535 </section>
3537 <section id="s-f-Architecture">
3538 <title><literal>Architecture</literal></title>
3540 <para>
3541 Depending on context and the control file used, the
3542 <literal>Architecture</literal> field can include the following
3543 sets of values:
3544 </para>
3545 <itemizedlist>
3546 <listitem>
3547 <para>
3548 A unique single word identifying a Debian machine
3549 architecture as described in <xref linkend="s-arch-spec"/>.
3550 </para>
3551 </listitem>
3552 <listitem>
3553 <para>
3554 An architecture wildcard identifying a set of Debian machine
3555 architectures, see <xref linkend="s-arch-wildcard-spec"/>.
3556 <literal>any</literal> matches all Debian machine
3557 architectures and is the most frequently used.
3558 </para>
3559 </listitem>
3560 <listitem>
3561 <para>
3562 <literal>all</literal>, which indicates an
3563 architecture-independent package.
3564 </para>
3565 </listitem>
3566 <listitem>
3567 <para>
3568 <literal>source</literal>, which indicates a source package.
3569 </para>
3570 </listitem>
3571 </itemizedlist>
3572 <para>
3573 In the main <filename>debian/control</filename> file in the
3574 source package, this field may contain the special value
3575 <literal>all</literal>, the special architecture wildcard
3576 <literal>any</literal>, or a list of specific and wildcard
3577 architectures separated by spaces. If <literal>all</literal> or
3578 <literal>any</literal> appears, that value must be the entire
3579 contents of the field. Most packages will use either
3580 <literal>all</literal> or <literal>any</literal>.
3581 </para>
3582 <para>
3583 Specifying a specific list of architectures indicates that the
3584 source will build an architecture-dependent package only on
3585 architectures included in the list. Specifying a list of
3586 architecture wildcards indicates that the source will build an
3587 architecture-dependent package on only those architectures that
3588 match any of the specified architecture wildcards. Specifying a
3589 list of architectures or architecture wildcards other than
3590 <literal>any</literal> is for the minority of cases where a
3591 program is not portable or is not useful on some architectures.
3592 Where possible, the program should be made portable instead.
3593 </para>
3594 <para>
3595 In the Debian source control file <filename>.dsc</filename>,
3596 this field contains a list of architectures and architecture
3597 wildcards separated by spaces. When the list contains the
3598 architecture wildcard <literal>any</literal>, the only other
3599 value allowed in the list is <literal>all</literal>.
3600 </para>
3601 <para>
3602 The list may include (or consist solely of) the special value
3603 <literal>all</literal>. In other words, in
3604 <filename>.dsc</filename> files unlike the
3605 <filename>debian/control</filename>, <literal>all</literal> may
3606 occur in combination with specific architectures. The
3607 <literal>Architecture</literal> field in the Debian source
3608 control file <filename>.dsc</filename> is generally constructed
3609 from the <literal>Architecture</literal> fields in the
3610 <filename>debian/control</filename> in the source package.
3611 </para>
3612 <para>
3613 Specifying only <literal>any</literal> indicates that the source
3614 package isn't dependent on any particular architecture and
3615 should compile fine on any one. The produced binary package(s)
3616 will be specific to whatever the current build architecture is.
3617 </para>
3618 <para>
3619 Specifying only <literal>all</literal> indicates that the source
3620 package will only build architecture-independent packages.
3621 </para>
3622 <para>
3623 Specifying <literal>any all</literal> indicates that the source
3624 package isn't dependent on any particular architecture. The set
3625 of produced binary packages will include at least one
3626 architecture-dependent package and one architecture-independent
3627 package.
3628 </para>
3629 <para>
3630 Specifying a list of architectures or architecture wildcards
3631 indicates that the source will build an architecture-dependent
3632 package, and will only work correctly on the listed or matching
3633 architectures. If the source package also builds at least one
3634 architecture-independent package, <literal>all</literal> will
3635 also be included in the list.
3636 </para>
3637 <para>
3638 In a <filename>.changes</filename> file, the
3639 <literal>Architecture</literal> field lists the architecture(s)
3640 of the package(s) currently being uploaded. This will be a
3641 list; if the source for the package is also being uploaded, the
3642 special entry <literal>source</literal> is also present.
3643 <literal>all</literal> will be present if any
3644 architecture-independent packages are being uploaded.
3645 Architecture wildcards such as <literal>any</literal> must never
3646 occur in the <literal>Architecture</literal> field in the
3647 <filename>.changes</filename> file.
3648 </para>
3649 <para>
3650 See <xref linkend="s-debianrules"/> for information on how to
3651 get the architecture for the build process.
3652 </para>
3653 </section>
3655 <section id="s-f-Essential">
3656 <title><literal>Essential</literal></title>
3658 <para>
3659 This is a boolean field which may occur only in the control file
3660 of a binary package or in a per-package fields paragraph of a
3661 source package control file.
3662 </para>
3663 <para>
3664 If set to <literal>yes</literal> then the package management
3665 system will refuse to remove the package (upgrading and
3666 replacing it is still possible). The other possible value is
3667 <literal>no</literal>, which is the same as not having the field
3668 at all.
3669 </para>
3670 </section>
3672 <section id="s5.6.10">
3673 <title>
3674 Package interrelationship fields: <literal>Depends</literal>,
3675 <literal>Pre-Depends</literal>, <literal>Recommends</literal>,
3676 <literal>Suggests</literal>, <literal>Breaks</literal>,
3677 <literal>Conflicts</literal>, <literal>Provides</literal>,
3678 <literal>Replaces</literal>, <literal>Enhances</literal>
3679 </title>
3681 <para>
3682 These fields describe the package's relationships with other
3683 packages. Their syntax and semantics are described in <xref
3684 linkend="ch-relationships"/>.
3685 </para>
3686 </section>
3688 <section id="s-f-Standards-Version">
3689 <title><literal>Standards-Version</literal></title>
3691 <para>
3692 The most recent version of the standards (the policy manual and
3693 associated texts) with which the package complies.
3694 </para>
3695 <para>
3696 The version number has four components: major and minor version
3697 number and major and minor patch level. When the standards
3698 change in a way that requires every package to change the major
3699 number will be changed. Significant changes that will require
3700 work in many packages will be signaled by a change to the minor
3701 number. The major patch level will be changed for any change to
3702 the meaning of the standards, however small; the minor patch
3703 level will be changed when only cosmetic, typographical or other
3704 edits are made which neither change the meaning of the document
3705 nor affect the contents of packages.
3706 </para>
3707 <para>
3708 Thus only the first three components of the policy version are
3709 significant in the <emphasis>Standards-Version</emphasis>
3710 control field, and so either these three components or all four
3711 components may be specified.<footnote><para> In the past, people
3712 specified the full version number in the Standards-Version
3713 field, for example "2.3.0.0". Since minor patch-level changes
3714 don't introduce new policy, it was thought it would be better to
3715 relax policy and only require the first 3 components to be
3716 specified, in this example "2.3.0". All four components may
3717 still be used if someone wishes to do so. </para> </footnote>
3718 </para>
3719 </section>
3721 <section id="s-f-Version">
3722 <title><literal>Version</literal></title>
3724 <para>
3725 The version number of a package. The format is:
3726 [<replaceable>epoch</replaceable><literal>:</literal>]<replaceable>upstream_version</replaceable>[<literal>-</literal><replaceable>debian_revision</replaceable>]
3727 </para>
3728 <para>
3729 The three components here are:
3730 </para>
3731 <variablelist>
3732 <varlistentry>
3733 <term><replaceable>epoch</replaceable></term>
3734 <listitem>
3735 <para>
3736 This is a single (generally small) unsigned integer. It
3737 may be omitted, in which case zero is assumed. If it is
3738 omitted then the
3739 <replaceable>upstream_version</replaceable> may not
3740 contain any colons.
3741 </para>
3742 <para>
3743 It is provided to allow mistakes in the version numbers of
3744 older versions of a package, and also a package's previous
3745 version numbering schemes, to be left behind.
3746 </para>
3747 </listitem>
3748 </varlistentry>
3749 <varlistentry>
3750 <term><replaceable>upstream_version</replaceable></term>
3751 <listitem>
3752 <para>
3753 This is the main part of the version number. It is
3754 usually the version number of the original ("upstream")
3755 package from which the <filename>.deb</filename> file has
3756 been made, if this is applicable. Usually this will be in
3757 the same format as that specified by the upstream
3758 author(s); however, it may need to be reformatted to fit
3759 into the package management system's format and comparison
3760 scheme.
3761 </para>
3762 <para>
3763 The comparison behavior of the package management system
3764 with respect to the
3765 <replaceable>upstream_version</replaceable> is described
3766 below. The <replaceable>upstream_version</replaceable>
3767 portion of the version number is mandatory.
3768 </para>
3769 <para>
3770 The <replaceable>upstream_version</replaceable> may
3771 contain only alphanumerics
3772 <footnote>
3773 <para>
3774 Alphanumerics are <literal>A-Za-z0-9</literal> only.
3775 </para>
3776 </footnote>
3777 and the characters <literal>.</literal>
3778 <literal>+</literal> <literal>-</literal>
3779 <literal>~</literal> (full stop, plus, hyphen, tilde) and
3780 should start with a digit. If there is no
3781 <replaceable>debian_revision</replaceable> then hyphens
3782 are not allowed.
3783 </para>
3784 </listitem>
3785 </varlistentry>
3786 <varlistentry>
3787 <term><replaceable>debian_revision</replaceable></term>
3788 <listitem>
3789 <para>
3790 This part of the version number specifies the version of
3791 the Debian package based on the upstream version. It may
3792 contain only alphanumerics and the characters
3793 <literal>+</literal> <literal>.</literal>
3794 <literal>~</literal> (plus, full stop, tilde) and is
3795 compared in the same way as the
3796 <replaceable>upstream_version</replaceable> is.
3797 </para>
3798 <para>
3799 It is optional; if it isn't present then the
3800 <replaceable>upstream_version</replaceable> may not
3801 contain a hyphen. This format represents the case where a
3802 piece of software was written specifically to be a Debian
3803 package, where the Debian package source must always be
3804 identical to the pristine source and therefore no revision
3805 indication is required.
3806 </para>
3807 <para>
3808 It is conventional to restart the
3809 <replaceable>debian_revision</replaceable> at
3810 <literal>1</literal> each time the
3811 <replaceable>upstream_version</replaceable> is increased.
3812 </para>
3813 <para>
3814 The package management system will break the version
3815 number apart at the last hyphen in the string (if there is
3816 one) to determine the
3817 <replaceable>upstream_version</replaceable> and
3818 <replaceable>debian_revision</replaceable>. The absence
3819 of a <replaceable>debian_revision</replaceable> is
3820 equivalent to a <replaceable>debian_revision</replaceable>
3821 of <literal>0</literal>.
3822 </para>
3823 </listitem>
3824 </varlistentry>
3825 </variablelist>
3826 <para>
3827 When comparing two version numbers, first the
3828 <replaceable>epoch</replaceable> of each are compared, then the
3829 <replaceable>upstream_version</replaceable> if
3830 <replaceable>epoch</replaceable> is equal, and then
3831 <replaceable>debian_revision</replaceable> if
3832 <replaceable>upstream_version</replaceable> is also equal.
3833 <replaceable>epoch</replaceable> is compared numerically. The
3834 <replaceable>upstream_version</replaceable> and
3835 <replaceable>debian_revision</replaceable> parts are compared by
3836 the package management system using the following algorithm:
3837 </para>
3838 <para>
3839 The strings are compared from left to right.
3840 </para>
3841 <para>
3842 First the initial part of each string consisting entirely of
3843 non-digit characters is determined. These two parts (one of
3844 which may be empty) are compared lexically. If a difference is
3845 found it is returned. The lexical comparison is a comparison of
3846 ASCII values modified so that all the letters sort earlier than
3847 all the non-letters and so that a tilde sorts before anything,
3848 even the end of a part. For example, the following parts are in
3849 sorted order from earliest to latest: <literal>~~</literal>,
3850 <literal>~~a</literal>, <literal>~</literal>, the empty part,
3851 <literal>a</literal>.<footnote><para> One common use of
3852 <literal>~</literal> is for upstream pre-releases. For example,
3853 <literal>1.0~beta1~svn1245</literal> sorts earlier than
3854 <literal>1.0~beta1</literal>, which sorts earlier than
3855 <literal>1.0</literal>. </para> </footnote>
3856 </para>
3857 <para>
3858 Then the initial part of the remainder of each string which
3859 consists entirely of digit characters is determined. The
3860 numerical values of these two parts are compared, and any
3861 difference found is returned as the result of the comparison.
3862 For these purposes an empty string (which can only occur at the
3863 end of one or both version strings being compared) counts as
3864 zero.
3865 </para>
3866 <para>
3867 These two steps (comparing and removing initial non-digit
3868 strings and initial digit strings) are repeated until a
3869 difference is found or both strings are exhausted.
3870 </para>
3871 <para>
3872 Note that the purpose of epochs is to allow us to leave behind
3873 mistakes in version numbering, and to cope with situations where
3874 the version numbering scheme changes. It is
3875 <emphasis>not</emphasis> intended to cope with version numbers
3876 containing strings of letters which the package management
3877 system cannot interpret (such as <literal>ALPHA</literal> or
3878 <literal>pre-</literal>), or with silly
3879 orderings.
3880 <footnote>
3881 <para>
3882 The author of this manual has heard of a package whose
3883 versions went <literal>1.1</literal>,
3884 <literal>1.2</literal>, <literal>1.3</literal>,
3885 <literal>1</literal>, <literal>2.1</literal>,
3886 <literal>2.2</literal>, <literal>2</literal> and so forth.
3887 </para>
3888 </footnote>
3889 </para>
3890 </section>
3892 <section id="s-f-Description">
3893 <title><literal>Description</literal></title>
3895 <para>
3896 In a source or binary control file, the
3897 <literal>Description</literal> field contains a description of
3898 the binary package, consisting of two parts, the synopsis or the
3899 short description, and the long description. It is a multiline
3900 field with the following format:
3901 </para>
3902 <programlisting>
3903 Description: <replaceable>single line synopsis</replaceable>
3904 <replaceable>extended description over several lines</replaceable></programlisting>
3905 <para>
3906 The lines in the extended description can have these formats:
3907 </para>
3908 <itemizedlist>
3909 <listitem>
3910 <para>
3911 Those starting with a single space are part of a paragraph.
3912 Successive lines of this form will be word-wrapped when
3913 displayed. The leading space will usually be stripped off.
3914 The line must contain at least one non-whitespace character.
3915 </para>
3916 </listitem>
3917 <listitem>
3918 <para>
3919 Those starting with two or more spaces. These will be
3920 displayed verbatim. If the display cannot be panned
3921 horizontally, the displaying program will line wrap them
3922 "hard" (i.e., without taking account of word breaks). If it
3923 can they will be allowed to trail off to the right. None,
3924 one or two initial spaces may be deleted, but the number of
3925 spaces deleted from each line will be the same (so that you
3926 can have indenting work correctly, for example). The line
3927 must contain at least one non-whitespace character.
3928 </para>
3929 </listitem>
3930 <listitem>
3931 <para>
3932 Those containing a single space followed by a single full
3933 stop character. These are rendered as blank lines. This is
3934 the <emphasis>only</emphasis> way to get a blank
3935 line.
3936 <footnote>
3937 <para>
3938 Completely empty lines will not be rendered as blank
3939 lines. Instead, they will cause the parser to think
3940 you're starting a whole new record in the control file,
3941 and will therefore likely abort with an error.
3942 </para>
3943 </footnote>
3944 </para>
3945 </listitem>
3946 <listitem>
3947 <para>
3948 Those containing a space, a full stop and some more
3949 characters. These are for future expansion. Do not use
3950 them.
3951 </para>
3952 </listitem>
3953 </itemizedlist>
3954 <para>
3955 Do not use tab characters. Their effect is not predictable.
3956 </para>
3957 <para>
3958 See <xref linkend="s-descriptions"/> for further information on
3959 this.
3960 </para>
3961 <para>
3962 In a <filename>.changes</filename> file, the
3963 <literal>Description</literal> field contains a summary of the
3964 descriptions for the packages being uploaded. For this case,
3965 the first line of the field value (the part on the same line as
3966 <literal>Description:</literal>) is always empty. It is a
3967 multiline field, with one line per package. Each line is
3968 indented by one space and contains the name of a binary package,
3969 a space, a hyphen (<literal>-</literal>), a space, and the short
3970 description line from that package.
3971 </para>
3972 </section>
3974 <section id="s-f-Distribution">
3975 <title><literal>Distribution</literal></title>
3977 <para>
3978 In a <filename>.changes</filename> file or parsed changelog
3979 output this contains the (space-separated) name(s) of the
3980 distribution(s) where this version of the package should be
3981 installed. Valid distributions are determined by the archive
3982 maintainers.
3983 <footnote>
3984 <para>
3985 Example distribution names in the
3986 Debian archive used in <filename>.changes</filename> files are:
3987 </para>
3988 <variablelist>
3989 <varlistentry>
3990 <term><emphasis>unstable</emphasis></term>
3991 <listitem>
3992 <para>
3993 This distribution value refers to the
3994 <emphasis>developmental</emphasis> part of the Debian
3995 distribution tree. Most new packages, new upstream
3996 versions of packages and bug fixes go into the
3997 <emphasis>unstable</emphasis> directory tree.
3998 </para>
3999 </listitem>
4000 </varlistentry>
4001 <varlistentry>
4002 <term><emphasis>experimental</emphasis></term>
4003 <listitem>
4004 <para>
4005 The packages with this distribution value are deemed
4006 by their maintainers to be high risk. Oftentimes they
4007 represent early beta or developmental packages from
4008 various sources that the maintainers want people to
4009 try, but are not ready to be a part of the other parts
4010 of the Debian distribution tree.
4011 </para>
4012 </listitem>
4013 </varlistentry>
4014 </variablelist>
4015 <para>
4016 Others are used for updating stable releases or for security
4017 uploads. More information is available in the Debian
4018 Developer's Reference, section "The Debian archive".
4019 </para>
4020 </footnote>
4021 The Debian archive software only supports listing a single
4022 distribution. Migration of packages to other distributions is
4023 handled outside of the upload process.
4024 </para>
4025 </section>
4027 <section id="s-f-Date">
4028 <title><literal>Date</literal></title>
4030 <para>
4031 This field includes the date the package was built or last
4032 edited. It must be in the same format as the
4033 <replaceable>date</replaceable> in a
4034 <filename>debian/changelog</filename> entry.
4035 </para>
4036 <para>
4037 The value of this field is usually extracted from the
4038 <filename>debian/changelog</filename> file - see <xref
4039 linkend="s-dpkgchangelog"/>).
4040 </para>
4041 </section>
4043 <section id="s-f-Format">
4044 <title><literal>Format</literal></title>
4046 <para>
4047 In <link
4048 linkend="s-debianchangesfiles"><filename>.changes</filename></link>
4049 files, this field declares the format version of that file. The
4050 syntax of the field value is the same as that of a <link
4051 linkend="s-f-Version">package version number</link> except that
4052 no epoch or Debian revision is allowed. The format described in
4053 this document is <literal>&changesversion;</literal>.
4054 </para>
4055 <para>
4056 In <link
4057 linkend="s-debiansourcecontrolfiles"><filename>.dsc</filename>
4058 Debian source control</link> files, this field declares the
4059 format of the source package. The field value is used by
4060 programs acting on a source package to interpret the list of
4061 files in the source package and determine how to unpack it. The
4062 syntax of the field value is a numeric major revision, a period,
4063 a numeric minor revision, and then an optional subtype after
4064 whitespace, which if specified is an alphanumeric word in
4065 parentheses. The subtype is optional in the syntax but may be
4066 mandatory for particular source format revisions.
4067 <footnote>
4068 <para>
4069 The source formats currently supported by the Debian archive
4070 software are <literal>1.0</literal>, <literal>3.0
4071 (native)</literal>, and <literal>3.0 (quilt)</literal>.
4072 </para>
4073 </footnote>
4074 </para>
4075 </section>
4077 <section id="s-f-Urgency">
4078 <title><literal>Urgency</literal></title>
4080 <para>
4081 This is a description of how important it is to upgrade to this
4082 version from previous ones. It consists of a single keyword
4083 taking one of the values <literal>low</literal>,
4084 <literal>medium</literal>, <literal>high</literal>,
4085 <literal>emergency</literal>, or
4086 <literal>critical</literal>
4087 <footnote>
4088 <para>
4089 Other urgency values are supported with configuration
4090 changes in the archive software but are not used in Debian.
4091 The urgency affects how quickly a package will be considered
4092 for inclusion into the <literal>testing</literal>
4093 distribution and gives an indication of the importance of
4094 any fixes included in the upload.
4095 <literal>Emergency</literal> and <literal>critical</literal>
4096 are treated as synonymous.
4097 </para>
4098 </footnote>
4099 (not case-sensitive) followed by an optional commentary
4100 (separated by a space) which is usually in parentheses. For
4101 example:
4102 </para>
4103 <programlisting>
4104 Urgency: low (HIGH for users of diversions)</programlisting>
4105 <para>
4106 The value of this field is usually extracted from the
4107 <filename>debian/changelog</filename> file - see <xref
4108 linkend="s-dpkgchangelog"/>.
4109 </para>
4110 </section>
4112 <section id="s-f-Changes">
4113 <title><literal>Changes</literal></title>
4115 <para>
4116 This multiline field contains the human-readable changes data,
4117 describing the differences between the last version and the
4118 current one.
4119 </para>
4120 <para>
4121 The first line of the field value (the part on the same line as
4122 <literal>Changes:</literal>) is always empty. The content of
4123 the field is expressed as continuation lines, with each line
4124 indented by at least one space. Blank lines must be represented
4125 by a line consisting only of a space and a full stop
4126 (<literal>.</literal>).
4127 </para>
4128 <para>
4129 The value of this field is usually extracted from the
4130 <filename>debian/changelog</filename> file - see <xref
4131 linkend="s-dpkgchangelog"/>).
4132 </para>
4133 <para>
4134 Each version's change information should be preceded by a
4135 "title" line giving at least the version, distribution(s) and
4136 urgency, in a human-readable way.
4137 </para>
4138 <para>
4139 If data from several versions is being returned the entry for
4140 the most recent version should be returned first, and entries
4141 should be separated by the representation of a blank line (the
4142 "title" line may also be followed by the representation of a
4143 blank line).
4144 </para>
4145 </section>
4147 <section id="s-f-Binary">
4148 <title><literal>Binary</literal></title>
4150 <para>
4151 This folded field is a list of binary packages. Its syntax and
4152 meaning varies depending on the control file in which it
4153 appears.
4154 </para>
4155 <para>
4156 When it appears in the <filename>.dsc</filename> file, it lists
4157 binary packages which a source package can produce, separated by
4158 commas<footnote><para> A space after each comma is conventional.
4159 </para> </footnote>. The source package does not necessarily
4160 produce all of these binary packages for every architecture.
4161 The source control file doesn't contain details of which
4162 architectures are appropriate for which of the binary packages.
4163 </para>
4164 <para>
4165 When it appears in a <filename>.changes</filename> file, it
4166 lists the names of the binary packages being uploaded, separated
4167 by whitespace (not commas).
4168 </para>
4169 </section>
4171 <section id="s-f-Installed-Size">
4172 <title><literal>Installed-Size</literal></title>
4174 <para>
4175 This field appears in the control files of binary packages, and
4176 in the <filename>Packages</filename> files. It gives an
4177 estimate of the total amount of disk space required to install
4178 the named package. Actual installed size may vary based on
4179 block size, file system properties, or actions taken by package
4180 maintainer scripts.
4181 </para>
4182 <para>
4183 The disk space is given as the integer value of the estimated
4184 installed size in bytes, divided by 1024 and rounded up.
4185 </para>
4186 </section>
4188 <section id="s-f-Files">
4189 <title><literal>Files</literal></title>
4191 <para>
4192 This field contains a list of files with information about each
4193 one. The exact information and syntax varies with the context.
4194 </para>
4195 <para>
4196 In all cases, Files is a multiline field. The first line of the
4197 field value (the part on the same line as
4198 <literal>Files:</literal>) is always empty. The content of the
4199 field is expressed as continuation lines, one line per file.
4200 Each line must be indented by one space and contain a number of
4201 sub-fields, separated by spaces, as described below.
4202 </para>
4203 <para>
4204 In the <filename>.dsc</filename> file, each line contains the
4205 MD5 checksum, size and filename of the tar file and (if
4206 applicable) diff file which make up the remainder of the source
4207 package.
4208 <footnote>
4209 <para>
4210 That is, the parts which are not the
4211 <literal>.dsc</literal>.
4212 </para>
4213 </footnote>
4214 For example:
4215 </para>
4216 <programlisting>
4217 Files:
4218 c6f698f19f2a2aa07dbb9bbda90a2754 571925 example_1.2.orig.tar.gz
4219 938512f08422f3509ff36f125f5873ba 6220 example_1.2-1.diff.gz</programlisting>
4220 <para>
4221 The exact forms of the filenames are described in <xref
4222 linkend="s-pkg-sourcearchives"/>.
4223 </para>
4224 <para>
4225 In the <filename>.changes</filename> file this contains one line
4226 per file being uploaded. Each line contains the MD5 checksum,
4227 size, section and priority and the filename. For example:
4228 </para>
4229 <programlisting>
4230 Files:
4231 4c31ab7bfc40d3cf49d7811987390357 1428 text extra example_1.2-1.dsc
4232 c6f698f19f2a2aa07dbb9bbda90a2754 571925 text extra example_1.2.orig.tar.gz
4233 938512f08422f3509ff36f125f5873ba 6220 text extra example_1.2-1.diff.gz
4234 7c98fe853b3bbb47a00e5cd129b6cb56 703542 text extra example_1.2-1_i386.deb</programlisting>
4235 <para>
4236 The <link linkend="s-f-Section">section</link> and <link
4237 linkend="s-f-Priority">priority</link> are the values of the
4238 corresponding fields in the main source control file. If no
4239 section or priority is specified then <literal>-</literal>
4240 should be used, though section and priority values must be
4241 specified for new packages to be installed properly.
4242 </para>
4243 <para>
4244 The special value <literal>byhand</literal> for the section in a
4245 <literal>.changes</literal> file indicates that the file in
4246 question is not an ordinary package file and must be installed
4247 by hand by the distribution maintainers. If the section is
4248 <literal>byhand</literal> the priority should be
4249 <literal>-</literal>.
4250 </para>
4251 <para>
4252 If a new Debian revision of a package is being shipped and no
4253 new original source archive is being distributed the
4254 <literal>.dsc</literal> must still contain the
4255 <literal>Files</literal> field entry for the original source
4256 archive
4257 <filename><replaceable>package</replaceable>_<replaceable>upstream-version</replaceable>.orig.tar.gz</filename>,
4258 but the <filename>.changes</filename> file should leave it out.
4259 In this case the original source archive on the distribution
4260 site must match exactly, byte-for-byte, the original source
4261 archive which was used to generate the <filename>.dsc</filename>
4262 file and diff which are being uploaded.
4263 </para>
4264 </section>
4266 <section id="s-f-Closes">
4267 <title><literal>Closes</literal></title>
4269 <para>
4270 A space-separated list of bug report numbers that the upload
4271 governed by the .changes file closes.
4272 </para>
4273 </section>
4275 <section id="s-f-Homepage">
4276 <title><literal>Homepage</literal></title>
4278 <para>
4279 The URL of the web site for this package, preferably (when
4280 applicable) the site from which the original source can be
4281 obtained and any additional upstream documentation or
4282 information may be found. The content of this field is a simple
4283 URL without any surrounding characters such as
4284 <literal><></literal>.
4285 </para>
4286 </section>
4288 <section id="s-f-Checksums">
4289 <title>
4290 <literal>Checksums-Sha1</literal> and
4291 <literal>Checksums-Sha256</literal>
4292 </title>
4294 <para>
4295 These multiline fields contain a list of files with a checksum
4296 and size for each one. Both <literal>Checksums-Sha1</literal>
4297 and <literal>Checksums-Sha256</literal> have the same syntax and
4298 differ only in the checksum algorithm used: SHA-1 for
4299 <literal>Checksums-Sha1</literal> and SHA-256 for
4300 <literal>Checksums-Sha256</literal>.
4301 </para>
4302 <para>
4303 <literal>Checksums-Sha1</literal> and
4304 <literal>Checksums-Sha256</literal> are multiline fields. The
4305 first line of the field value (the part on the same line as
4306 <literal>Checksums-Sha1:</literal> or
4307 <literal>Checksums-Sha256:</literal>) is always empty. The
4308 content of the field is expressed as continuation lines, one
4309 line per file. Each line consists of the checksum, a space, the
4310 file size, a space, and the file name. For example (from a
4311 <filename>.changes</filename> file):
4312 </para>
4313 <programlisting>
4314 Checksums-Sha1:
4315 1f418afaa01464e63cc1ee8a66a05f0848bd155c 1276 example_1.0-1.dsc
4316 a0ed1456fad61116f868b1855530dbe948e20f06 171602 example_1.0.orig.tar.gz
4317 5e86ecf0671e113b63388dac81dd8d00e00ef298 6137 example_1.0-1.debian.tar.gz
4318 71a0ff7da0faaf608481195f9cf30974b142c183 548402 example_1.0-1_i386.deb
4319 Checksums-Sha256:
4320 ac9d57254f7e835bed299926fd51bf6f534597cc3fcc52db01c4bffedae81272 1276 example_1.0-1.dsc
4321 0d123be7f51e61c4bf15e5c492b484054be7e90f3081608a5517007bfb1fd128 171602 example_1.0.orig.tar.gz
4322 f54ae966a5f580571ae7d9ef5e1df0bd42d63e27cb505b27957351a495bc6288 6137 example_1.0-1.debian.tar.gz
4323 3bec05c03974fdecd11d020fc2e8250de8404867a8a2ce865160c250eb723664 548402 example_1.0-1_i386.deb</programlisting>
4324 <para>
4325 In the <filename>.dsc</filename> file, these fields list all
4326 files that make up the source package. In the
4327 <filename>.changes</filename> file, these fields list all files
4328 being uploaded. The list of files in these fields must match
4329 the list of files in the <literal>Files</literal> field.
4330 </para>
4331 </section>
4333 <section id="s5.6.25">
4334 <title><literal>DM-Upload-Allowed</literal></title>
4336 <para>
4337 Obsolete, see <link linkend="s-f-DM-Upload-Allowed">below</link>.
4338 </para>
4339 </section>
4341 <section id="s-f-VCS-fields">
4342 <title>Version Control System (VCS) fields</title>
4344 <para>
4345 Debian source packages are increasingly developed using VCSs.
4346 The purpose of the following fields is to indicate a publicly
4347 accessible repository where the Debian source package is
4348 developed.
4349 </para>
4350 <variablelist>
4351 <varlistentry>
4352 <term><literal>Vcs-Browser</literal></term>
4353 <listitem>
4354 <para>
4355 URL of a web interface for browsing the repository.
4356 </para>
4357 </listitem>
4358 </varlistentry>
4359 <varlistentry>
4360 <term>
4361 <literal>Vcs-Arch</literal>, <literal>Vcs-Bzr</literal>
4362 (Bazaar), <literal>Vcs-Cvs</literal>,
4363 <literal>Vcs-Darcs</literal>, <literal>Vcs-Git</literal>,
4364 <literal>Vcs-Hg</literal> (Mercurial),
4365 <literal>Vcs-Mtn</literal> (Monotone),
4366 <literal>Vcs-Svn</literal> (Subversion)
4367 </term>
4368 <listitem>
4369 <para>
4370 The field name identifies the VCS. The field's value uses
4371 the version control system's conventional syntax for
4372 describing repository locations and should be sufficient
4373 to locate the repository used for packaging. Ideally, it
4374 also locates the branch used for development of new
4375 versions of the Debian package.
4376 </para>
4377 <para>
4378 In the case of Git, the value consists of a URL,
4379 optionally followed by the word <literal>-b</literal> and
4380 the name of a branch in the indicated repository,
4381 following the syntax of the <literal>git clone</literal>
4382 command. If no branch is specified, the packaging should
4383 be on the default branch.
4384 </para>
4385 <para>
4386 More than one different VCS may be specified for the same
4387 package.
4388 </para>
4389 </listitem>
4390 </varlistentry>
4391 </variablelist>
4392 </section>
4394 <section id="s-f-Package-List">
4395 <title><literal>Package-List</literal></title>
4397 <para>
4398 Multiline field listing all the packages that can be built from
4399 the source package, considering every architecture. The first
4400 line of the field value is empty. Each one of the next lines
4401 describes one binary package, by listing its name, type, section
4402 and priority separated by spaces. Fifth and subsequent
4403 space-separated items may be present and parsers must allow
4404 them. See the <link
4405 linkend="s-f-Package-Type">Package-Type</link> field for a list
4406 of package types.
4407 </para>
4408 </section>
4410 <section id="s-f-Package-Type">
4411 <title><literal>Package-Type</literal></title>
4413 <para>
4414 Simple field containing a word indicating the type of package:
4415 <literal>deb</literal> for binary packages and
4416 <literal>udeb</literal> for micro binary packages. Other types
4417 not defined here may be indicated. In source package control
4418 files, the <literal>Package-Type</literal> field should be
4419 omitted instead of giving it a value of <literal>deb</literal>,
4420 as this value is assumed for paragraphs lacking this field.
4421 </para>
4422 </section>
4424 <section id="s-f-Dgit">
4425 <title><literal>Dgit</literal></title>
4427 <para>
4428 Folded field containing a single git commit hash, presented in
4429 full, followed optionally by whitespace and other data to be
4430 defined in future extensions.
4431 </para>
4432 <para>
4433 Declares that the source package corresponds exactly to a
4434 referenced commit in a Git repository available at the canonical
4435 location called <emphasis>dgit-repos</emphasis>, used by
4436 <command>dgit</command>, a bidirectional gateway between the
4437 Debian archive and Git. The commit is reachable from at least
4438 one reference whose name matches <literal>refs/dgit/*</literal>.
4439 See the manual page of <command>dgit</command> for further
4440 details.
4441 </para>
4442 </section>
4444 <section id="s-f-Testsuite">
4445 <title><literal>Testsuite</literal></title>
4447 <para>
4448 Simple field containing a comma-separated list of values
4449 allowing test execution environments to discover packages
4450 which provide tests. Currently, the only defined value is
4451 <literal>autopkgtest</literal>.
4452 </para>
4454 <para>
4455 This field is automatically added to Debian source control
4456 files by <command>dpkg</command> when a
4457 <filename>debian/tests/control</filename> file is present
4458 in the source package. This field may also be used in
4459 source package control files if needed in other situations.
4460 </para>
4461 </section>
4462 </section>
4464 <section id="s5.7">
4465 <title>User-defined fields</title>
4467 <para>
4468 Additional user-defined fields may be added to the source package
4469 control file. Such fields will be ignored, and not copied to (for
4470 example) binary or Debian source control files or upload control
4471 files.
4472 </para>
4473 <para>
4474 If you wish to add additional unsupported fields to these output
4475 files you should use the mechanism described here.
4476 </para>
4477 <para>
4478 Fields in the main source control information file with names
4479 starting <literal>X</literal>, followed by one or more of the
4480 letters <literal>BCS</literal> and a hyphen <literal>-</literal>,
4481 will be copied to the output files. Only the part of the field
4482 name after the hyphen will be used in the output file. Where the
4483 letter <literal>B</literal> is used the field will appear in
4484 binary package control files, where the letter
4485 <literal>S</literal> is used in Debian source control files and
4486 where <literal>C</literal> is used in upload control
4487 (<literal>.changes</literal>) files.
4488 </para>
4489 <para>
4490 For example, if the main source information control file contains
4491 the field
4492 </para>
4493 <programlisting>
4494 XBS-Comment: I stand between the candle and the star.</programlisting>
4495 <para>
4496 then the binary and Debian source control files will contain the
4497 field
4498 </para>
4499 <programlisting>
4500 Comment: I stand between the candle and the star.</programlisting>
4501 </section>
4503 <section id="s-obsolete-control-data-fields">
4504 <title>Obsolete fields</title>
4506 <para>
4507 The following fields have been obsoleted and may be found in
4508 packages conforming with previous versions of the Policy.
4509 </para>
4511 <section id="s-f-DM-Upload-Allowed">
4512 <title><literal>DM-Upload-Allowed</literal></title>
4514 <para>
4515 Indicates that Debian Maintainers may upload this package to the
4516 Debian archive. The only valid value is <literal>yes</literal>.
4517 This field was used to regulate uploads by Debian Maintainers,
4518 See the General Resolution <ulink
4519 url="https://www.debian.org/vote/2007/vote_003">Endorse the
4520 concept of Debian Maintainers</ulink> for more details.
4521 </para>
4522 </section>
4523 </section>
4524 </chapter>
4526 <chapter id="ch-maintainerscripts">
4527 <title>Package maintainer scripts and installation procedure</title>
4529 <section id="s6.1">
4530 <title>Introduction to package maintainer scripts</title>
4532 <para>
4533 It is possible to supply scripts as part of a package which the
4534 package management system will run for you when your package is
4535 installed, upgraded or removed.
4536 </para>
4537 <para>
4538 These scripts are the control information files
4539 <command>preinst</command>, <command>postinst</command>,
4540 <command>prerm</command> and <command>postrm</command>. They must
4541 be proper executable files; if they are scripts (which is
4542 recommended), they must start with the usual <literal>#!</literal>
4543 convention. They should be readable and executable by anyone, and
4544 must not be world-writable.
4545 </para>
4546 <para>
4547 The package management system looks at the exit status from these
4548 scripts. It is important that they exit with a non-zero status if
4549 there is an error, so that the package management system can stop
4550 its processing. For shell scripts this means that you
4551 <emphasis>almost always</emphasis> need to use <literal>set
4552 -e</literal> (this is usually true when writing shell scripts, in
4553 fact). It is also important, of course, that they exit with a
4554 zero status if everything went well.
4555 </para>
4556 <para>
4557 Additionally, packages interacting with users using
4558 <command>debconf</command> in the <command>postinst</command>
4559 script should install a <command>config</command> script as a
4560 control information file. See <xref
4561 linkend="s-maintscriptprompt"/> for details.
4562 </para>
4563 <para>
4564 When a package is upgraded a combination of the scripts from the
4565 old and new packages is called during the upgrade procedure. If
4566 your scripts are going to be at all complicated you need to be
4567 aware of this, and may need to check the arguments to your
4568 scripts.
4569 </para>
4570 <para>
4571 Broadly speaking the <command>preinst</command> is called before
4572 (a particular version of) a package is unpacked, and the
4573 <command>postinst</command> afterwards; the
4574 <command>prerm</command> before (a version of) a package is
4575 removed and the <command>postrm</command> afterwards.
4576 </para>
4577 <para>
4578 Programs called from maintainer scripts should not normally have a
4579 path prepended to them. Before installation is started, the
4580 package management system checks to see if the programs
4581 <command>ldconfig</command>, <command>start-stop-daemon</command>,
4582 and <command>update-rc.d</command> can be found via the
4583 <literal>PATH</literal> environment variable. Those programs, and
4584 any other program that one would expect to be in the
4585 <literal>PATH</literal>, should thus be invoked without an
4586 absolute pathname. Maintainer scripts should also not reset the
4587 <literal>PATH</literal>, though they might choose to modify it by
4588 prepending or appending package-specific directories. These
4589 considerations really apply to all shell scripts.
4590 </para>
4591 </section>
4593 <section id="s-idempotency">
4594 <title>Maintainer scripts idempotency</title>
4596 <para>
4597 It is necessary for the error recovery procedures that the scripts
4598 be idempotent. This means that if it is run successfully, and
4599 then it is called again, it doesn't bomb out or cause any harm,
4600 but just ensures that everything is the way it ought to be. If
4601 the first call failed, or aborted half way through for some
4602 reason, the second call should merely do the things that were left
4603 undone the first time, if any, and exit with a success status if
4604 everything is OK.
4605 <footnote>
4606 <para>
4607 This is so that if an error occurs, the user interrupts
4608 <command>dpkg</command> or some other unforeseen circumstance
4609 happens you don't leave the user with a badly-broken package
4610 when <command>dpkg</command> attempts to repeat the action.
4611 </para>
4612 </footnote>
4613 </para>
4614 </section>
4616 <section id="s-controllingterminal">
4617 <title>Controlling terminal for maintainer scripts</title>
4619 <para>
4620 Maintainer scripts are not guaranteed to run with a controlling
4621 terminal and may not be able to interact with the user. They must
4622 be able to fall back to noninteractive behavior if no controlling
4623 terminal is available. Maintainer scripts that prompt via a
4624 program conforming to the Debian Configuration Management
4625 Specification (see <xref linkend="s-maintscriptprompt"/>) may
4626 assume that program will handle falling back to noninteractive
4627 behavior.
4628 </para>
4629 <para>
4630 For high-priority prompts without a reasonable default answer,
4631 maintainer scripts may abort if there is no controlling terminal.
4632 However, this situation should be avoided if at all possible,
4633 since it prevents automated or unattended installs. In most
4634 cases, users will consider this to be a bug in the package.
4635 </para>
4636 </section>
4638 <section id="s-exitstatus">
4639 <title>Exit status</title>
4641 <para>
4642 Each script must return a zero exit status for success, or a
4643 nonzero one for failure, since the package management system looks
4644 for the exit status of these scripts and determines what action to
4645 take next based on that datum.
4646 </para>
4647 </section>
4649 <section id="s-mscriptsinstact">
4650 <title>Summary of ways maintainer scripts are called</title>
4652 <para>
4653 What follows is a summary of all the ways in which maintainer
4654 scripts may be called along with what facilities those scripts may
4655 rely on being available at that time. Script names preceded by
4656 <replaceable>new-</replaceable> are the scripts from the new
4657 version of a package being installed, upgraded to, or downgraded
4658 to. Script names preceded by <replaceable>old-</replaceable> are
4659 the scripts from the old version of a package that is being
4660 upgraded from or downgraded from.
4661 </para>
4662 <para>
4663 The <command>preinst</command> script may be called in the
4664 following ways:
4665 </para>
4666 <variablelist>
4667 <varlistentry>
4668 <term>
4669 <cmdsynopsis>
4670 <command>new-preinst</command>
4671 <arg choice="plain">install</arg>
4673 <command>new-preinst</command>
4674 <arg choice="plain">install</arg>
4675 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4677 <command>new-preinst</command>
4678 <arg choice="plain">upgrade</arg>
4679 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4680 </cmdsynopsis>
4681 </term>
4682 <listitem>
4683 <para>
4684 The package will not yet be unpacked, so the
4685 <command>preinst</command> script cannot rely on any files
4686 included in its package. Only essential packages and
4687 pre-dependencies (<literal>Pre-Depends</literal>) may be
4688 assumed to be available. Pre-dependencies will have been
4689 configured at least once, but at the time the
4690 <command>preinst</command> is called they may only be in an
4691 "Unpacked" or "Half-Configured" state if a previous version
4692 of the pre-dependency was completely configured and has not
4693 been removed since then.
4694 </para>
4695 </listitem>
4696 </varlistentry>
4697 <varlistentry>
4698 <term>
4699 <cmdsynopsis>
4700 <command>old-preinst</command>
4701 <arg choice="plain">abort-upgrade</arg>
4702 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4703 </cmdsynopsis>
4704 </term>
4705 <listitem>
4706 <para>
4707 Called during error handling of an upgrade that failed after
4708 unpacking the new package because the <literal>postrm
4709 upgrade</literal> action failed. The unpacked files may be
4710 partly from the new version or partly missing, so the script
4711 cannot rely on files included in the package. Package
4712 dependencies may not be available. Pre-dependencies will be
4713 at least "Unpacked" following the same rules as above,
4714 except they may be only "Half-Installed" if an upgrade of
4715 the pre-dependency failed.
4716 <footnote>
4717 <para>
4718 This can happen if the new version of the package no
4719 longer pre-depends on a package that had been partially
4720 upgraded.
4721 </para>
4722 </footnote>
4723 </para>
4724 </listitem>
4725 </varlistentry>
4726 </variablelist>
4727 <para>
4728 The <command>postinst</command> script may be called in the
4729 following ways:
4730 </para>
4731 <variablelist>
4732 <varlistentry>
4733 <term>
4734 <cmdsynopsis>
4735 <command>postinst</command>
4736 <arg choice="plain">configure</arg>
4737 <arg choice="plain"><replaceable>most-recently-configured-version</replaceable></arg>
4738 </cmdsynopsis>
4739 </term>
4740 <listitem>
4741 <para>
4742 The files contained in the package will be unpacked. All
4743 package dependencies will at least be "Unpacked". If there
4744 are no circular dependencies involved, all package
4745 dependencies will be configured. For behavior in the case
4746 of circular dependencies, see the discussion in <xref
4747 linkend="s-binarydeps"/>.
4748 </para>
4749 </listitem>
4750 </varlistentry>
4751 <varlistentry>
4752 <term>
4753 <cmdsynopsis>
4754 <command>old-postinst</command>
4755 <arg choice="plain">abort-upgrade</arg>
4756 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4758 <command>conflictor's-postinst</command>
4759 <arg choice="plain">abort-remove</arg>
4760 <arg choice="plain">in-favour</arg>
4761 <arg choice="plain"><replaceable>package</replaceable></arg>
4762 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4764 <command>postinst</command>
4765 <arg choice="plain">abort-remove</arg>
4767 <command>deconfigured's-postinst</command>
4768 <arg choice="plain">abort-deconfigure</arg>
4769 <arg choice="plain">in-favour</arg>
4770 <arg choice="plain"><replaceable>failed-install-package</replaceable></arg>
4771 <arg choice="plain"><replaceable>version</replaceable></arg>
4772 <arg>
4773 <arg choice="plain">removing</arg>
4774 <arg choice="plain"><replaceable>conflicting-package</replaceable></arg>
4775 <arg choice="plain"><replaceable>version</replaceable></arg>
4776 </arg>
4777 </cmdsynopsis>
4778 </term>
4779 <listitem>
4780 <para>
4781 The files contained in the package will be unpacked. All
4782 package dependencies will at least be "Half-Installed" and
4783 will have previously been configured and not removed.
4784 However, dependencies may not be configured or even fully
4785 unpacked in some error situations.
4786 <footnote>
4787 <para>
4788 For example, suppose packages foo and bar are
4789 "Installed" with foo depending on bar. If an upgrade of
4790 bar were started and then aborted, and then an attempt
4791 to remove foo failed because its
4792 <command>prerm</command> script failed, foo's
4793 <literal>postinst abort-remove</literal> would be called
4794 with bar only "Half-Installed".
4795 </para>
4796 </footnote>
4797 The <command>postinst</command> should still attempt any
4798 actions for which its dependencies are required, since they
4799 will normally be available, but consider the correct error
4800 handling approach if those actions fail. Aborting the
4801 <command>postinst</command> action if commands or facilities
4802 from the package dependencies are not available is often the
4803 best approach.
4804 </para>
4805 </listitem>
4806 </varlistentry>
4807 </variablelist>
4808 <para>
4809 The <command>prerm</command> script may be called in the following
4810 ways:
4811 </para>
4812 <variablelist>
4813 <varlistentry>
4814 <term>
4815 <cmdsynopsis>
4816 <command>prerm</command>
4817 <arg choice="plain">remove</arg>
4819 <command>old-prerm</command>
4820 <arg choice="plain">upgrade</arg>
4821 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4823 <command>conflictor's-prerm</command>
4824 <arg choice="plain">remove</arg>
4825 <arg choice="plain">in-favour</arg>
4826 <arg choice="plain"><replaceable>package</replaceable></arg>
4827 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4829 <command>deconfigured's-prerm</command>
4830 <arg choice="plain">deconfigure</arg>
4831 <arg choice="plain">in-favour</arg>
4832 <arg choice="plain"><replaceable>package-being-installed</replaceable></arg>
4833 <arg choice="plain"><replaceable>version</replaceable></arg>
4834 <arg>
4835 <arg choice="plain">removing</arg>
4836 <arg choice="plain"><replaceable>conflicting-package</replaceable></arg>
4837 <arg choice="plain"><replaceable>version</replaceable></arg>
4838 </arg>
4839 </cmdsynopsis>
4840 </term>
4841 <listitem>
4842 <para>
4843 The package whose <command>prerm</command> is being called
4844 will be at least "Half-Installed". All package dependencies
4845 will at least be "Half-Installed" and will have previously
4846 been configured and not removed. If there was no error, all
4847 dependencies will at least be "Unpacked", but these actions
4848 may be called in various error states where dependencies are
4849 only "Half-Installed" due to a partial upgrade.
4850 </para>
4851 </listitem>
4852 </varlistentry>
4853 <varlistentry>
4854 <term>
4855 <cmdsynopsis>
4856 <command>new-prerm</command>
4857 <arg choice="plain">failed-upgrade</arg>
4858 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4859 </cmdsynopsis>
4860 </term>
4861 <listitem>
4862 <para>
4863 Called during error handling when <literal>prerm
4864 upgrade</literal> fails. The new package will not yet be
4865 unpacked, and all the same constraints as for
4866 <literal>preinst upgrade</literal> apply.
4867 </para>
4868 </listitem>
4869 </varlistentry>
4870 </variablelist>
4871 <para>
4872 The <command>postrm</command> script may be called in the
4873 following ways:
4874 </para>
4875 <variablelist>
4876 <varlistentry>
4877 <term>
4878 <cmdsynopsis>
4879 <command>postrm</command>
4880 <arg choice="plain">remove</arg>
4882 <command>postrm</command>
4883 <arg choice="plain">purge</arg>
4885 <command>old-postrm</command>
4886 <arg choice="plain">upgrade</arg>
4887 <arg choice="plain"><replaceable>new-version</replaceable></arg>
4889 <command>disappearer's-postrm</command>
4890 <arg choice="plain">disappear</arg>
4891 <arg choice="plain"><replaceable>overwriter</replaceable></arg>
4892 <arg choice="plain"><replaceable>overwriter-version</replaceable></arg>
4893 </cmdsynopsis>
4894 </term>
4895 <listitem>
4896 <para>
4897 The <command>postrm</command> script is called after the
4898 package's files have been removed or replaced. The package
4899 whose <command>postrm</command> is being called may have
4900 previously been deconfigured and only be "Unpacked", at
4901 which point subsequent package changes do not consider its
4902 dependencies. Therefore, all <command>postrm</command>
4903 actions may only rely on essential packages and must
4904 gracefully skip any actions that require the package's
4905 dependencies if those dependencies are unavailable.
4906 <footnote>
4907 <para>
4908 This is often done by checking whether the command or
4909 facility the <command>postrm</command> intends to call
4910 is available before calling it. For example:
4911 </para>
4912 <programlisting>
4913 if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
4914 . /usr/share/debconf/confmodule db_purge
4915 fi</programlisting>
4916 <para>
4917 in <command>postrm</command> purges the
4918 <command>debconf</command> configuration for the package
4919 if <systemitem role="package">debconf</systemitem> is
4920 installed.
4921 </para>
4922 </footnote>
4923 </para>
4924 </listitem>
4925 </varlistentry>
4926 <varlistentry>
4927 <term>
4928 <cmdsynopsis>
4929 <command>new-postrm</command>
4930 <arg choice="plain">failed-upgrade</arg>
4931 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4932 </cmdsynopsis>
4933 </term>
4934 <listitem>
4935 <para>
4936 Called when the old <literal>postrm upgrade</literal> action
4937 fails. The new package will be unpacked, but only essential
4938 packages and pre-dependencies can be relied on.
4939 Pre-dependencies will either be configured or will be
4940 "Unpacked" or "Half-Configured" but previously had been
4941 configured and was never removed.
4942 </para>
4943 </listitem>
4944 </varlistentry>
4945 <varlistentry>
4946 <term>
4947 <cmdsynopsis>
4948 <command>new-postrm</command>
4949 <arg choice="plain">abort-install</arg>
4951 <command>new-postrm</command>
4952 <arg choice="plain">abort-install</arg>
4953 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4955 <command>new-postrm</command>
4956 <arg choice="plain">abort-upgrade</arg>
4957 <arg choice="plain"><replaceable>old-version</replaceable></arg>
4958 </cmdsynopsis>
4959 </term>
4960 <listitem>
4961 <para>
4962 Called before unpacking the new package as part of the error
4963 handling of <command>preinst</command> failures. May assume
4964 the same state as <command>preinst</command> can assume.
4965 </para>
4966 </listitem>
4967 </varlistentry>
4968 </variablelist>
4969 </section>
4971 <section id="s-unpackphase">
4972 <title>Details of unpack phase of installation or upgrade</title>
4974 <para>
4975 The procedure on installation/upgrade/overwrite/disappear (i.e.,
4976 when running <literal>dpkg --unpack</literal>, or the unpack stage
4977 of <literal>dpkg --install</literal>) is as follows.
4978 <footnote>
4979 <para>
4980 See <xref linkend="ap-flowcharts"/> for flowcharts
4981 illustrating the processes described here.
4982 </para>
4983 </footnote>
4984 In each case, if a major error occurs (unless listed below) the
4985 actions are, in general, run backwards - this means that the
4986 maintainer scripts are run with different arguments in reverse order.
4987 These are the "error unwind" calls listed below.
4988 </para>
4989 <orderedlist numeration="arabic">
4990 <listitem>
4991 <para>
4992 Notify the currently installed package:
4993 </para>
4994 <orderedlist numeration="loweralpha">
4995 <listitem>
4996 <para>
4997 If a version of the package is already "Installed", call
4998 </para>
4999 <screen><replaceable>old-prerm</replaceable> upgrade <replaceable>new-version</replaceable></screen>
5000 </listitem>
5001 <listitem>
5002 <para>
5003 If the script runs but exits with a non-zero exit status,
5004 <command>dpkg</command> will attempt:
5005 </para>
5006 <screen><replaceable>new-prerm</replaceable> failed-upgrade <replaceable>old-version</replaceable></screen>
5007 <para>
5008 If this works, the upgrade continues. If this does not
5009 work, the error unwind:
5010 </para>
5011 <screen><replaceable>old-postinst</replaceable> abort-upgrade <replaceable>new-version</replaceable></screen>
5012 <para>
5013 If this works, then the old-version is "Installed", if
5014 not, the old version is in a "Half-Configured" state.
5015 </para>
5016 </listitem>
5017 </orderedlist>
5018 </listitem>
5019 <listitem>
5020 <para>
5021 If a "conflicting" package is being removed at the same time,
5022 or if any package will be broken (due to
5023 <literal>Breaks</literal>):
5024 </para>
5025 <orderedlist numeration="loweralpha">
5026 <listitem>
5027 <para>
5028 If <literal>--auto-deconfigure</literal> is specified,
5029 call, for each package to be deconfigured due to
5030 <literal>Breaks</literal>:
5031 </para>
5032 <screen>
5033 <replaceable>deconfigured's-prerm</replaceable> deconfigure \
5034 in-favour <replaceable>package-being-installed</replaceable> <replaceable>version</replaceable></screen>
5035 <para>
5036 Error unwind:
5037 </para>
5038 <screen>
5039 <replaceable>deconfigured's-postinst</replaceable> abort-deconfigure \
5040 in-favour <replaceable>package-being-installed-but-failed</replaceable> <replaceable>version</replaceable></screen>
5041 <para>
5042 The deconfigured packages are marked as requiring
5043 configuration, so that if <literal>--install</literal> is
5044 used they will be configured again if possible.
5045 </para>
5046 </listitem>
5047 <listitem>
5048 <para>
5049 If any packages depended on a conflicting package being
5050 removed and <literal>--auto-deconfigure</literal> is
5051 specified, call, for each such package:
5052 </para>
5053 <screen>
5054 <replaceable>deconfigured's-prerm</replaceable> deconfigure \
5055 in-favour <replaceable>package-being-installed</replaceable> <replaceable>version</replaceable> \
5056 removing <replaceable>conflicting-package</replaceable> <replaceable>version</replaceable></screen>
5057 <para>
5058 Error unwind:
5059 </para>
5060 <screen>
5061 <replaceable>deconfigured's-postinst</replaceable> abort-deconfigure \
5062 in-favour <replaceable>package-being-installed-but-failed</replaceable> <replaceable>version</replaceable> \
5063 removing <replaceable>conflicting-package</replaceable> <replaceable>version</replaceable></screen>
5064 <para>
5065 The deconfigured packages are marked as requiring
5066 configuration, so that if <literal>--install</literal> is
5067 used they will be configured again if possible.
5068 </para>
5069 </listitem>
5070 <listitem>
5071 <para>
5072 To prepare for removal of each conflicting package, call:
5073 </para>
5074 <screen>
5075 <replaceable>conflictor's-prerm</replaceable> remove \
5076 in-favour <replaceable>package</replaceable> <replaceable>new-version</replaceable></screen>
5077 <para>
5078 Error unwind:
5079 </para>
5080 <screen>
5081 <replaceable>conflictor's-postinst</replaceable> abort-remove \
5082 in-favour <replaceable>package</replaceable> <replaceable>new-version</replaceable></screen>
5083 </listitem>
5084 </orderedlist>
5085 </listitem>
5086 <listitem>
5087 <para>
5088 Run the <command>preinst</command> of the new package:
5089 </para>
5090 <orderedlist numeration="loweralpha">
5091 <listitem>
5092 <para>
5093 If the package is being upgraded, call:
5094 </para>
5095 <screen><replaceable>new-preinst</replaceable> upgrade <replaceable>old-version</replaceable></screen>
5096 <para>
5097 If this fails, we call:
5098 </para>
5099 <screen><replaceable>new-postrm</replaceable> abort-upgrade <replaceable>old-version</replaceable></screen>
5100 <orderedlist numeration="lowerroman">
5101 <listitem>
5102 <para>
5103 If that works, then
5104 </para>
5105 <screen><replaceable>old-postinst</replaceable> abort-upgrade <replaceable>new-version</replaceable></screen>
5106 <para>
5107 is called. If this works, then the old version is in
5108 an "Installed" state, or else it is left in an
5109 "Unpacked" state.
5110 </para>
5111 </listitem>
5112 <listitem>
5113 <para>
5114 If it fails, then the old version is left in an
5115 "Half-Installed" state.
5116 </para>
5117 </listitem>
5118 </orderedlist>
5119 </listitem>
5120 <listitem>
5121 <para>
5122 Otherwise, if the package had some configuration files
5123 from a previous version installed (i.e., it is in the
5124 "Config-Files" state):
5125 </para>
5126 <screen><replaceable>new-preinst</replaceable> install <replaceable>old-version</replaceable></screen>
5127 <para>
5128 Error unwind:
5129 </para>
5130 <screen><replaceable>new-postrm</replaceable> abort-install <replaceable>old-version</replaceable></screen>
5131 <para>
5132 If this fails, the package is left in a "Half-Installed"
5133 state, which requires a reinstall. If it works, the
5134 packages is left in a "Config-Files" state.
5135 </para>
5136 </listitem>
5137 <listitem>
5138 <para>
5139 Otherwise (i.e., the package was completely purged):
5140 </para>
5141 <screen><replaceable>new-preinst</replaceable> install</screen>
5142 <para>
5143 Error unwind:
5144 </para>
5145 <screen><replaceable>new-postrm</replaceable> abort-install</screen>
5146 <para>
5147 If the error-unwind fails, the package is in a
5148 "Half-Installed" phase, and requires a reinstall. If the
5149 error unwind works, the package is in the "Not-Installed"
5150 state.
5151 </para>
5152 </listitem>
5153 </orderedlist>
5154 </listitem>
5155 <listitem>
5156 <para>
5157 The new package's files are unpacked, overwriting any that may
5158 be on the system already, for example any from the old version
5159 of the same package or from another package. Backups of the
5160 old files are kept temporarily, and if anything goes wrong the
5161 package management system will attempt to put them back as
5162 part of the error unwind.
5163 </para>
5164 <para>
5165 It is an error for a package to contain files which are on the
5166 system in another package, unless <literal>Replaces</literal>
5167 is used (see <xref linkend="s-replaces"/>).
5168 </para>
5169 <para>
5170 It is a more serious error for a package to contain a plain
5171 file or other kind of non-directory where another package has
5172 a directory (again, unless <literal>Replaces</literal> is
5173 used). This error can be overridden if desired using
5174 <literal>--force-overwrite-dir</literal>, but this is not
5175 advisable.
5176 </para>
5177 <para>
5178 Packages which overwrite each other's files produce behavior
5179 which, though deterministic, is hard for the system
5180 administrator to understand. It can easily lead to "missing"
5181 programs if, for example, a package is unpacked which
5182 overwrites a file from another package, and is then removed
5183 again.
5184 <footnote>
5185 <para>
5186 Part of the problem is due to what is arguably a bug in
5187 <command>dpkg</command>.
5188 </para>
5189 </footnote>
5190 </para>
5191 <para>
5192 A directory will never be replaced by a symbolic link to a
5193 directory or vice versa; instead, the existing state (symlink
5194 or not) will be left alone and <command>dpkg</command> will
5195 follow the symlink if there is one.
5196 </para>
5197 </listitem>
5198 <listitem>
5199 <para>
5200 If the package is being upgraded:
5201 </para>
5202 <orderedlist numeration="loweralpha">
5203 <listitem>
5204 <para>
5205 Call:
5206 </para>
5207 <screen><replaceable>old-postrm</replaceable> upgrade <replaceable>new-version</replaceable></screen>
5208 </listitem>
5209 <listitem>
5210 <para>
5211 If this fails, <command>dpkg</command> will attempt:
5212 </para>
5213 <screen><replaceable>new-postrm</replaceable> failed-upgrade <replaceable>old-version</replaceable></screen>
5214 <para>
5215 If this works, installation continues. If not, Error unwind:
5216 </para>
5217 <screen><replaceable>old-preinst</replaceable> abort-upgrade <replaceable>new-version</replaceable></screen>
5218 <para>
5219 If this fails, the old version is left in a
5220 "Half-Installed" state. If it works, dpkg now calls:
5221 </para>
5222 <screen><replaceable>new-postrm</replaceable> abort-upgrade <replaceable>old-version</replaceable></screen>
5223 <para>
5224 If this fails, the old version is left in a
5225 "Half-Installed" state. If it works, dpkg now calls:
5226 </para>
5227 <screen><replaceable>old-postinst</replaceable> abort-upgrade <replaceable>new-version</replaceable></screen>
5228 <para>
5229 If this fails, the old version is in an "Unpacked" state.
5230 </para>
5231 </listitem>
5232 </orderedlist>
5233 <para>
5234 This is the point of no return. If <command>dpkg</command>
5235 gets this far, it won't back off past this point if an error
5236 occurs. This will leave the package in a fairly bad state,
5237 which will require a successful re-installation to clear up,
5238 but it's when <command>dpkg</command> starts doing things that
5239 are irreversible.
5240 </para>
5241 </listitem>
5242 <listitem>
5243 <para>
5244 Any files which were in the old version of the package but not
5245 in the new are removed.
5246 </para>
5247 </listitem>
5248 <listitem>
5249 <para>
5250 The new file list replaces the old.
5251 </para>
5252 </listitem>
5253 <listitem>
5254 <para>
5255 The new maintainer scripts replace the old.
5256 </para>
5257 </listitem>
5258 <listitem>
5259 <para>
5260 Any packages all of whose files have been overwritten during
5261 the installation, and which aren't required for dependencies,
5262 are considered to have been removed. For each such package
5263 </para>
5264 <orderedlist numeration="loweralpha">
5265 <listitem>
5266 <para>
5267 <command>dpkg</command> calls:
5268 </para>
5269 <screen>
5270 <replaceable>disappearer's-postrm</replaceable> disappear \
5271 <replaceable>overwriter</replaceable> <replaceable>overwriter-version</replaceable></screen>
5272 </listitem>
5273 <listitem>
5274 <para>
5275 The package's maintainer scripts are removed.
5276 </para>
5277 </listitem>
5278 <listitem>
5279 <para>
5280 It is noted in the status database as being in a sane
5281 state, namely "Not-Installed" (any conffiles it may have
5282 are ignored, rather than being removed by
5283 <command>dpkg</command>). Note that disappearing packages
5284 do not have their prerm called, because
5285 <command>dpkg</command> doesn't know in advance that the
5286 package is going to vanish.
5287 </para>
5288 </listitem>
5289 </orderedlist>
5290 </listitem>
5291 <listitem>
5292 <para>
5293 Any files in the package we're unpacking that are also listed
5294 in the file lists of other packages are removed from those
5295 lists. (This will lobotomize the file list of the
5296 "conflicting" package if there is one.)
5297 </para>
5298 </listitem>
5299 <listitem>
5300 <para>
5301 The backup files made during installation, above, are deleted.
5302 </para>
5303 </listitem>
5304 <listitem>
5305 <para>
5306 The new package's status is now sane, and recorded as "Unpacked".
5307 </para>
5308 <para>
5309 Here is another point of no return: if the conflicting
5310 package's removal fails we do not unwind the rest of the
5311 installation. The conflicting package is left in a
5312 half-removed limbo.
5313 </para>
5314 </listitem>
5315 <listitem>
5316 <para>
5317 If there was a conflicting package we go and do the removal
5318 actions (described below), starting with the removal of the
5319 conflicting package's files (any that are also in the package
5320 being unpacked have already been removed from the conflicting
5321 package's file list, and so do not get removed now).
5322 </para>
5323 </listitem>
5324 </orderedlist>
5325 </section>
5327 <section id="s-configdetails">
5328 <title>Details of configuration</title>
5330 <para>
5331 When we configure a package (this happens with <literal>dpkg
5332 --install</literal> and <literal>dpkg --configure</literal>), we
5333 first update any <literal>conffile</literal>s and then call:
5334 </para>
5335 <screen><replaceable>postinst</replaceable> configure <replaceable>most-recently-configured-version</replaceable></screen>
5336 <para>
5337 No attempt is made to unwind after errors during configuration.
5338 If the configuration fails, the package is in a "Half-Configured"
5339 state, and an error message is generated.
5340 </para>
5341 <para>
5342 If there is no most recently configured version
5343 <command>dpkg</command> will pass a null argument.
5344 <footnote>
5345 <para>
5346 Historical note: Truly ancient (pre-1997) versions of
5347 <command>dpkg</command> passed
5348 <literal><unknown></literal> (including the angle
5349 brackets) in this case. Even older ones did not pass a second
5350 argument at all, under any circumstance. Note that upgrades
5351 using such an old dpkg version are unlikely to work for other
5352 reasons, even if this old argument behavior is handled by your
5353 postinst script.
5354 </para>
5355 </footnote>
5356 </para>
5357 </section>
5359 <section id="s-removedetails">
5360 <title>Details of removal and/or configuration purging</title>
5362 <orderedlist numeration="arabic">
5363 <listitem>
5364 <screen><replaceable>prerm</replaceable> remove</screen>
5365 <para>
5366 If prerm fails during replacement due to conflict
5367 </para>
5368 <screen>
5369 <replaceable>conflictor's-postinst</replaceable> abort-remove \
5370 in-favour <replaceable>package</replaceable> <replaceable>new-version</replaceable></screen>
5371 <para>
5372 Or else we call:
5373 </para>
5374 <screen><replaceable>postinst</replaceable> abort-remove</screen>
5375 <para>
5376 If this fails, the package is in a "Half-Configured" state, or
5377 else it remains "Installed".
5378 </para>
5379 </listitem>
5380 <listitem>
5381 <para>
5382 The package's files are removed (except
5383 <literal>conffile</literal>s).
5384 </para>
5385 </listitem>
5386 <listitem>
5387 <screen><replaceable>postrm</replaceable> remove</screen>
5388 <para>
5389 If it fails, there's no error unwind, and the package is in an
5390 "Half-Installed" state.
5391 </para>
5392 </listitem>
5393 <listitem>
5394 <para>
5395 All the maintainer scripts except the
5396 <command>postrm</command> are removed.
5397 </para>
5398 <para>
5399 If we aren't purging the package we stop here. Note that
5400 packages which have no <command>postrm</command> and no
5401 <literal>conffile</literal>s are automatically purged when
5402 removed, as there is no difference except for the
5403 <command>dpkg</command> status.
5404 </para>
5405 </listitem>
5406 <listitem>
5407 <para>
5408 The <literal>conffile</literal>s and any backup files
5409 (<literal>~</literal>-files, <literal>#*#</literal> files,
5410 <literal>%</literal>-files,
5411 <literal>.dpkg-{old,new,tmp}</literal>, etc.) are removed.
5412 </para>
5413 </listitem>
5414 <listitem>
5415 <screen><replaceable>postrm</replaceable> purge</screen>
5416 <para>
5417 If this fails, the package remains in a "Config-Files" state.
5418 </para>
5419 </listitem>
5420 <listitem>
5421 <para>
5422 The package's file list is removed.
5423 </para>
5424 </listitem>
5425 </orderedlist>
5426 </section>
5427 </chapter>
5429 <chapter id="ch-relationships">
5430 <title>Declaring relationships between packages</title>
5432 <section id="s-depsyntax">
5433 <title>Syntax of relationship fields</title>
5435 <para>
5436 These fields all have a uniform syntax. They are a list of
5437 package names separated by commas.
5438 </para>
5439 <para>
5440 In the <literal>Depends</literal>, <literal>Recommends</literal>,
5441 <literal>Suggests</literal>, <literal>Pre-Depends</literal>,
5442 <literal>Build-Depends</literal>,
5443 <literal>Build-Depends-Indep</literal> and
5444 <literal>Build-Depends-Arch</literal> control fields of the
5445 package, which declare dependencies on other packages, the package
5446 names listed may also include lists of alternative package names,
5447 separated by vertical bar (pipe) symbols <literal>|</literal>. In
5448 such a case, that part of the dependency can be satisfied by any
5449 one of the alternative packages.
5450 </para>
5451 <para>
5452 All of the fields except for <literal>Provides</literal> may
5453 restrict their applicability to particular versions of each named
5454 package. This is done in parentheses after each individual
5455 package name; the parentheses should contain a relation from the
5456 list below followed by a version number, in the format described
5457 in <xref linkend="s-f-Version"/>.
5458 </para>
5459 <para>
5460 The relations allowed are <literal><<</literal>,
5461 <literal><=</literal>, <literal>=</literal>,
5462 <literal>>=</literal> and <literal>>></literal> for
5463 strictly earlier, earlier or equal, exactly equal, later or equal
5464 and strictly later, respectively.
5465 <footnote>
5466 <para>
5467 The relations <literal><</literal> and
5468 <literal>></literal> were previously allowed, but they were
5469 confusingly defined to mean earlier/later or equal rather than
5470 strictly earlier/later. <command>dpkg</command> still
5471 supports them with a warning, but they are no longer allowed
5472 by Debian Policy.
5473 </para>
5474 </footnote>
5475 </para>
5476 <para>
5477 Whitespace may appear at any point in the version specification
5478 subject to the rules in <xref linkend="s-controlsyntax"/>, and
5479 must appear where it's necessary to disambiguate; it is not
5480 otherwise significant. All of the relationship fields can only be
5481 folded in source package control files. For consistency and in
5482 case of future changes to <command>dpkg</command> it is
5483 recommended that a single space be used after a version
5484 relationship and before a version number; it is also conventional
5485 to put a single space after each comma, on either side of each
5486 vertical bar, and before each open parenthesis. When opening a
5487 continuation line in a relationship field, it is conventional to
5488 do so after a comma and before the space following that comma.
5489 </para>
5490 <para>
5491 For example, a list of dependencies might appear as:
5492 </para>
5493 <programlisting>
5494 Package: mutt
5495 Version: 1.3.17-1
5496 Depends: libc6 (>= 2.2.1), exim | mail-transport-agent</programlisting>
5497 <para>
5498 Relationships may be restricted to a certain set of architectures.
5499 This is indicated in brackets after each individual package name
5500 and the optional version specification. The brackets enclose a
5501 non-empty list of Debian architecture names in the format
5502 described in <xref linkend="s-arch-spec"/>, separated by
5503 whitespace. Exclamation marks may be prepended to each of the
5504 names. (It is not permitted for some names to be prepended with
5505 exclamation marks while others aren't.)
5506 </para>
5507 <para>
5508 For build relationship fields (<literal>Build-Depends</literal>,
5509 <literal>Build-Depends-Indep</literal>,
5510 <literal>Build-Depends-Arch</literal>,
5511 <literal>Build-Conflicts</literal>,
5512 <literal>Build-Conflicts-Indep</literal> and
5513 <literal>Build-Conflicts-Arch</literal>), if the current Debian
5514 host architecture is not in this list and there are no exclamation
5515 marks in the list, or it is in the list with a prepended
5516 exclamation mark, the package name and the associated version
5517 specification are ignored completely for the purposes of defining
5518 the relationships.
5519 </para>
5520 <para>
5521 For example:
5522 </para>
5523 <programlisting>
5524 Source: glibc
5525 Build-Depends-Indep: texinfo
5526 Build-Depends: kernel-headers-2.2.10 [!hurd-i386],
5527 hurd-dev [hurd-i386], gnumach-dev [hurd-i386]</programlisting>
5528 <para>
5529 requires <literal>kernel-headers-2.2.10</literal> on all
5530 architectures other than hurd-i386 and requires
5531 <literal>hurd-dev</literal> and <literal>gnumach-dev</literal>
5532 only on hurd-i386. Here is another example showing multiple
5533 architectures separated by spaces:
5534 </para>
5535 <programlisting>
5536 Build-Depends:
5537 libluajit5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc mips],
5538 liblua5.1-dev [hurd-i386 ia64 kfreebsd-amd64 s390x sparc],</programlisting>
5539 <para>
5540 For binary relationship fields and the
5541 <literal>Built-Using</literal> field, the architecture restriction
5542 syntax is only supported in the source package control file
5543 <filename>debian/control</filename>. When the corresponding
5544 binary package control file is generated, the relationship will
5545 either be omitted or included without the architecture restriction
5546 based on the architecture of the binary package. This means that
5547 architecture restrictions must not be used in binary relationship
5548 fields for architecture-independent packages
5549 (<literal>Architecture: all</literal>).
5550 </para>
5551 <para>
5552 For example:
5553 </para>
5554 <programlisting>Depends: foo [i386], bar [amd64]</programlisting>
5555 <para>
5556 becomes <literal>Depends: foo</literal> when the package is built
5557 on the <literal>i386</literal> architecture, <literal>Depends:
5558 bar</literal> when the package is built on the
5559 <literal>amd64</literal> architecture, and omitted entirely in
5560 binary packages built on all other architectures.
5561 </para>
5562 <para>
5563 If the architecture-restricted dependency is part of a set of
5564 alternatives using <literal>|</literal>, that alternative is
5565 ignored completely on architectures that do not match the
5566 restriction. For example:
5567 </para>
5568 <programlisting>Build-Depends: foo [!i386] | bar [!amd64]</programlisting>
5569 <para>
5570 is equivalent to <literal>bar</literal> on the i386 architecture,
5571 to <literal>foo</literal> on the amd64 architecture, and to
5572 <literal>foo | bar</literal> on all other architectures.
5573 </para>
5574 <para>
5575 Relationships may also be restricted to a certain set of
5576 architectures using architecture wildcards in the format described
5577 in <xref linkend="s-arch-wildcard-spec"/>. The syntax for
5578 declaring such restrictions is the same as declaring restrictions
5579 using a certain set of architectures without architecture
5580 wildcards. For example:
5581 </para>
5582 <programlisting>Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]</programlisting>
5583 <para>
5584 is equivalent to <literal>foo</literal> on architectures using the
5585 Linux kernel and any cpu, <literal>bar</literal> on architectures
5586 using any kernel and an i386 cpu, and <literal>baz</literal> on
5587 any architecture using a kernel other than Linux.
5588 </para>
5589 <para>
5590 Note that the binary package relationship fields such as
5591 <literal>Depends</literal> appear in one of the binary package
5592 sections of the control file, whereas the build-time relationships
5593 such as <literal>Build-Depends</literal> appear in the source
5594 package section of the control file (which is the first section).
5595 </para>
5596 </section>
5598 <section id="s-binarydeps">
5599 <title>
5600 Binary Dependencies - <literal>Depends</literal>,
5601 <literal>Recommends</literal>, <literal>Suggests</literal>,
5602 <literal>Enhances</literal>, <literal>Pre-Depends</literal>
5603 </title>
5604 <para>
5605 Packages can declare in their control file that they have certain
5606 relationships to other packages - for example, that they may not
5607 be installed at the same time as certain other packages, and/or
5608 that they depend on the presence of others.
5609 </para>
5610 <para>
5611 This is done using the <literal>Depends</literal>,
5612 <literal>Pre-Depends</literal>, <literal>Recommends</literal>,
5613 <literal>Suggests</literal>, <literal>Enhances</literal>,
5614 <literal>Breaks</literal> and <literal>Conflicts</literal> control
5615 fields. <literal>Breaks</literal> is described in <xref
5616 linkend="s-breaks"/>, and <literal>Conflicts</literal> is
5617 described in <xref linkend="s-conflicts"/>. The rest are
5618 described below.
5619 </para>
5620 <para>
5621 These seven fields are used to declare a dependency relationship
5622 by one package on another. Except for <literal>Enhances</literal>
5623 and <literal>Breaks</literal>, they appear in the depending
5624 (binary) package's control file. (<literal>Enhances</literal>
5625 appears in the recommending package's control file, and
5626 <literal>Breaks</literal> appears in the version of depended-on
5627 package which causes the named package to break).
5628 </para>
5629 <para>
5630 A <literal>Depends</literal> field takes effect
5631 <emphasis>only</emphasis> when a package is to be configured. It
5632 does not prevent a package being on the system in an unconfigured
5633 state while its dependencies are unsatisfied, and it is possible
5634 to replace a package whose dependencies are satisfied and which is
5635 properly installed with a different version whose dependencies are
5636 not and cannot be satisfied; when this is done the depending
5637 package will be left unconfigured (since attempts to configure it
5638 will give errors) and will not function properly. If it is
5639 necessary, a <literal>Pre-Depends</literal> field can be used,
5640 which has a partial effect even when a package is being unpacked,
5641 as explained in detail below. (The other three dependency fields,
5642 <literal>Recommends</literal>, <literal>Suggests</literal> and
5643 <literal>Enhances</literal>, are only used by the various
5644 front-ends to <command>dpkg</command> such as
5645 <command>apt-get</command>, <command>aptitude</command>, and
5646 <command>dselect</command>.)
5647 </para>
5648 <para>
5649 Since <literal>Depends</literal> only places requirements on the
5650 order in which packages are configured, packages in an
5651 installation run are usually all unpacked first and all configured
5652 later.
5653 <footnote>
5654 <para>
5655 This approach makes dependency resolution easier. If two
5656 packages A and B are being upgraded, the installed package A
5657 depends on exactly the installed package B, and the new
5658 package A depends on exactly the new package B (a common
5659 situation when upgrading shared libraries and their
5660 corresponding development packages), satisfying the
5661 dependencies at every stage of the upgrade would be
5662 impossible. This relaxed restriction means that both new
5663 packages can be unpacked together and then configured in their
5664 dependency order.
5665 </para>
5666 </footnote>
5667 </para>
5668 <para>
5669 If there is a circular dependency among packages being installed
5670 or removed, installation or removal order honoring the dependency
5671 order is impossible, requiring the dependency loop be broken at
5672 some point and the dependency requirements violated for at least
5673 one package. Packages involved in circular dependencies may not
5674 be able to rely on their dependencies being configured before they
5675 themselves are configured, depending on which side of the break of
5676 the circular dependency loop they happen to be on. If one of the
5677 packages in the loop has no <command>postinst</command> script,
5678 then the cycle will be broken at that package; this ensures that
5679 all <command>postinst</command> scripts are run with their
5680 dependencies properly configured if this is possible. Otherwise
5681 the breaking point is arbitrary. Packages should therefore avoid
5682 circular dependencies where possible, particularly if they have
5683 <command>postinst</command> scripts.
5684 </para>
5685 <para>
5686 The meaning of the five dependency fields is as follows:
5687 </para>
5688 <variablelist>
5689 <varlistentry>
5690 <term><literal>Depends</literal></term>
5691 <listitem>
5692 <para>
5693 This declares an absolute dependency. A package will not be
5694 configured unless all of the packages listed in its
5695 <literal>Depends</literal> field have been correctly
5696 configured (unless there is a circular dependency as
5697 described above).
5698 </para>
5699 <para>
5700 The <literal>Depends</literal> field should be used if the
5701 depended-on package is required for the depending package to
5702 provide a significant amount of functionality.
5703 </para>
5704 <para>
5705 The <literal>Depends</literal> field should also be used if
5706 the <command>postinst</command> or <command>prerm</command>
5707 scripts require the depended-on package to be unpacked or
5708 configured in order to run. In the case of
5709 <literal>postinst configure</literal>, the depended-on
5710 packages will be unpacked and configured first. (If both
5711 packages are involved in a dependency loop, this might not
5712 work as expected; see the explanation a few paragraphs
5713 back.) In the case of <command>prerm</command> or other
5714 <command>postinst</command> actions, the package
5715 dependencies will normally be at least unpacked, but they
5716 may be only "Half-Installed" if a previous upgrade of the
5717 dependency failed.
5718 </para>
5719 <para>
5720 Finally, the <literal>Depends</literal> field should be used
5721 if the depended-on package is needed by the
5722 <command>postrm</command> script to fully clean up after the
5723 package removal. There is no guarantee that package
5724 dependencies will be available when
5725 <command>postrm</command> is run, but the depended-on
5726 package is more likely to be available if the package
5727 declares a dependency (particularly in the case of
5728 <literal>postrm remove</literal>). The
5729 <command>postrm</command> script must gracefully skip
5730 actions that require a dependency if that dependency isn't
5731 available.
5732 </para>
5733 </listitem>
5734 </varlistentry>
5735 <varlistentry>
5736 <term><literal>Recommends</literal></term>
5737 <listitem>
5738 <para>
5739 This declares a strong, but not absolute, dependency.
5740 </para>
5741 <para>
5742 The <literal>Recommends</literal> field should list packages
5743 that would be found together with this one in all but
5744 unusual installations.
5745 </para>
5746 </listitem>
5747 </varlistentry>
5748 <varlistentry>
5749 <term><literal>Suggests</literal></term>
5750 <listitem>
5751 <para>
5752 This is used to declare that one package may be more useful
5753 with one or more others. Using this field tells the
5754 packaging system and the user that the listed packages are
5755 related to this one and can perhaps enhance its usefulness,
5756 but that installing this one without them is perfectly
5757 reasonable.
5758 </para>
5759 </listitem>
5760 </varlistentry>
5761 <varlistentry>
5762 <term><literal>Enhances</literal></term>
5763 <listitem>
5764 <para>
5765 This field is similar to Suggests but works in the opposite
5766 direction. It is used to declare that a package can enhance
5767 the functionality of another package.
5768 </para>
5769 </listitem>
5770 </varlistentry>
5771 <varlistentry>
5772 <term><literal>Pre-Depends</literal></term>
5773 <listitem>
5774 <para>
5775 This field is like <literal>Depends</literal>, except that
5776 it also forces <command>dpkg</command> to complete
5777 installation of the packages named before even starting the
5778 installation of the package which declares the
5779 pre-dependency, as follows:
5780 </para>
5781 <para>
5782 When a package declaring a pre-dependency is about to be
5783 <emphasis>unpacked</emphasis> the pre-dependency can be
5784 satisfied if the depended-on package is either fully
5785 configured, <emphasis>or even if</emphasis> the depended-on
5786 package(s) are only in the "Unpacked" or the
5787 "Half-Configured" state, provided that they have been
5788 configured correctly at some point in the past (and not
5789 removed or partially removed since). In this case, both the
5790 previously-configured and currently "Unpacked" or
5791 "Half-Configured" versions must satisfy any version clause
5792 in the <literal>Pre-Depends</literal> field.
5793 </para>
5794 <para>
5795 When the package declaring a pre-dependency is about to be
5796 <emphasis>configured</emphasis>, the pre-dependency will be
5797 treated as a normal <literal>Depends</literal>. It will be
5798 considered satisfied only if the depended-on package has
5799 been correctly configured. However, unlike with
5800 <literal>Depends</literal>, <literal>Pre-Depends</literal>
5801 does not permit circular dependencies to be broken. If a
5802 circular dependency is encountered while attempting to honor
5803 <literal>Pre-Depends</literal>, the installation will be
5804 aborted.
5805 </para>
5806 <para>
5807 <literal>Pre-Depends</literal> are also required if the
5808 <command>preinst</command> script depends on the named
5809 package. It is best to avoid this situation if possible.
5810 </para>
5811 <para>
5812 <literal>Pre-Depends</literal> should be used sparingly,
5813 preferably only by packages whose premature upgrade or
5814 installation would hamper the ability of the system to
5815 continue with any upgrade that might be in progress.
5816 </para>
5817 <para>
5818 You should not specify a <literal>Pre-Depends</literal>
5819 entry for a package before this has been discussed on the
5820 <literal>debian-devel</literal> mailing list and a consensus
5821 about doing that has been reached. See <xref
5822 linkend="s-dependencies"/>.
5823 </para>
5824 </listitem>
5825 </varlistentry>
5826 </variablelist>
5827 <para>
5828 When selecting which level of dependency to use you should
5829 consider how important the depended-on package is to the
5830 functionality of the one declaring the dependency. Some packages
5831 are composed of components of varying degrees of importance. Such
5832 a package should list using <literal>Depends</literal> the
5833 package(s) which are required by the more important components.
5834 The other components' requirements may be mentioned as Suggestions
5835 or Recommendations, as appropriate to the components' relative
5836 importance.
5837 </para>
5838 </section>
5840 <section id="s-breaks">
5841 <title>
5842 Packages which break other packages - <literal>Breaks</literal>
5843 </title>
5845 <para>
5846 When one binary package declares that it breaks another,
5847 <command>dpkg</command> will refuse to allow the package which
5848 declares <literal>Breaks</literal> to be unpacked unless the
5849 broken package is deconfigured first, and it will refuse to allow
5850 the broken package to be reconfigured.
5851 </para>
5852 <para>
5853 A package will not be regarded as causing breakage merely because
5854 its configuration files are still installed; it must be at least
5855 "Half-Installed".
5856 </para>
5857 <para>
5858 A special exception is made for packages which declare that they
5859 break their own package name or a virtual package which they
5860 provide (see below): this does not count as a real breakage.
5861 </para>
5862 <para>
5863 Normally a <literal>Breaks</literal> entry will have an "earlier
5864 than" version clause; such a <literal>Breaks</literal> is
5865 introduced in the version of an (implicit or explicit) dependency
5866 which violates an assumption or reveals a bug in earlier versions
5867 of the broken package, or which takes over a file from earlier
5868 versions of the package named in <literal>Breaks</literal>. This
5869 use of <literal>Breaks</literal> will inform higher-level package
5870 management tools that the broken package must be upgraded before
5871 the new one.
5872 </para>
5873 <para>
5874 If the breaking package also overwrites some files from the older
5875 package, it should use <literal>Replaces</literal> to ensure this
5876 goes smoothly. See <xref linkend="s-replaces"/> for a full
5877 discussion of taking over files from other packages, including how
5878 to use <literal>Breaks</literal> in those cases.
5879 </para>
5880 <para>
5881 Many of the cases where <literal>Breaks</literal> should be used
5882 were previously handled with <literal>Conflicts</literal> because
5883 <literal>Breaks</literal> did not yet exist. Many
5884 <literal>Conflicts</literal> fields should now be
5885 <literal>Breaks</literal>. See <xref linkend="s-conflicts"/> for
5886 more information about the differences.
5887 </para>
5888 </section>
5890 <section id="s-conflicts">
5891 <title>Conflicting binary packages - <literal>Conflicts</literal></title>
5893 <para>
5894 When one binary package declares a conflict with another using a
5895 <literal>Conflicts</literal> field, <command>dpkg</command> will
5896 refuse to allow them to be unpacked on the system at the same
5897 time. This is a stronger restriction than
5898 <literal>Breaks</literal>, which prevents the broken package from
5899 being configured while the breaking package is in the "Unpacked"
5900 state but allows both packages to be unpacked at the same time.
5901 </para>
5902 <para>
5903 If one package is to be unpacked, the other must be removed first.
5904 If the package being unpacked is marked as replacing (see <xref
5905 linkend="s-replaces"/>, but note that <literal>Breaks</literal>
5906 should normally be used in this case) the one on the system, or
5907 the one on the system is marked as deselected, or both packages
5908 are marked <literal>Essential</literal>, then
5909 <command>dpkg</command> will automatically remove the package
5910 which is causing the conflict. Otherwise, it will halt the
5911 installation of the new package with an error. This mechanism is
5912 specifically designed to produce an error when the installed
5913 package is <literal>Essential</literal>, but the new package is
5914 not.
5915 </para>
5916 <para>
5917 A package will not cause a conflict merely because its
5918 configuration files are still installed; it must be at least
5919 "Half-Installed".
5920 </para>
5921 <para>
5922 A special exception is made for packages which declare a conflict
5923 with their own package name, or with a virtual package which they
5924 provide (see below): this does not prevent their installation,
5925 and allows a package to conflict with others providing a
5926 replacement for it. You use this feature when you want the
5927 package in question to be the only package providing some feature.
5928 </para>
5929 <para>
5930 Normally, <literal>Breaks</literal> should be used instead of
5931 <literal>Conflicts</literal> since <literal>Conflicts</literal>
5932 imposes a stronger restriction on the ordering of package
5933 installation or upgrade and can make it more difficult for the
5934 package manager to find a correct solution to an upgrade or
5935 installation problem. <literal>Breaks</literal> should be used
5936 </para>
5937 <itemizedlist>
5938 <listitem>
5939 <para>
5940 when moving a file from one package to another (see <xref
5941 linkend="s-replaces"/>),
5942 </para>
5943 </listitem>
5944 <listitem>
5945 <para>
5946 when splitting a package (a special case of the previous one),
5947 or
5948 </para>
5949 </listitem>
5950 <listitem>
5951 <para>
5952 when the breaking package exposes a bug in or interacts badly
5953 with particular versions of the broken package.
5954 </para>
5955 </listitem>
5956 </itemizedlist>
5957 <para>
5958 <literal>Conflicts</literal> should be used
5959 </para>
5960 <itemizedlist>
5961 <listitem>
5962 <para>
5963 when two packages provide the same file and will continue to
5964 do so,
5965 </para>
5966 </listitem>
5967 <listitem>
5968 <para>
5969 in conjunction with <literal>Provides</literal> when only one
5970 package providing a given virtual facility may be unpacked at
5971 a time (see <xref linkend="s-virtual"/>),
5972 </para>
5973 </listitem>
5974 <listitem>
5975 <para>
5976 in other cases where one must prevent simultaneous
5977 installation of two packages for reasons that are ongoing (not
5978 fixed in a later version of one of the packages) or that must
5979 prevent both packages from being unpacked at the same time,
5980 not just configured.
5981 </para>
5982 </listitem>
5983 </itemizedlist>
5984 <para>
5985 Be aware that adding <literal>Conflicts</literal> is normally not
5986 the best solution when two packages provide the same files.
5987 Depending on the reason for that conflict, using alternatives or
5988 renaming the files is often a better approach. See, for example,
5989 <xref linkend="s-binaries"/>.
5990 </para>
5991 <para>
5992 Neither <literal>Breaks</literal> nor <literal>Conflicts</literal>
5993 should be used unless two packages cannot be installed at the same
5994 time or installing them both causes one of them to be broken or
5995 unusable. Having similar functionality or performing the same
5996 tasks as another package is not sufficient reason to declare
5997 <literal>Breaks</literal> or <literal>Conflicts</literal> with
5998 that package.
5999 </para>
6000 <para>
6001 A <literal>Conflicts</literal> entry may have an "earlier than"
6002 version clause if the reason for the conflict is corrected in a
6003 later version of one of the packages. However, normally the
6004 presence of an "earlier than" version clause is a sign that
6005 <literal>Breaks</literal> should have been used instead. An
6006 "earlier than" version clause in <literal>Conflicts</literal>
6007 prevents <command>dpkg</command> from upgrading or installing the
6008 package which declares such a conflict until the upgrade or
6009 removal of the conflicted-with package has been completed, which
6010 is a strong restriction.
6011 </para>
6012 </section>
6014 <section id="s-virtual">
6015 <title>Virtual packages - <literal>Provides</literal></title>
6017 <para>
6018 As well as the names of actual ("concrete") packages, the package
6019 relationship fields <literal>Depends</literal>,
6020 <literal>Recommends</literal>, <literal>Suggests</literal>,
6021 <literal>Enhances</literal>, <literal>Pre-Depends</literal>,
6022 <literal>Breaks</literal>, <literal>Conflicts</literal>,
6023 <literal>Build-Depends</literal>,
6024 <literal>Build-Depends-Indep</literal>,
6025 <literal>Build-Depends-Arch</literal>,
6026 <literal>Build-Conflicts</literal>,
6027 <literal>Build-Conflicts-Indep</literal> and
6028 <literal>Build-Conflicts-Arch</literal> may mention "virtual
6029 packages".
6030 </para>
6031 <para>
6032 A <emphasis>virtual package</emphasis> is one which appears in the
6033 <literal>Provides</literal> control field of another package. The
6034 effect is as if the package(s) which provide a particular virtual
6035 package name had been listed by name everywhere the virtual
6036 package name appears. (See also <xref linkend="s-virtual-pkg"/>)
6037 </para>
6038 <para>
6039 If there are both concrete and virtual packages of the same name,
6040 then the dependency may be satisfied (or the conflict caused) by
6041 either the concrete package with the name in question or any other
6042 concrete package which provides the virtual package with the name
6043 in question. This is so that, for example, supposing we have
6044 </para>
6045 <programlisting>
6046 Package: foo
6047 Depends: bar</programlisting>
6048 <para>
6049 and someone else releases an enhanced version of the
6050 <literal>bar</literal> package they can say:
6051 </para>
6052 <programlisting>
6053 Package: bar-plus
6054 Provides: bar</programlisting>
6055 <para>
6056 and the <literal>bar-plus</literal> package will now also satisfy
6057 the dependency for the <literal>foo</literal> package.
6058 </para>
6059 <para>
6060 If a relationship field has a version number attached, only real
6061 packages will be considered to see whether the relationship is
6062 satisfied (or the prohibition violated, for a conflict or
6063 breakage). In other words, if a version number is specified, this
6064 is a request to ignore all <literal>Provides</literal> for that
6065 package name and consider only real packages. The package manager
6066 will assume that a package providing that virtual package is not
6067 of the "right" version. A <literal>Provides</literal> field may
6068 not contain version numbers, and the version number of the
6069 concrete package which provides a particular virtual package will
6070 not be considered when considering a dependency on or conflict
6071 with the virtual package name.
6072 <footnote>
6073 <para>
6074 It is possible that a future release of
6075 <command>dpkg</command> may add the ability to specify a
6076 version number for each virtual package it provides. This
6077 feature is not yet present, however, and is expected to be
6078 used only infrequently.
6079 </para>
6080 </footnote>
6081 </para>
6082 <para>
6083 To specify which of a set of real packages should be the default
6084 to satisfy a particular dependency on a virtual package, list the
6085 real package as an alternative before the virtual one.
6086 </para>
6087 <para>
6088 If the virtual package represents a facility that can only be
6089 provided by one real package at a time, such as the <systemitem
6090 role="package">mail-transport-agent</systemitem> virtual package
6091 that requires installation of a binary that would conflict with
6092 all other providers of that virtual package (see <xref
6093 linkend="s-mail-transport-agents"/>), all packages providing that
6094 virtual package should also declare a conflict with it using
6095 <literal>Conflicts</literal>. This will ensure that at most one
6096 provider of that virtual package is unpacked or installed at a
6097 time.
6098 </para>
6099 </section>
6101 <section id="s-replaces">
6102 <title>
6103 Overwriting files and replacing packages -
6104 <literal>Replaces</literal>
6105 </title>
6107 <para>
6108 Packages can declare in their control file that they should
6109 overwrite files in certain other packages, or completely replace
6110 other packages. The <literal>Replaces</literal> control field has
6111 these two distinct purposes.
6112 </para>
6114 <section id="s7.6.1">
6115 <title>Overwriting files in other packages</title>
6117 <para>
6118 It is usually an error for a package to contain files which are
6119 on the system in another package. However, if the overwriting
6120 package declares that it <literal>Replaces</literal> the one
6121 containing the file being overwritten, then
6122 <command>dpkg</command> will replace the file from the old
6123 package with that from the new. The file will no longer be
6124 listed as "owned" by the old package and will be taken over by
6125 the new package. Normally, <literal>Breaks</literal> should be
6126 used in conjunction with <literal>Replaces</literal>.
6127 <footnote>
6128 <para>
6129 To see why <literal>Breaks</literal> is normally needed in
6130 addition to <literal>Replaces</literal>, consider the case
6131 of a file in the package <systemitem
6132 role="package">foo</systemitem> being taken over by the
6133 package <systemitem role="package">foo-data</systemitem>.
6134 <literal>Replaces</literal> will allow <systemitem
6135 role="package">foo-data</systemitem> to be installed and
6136 take over that file. However, without
6137 <literal>Breaks</literal>, nothing requires <systemitem
6138 role="package">foo</systemitem> to be upgraded to a newer
6139 version that knows it does not include that file and instead
6140 depends on <systemitem role="package">foo-data</systemitem>.
6141 Nothing would prevent the new <systemitem
6142 role="package">foo-data</systemitem> package from being
6143 installed and then removed, removing the file that it took
6144 over from <systemitem role="package">foo</systemitem>.
6145 After that operation, the package manager would think the
6146 system was in a consistent state, but the <systemitem
6147 role="package">foo</systemitem> package would be missing one
6148 of its files.
6149 </para>
6150 </footnote>
6151 </para>
6152 <para>
6153 For example, if a package <systemitem
6154 role="package">foo</systemitem> is split into <systemitem
6155 role="package">foo</systemitem> and <systemitem
6156 role="package">foo-data</systemitem> starting at version 1.2-3,
6157 <systemitem role="package">foo-data</systemitem> would have the
6158 fields
6159 </para>
6160 <programlisting>
6161 Replaces: foo (<< 1.2-3)
6162 Breaks: foo (<< 1.2-3)</programlisting>
6163 <para>
6164 in its control file. The new version of the package <systemitem
6165 role="package">foo</systemitem> would normally have the field
6166 </para>
6167 <programlisting>
6168 Depends: foo-data (>= 1.2-3)</programlisting>
6169 <para>
6170 (or possibly <literal>Recommends</literal> or even
6171 <literal>Suggests</literal> if the files moved into <systemitem
6172 role="package">foo-data</systemitem> are not required for normal
6173 operation).
6174 </para>
6175 <para>
6176 If a package is completely replaced in this way, so that
6177 <command>dpkg</command> does not know of any files it still
6178 contains, it is considered to have "disappeared". It will be
6179 marked as not wanted on the system (selected for removal) and
6180 "Not-Installed". Any <literal>conffile</literal>s details noted
6181 for the package will be ignored, as they will have been taken
6182 over by the overwriting package. The package's
6183 <command>postrm</command> script will be run with a special
6184 argument to allow the package to do any final cleanup required.
6185 See <xref linkend="s-mscriptsinstact"/>.
6186 <footnote>
6187 <para>
6188 Replaces is a one way relationship. You have to install the
6189 replacing package after the replaced package.
6190 </para>
6191 </footnote>
6192 </para>
6193 <para>
6194 For this usage of <literal>Replaces</literal>, virtual packages
6195 (see <xref linkend="s-virtual"/>) are not considered when
6196 looking at a <literal>Replaces</literal> field. The packages
6197 declared as being replaced must be mentioned by their real
6198 names.
6199 </para>
6200 <para>
6201 This usage of <literal>Replaces</literal> only takes effect when
6202 both packages are at least partially on the system at once. It
6203 is not relevant if the packages conflict unless the conflict has
6204 been overridden.
6205 </para>
6206 </section>
6208 <section id="s7.6.2">
6209 <title>Replacing whole packages, forcing their removal</title>
6211 <para>
6212 Second, <literal>Replaces</literal> allows the packaging system
6213 to resolve which package should be removed when there is a
6214 conflict (see <xref linkend="s-conflicts"/>). This usage only
6215 takes effect when the two packages <emphasis>do</emphasis>
6216 conflict, so that the two usages of this field do not interfere
6217 with each other.
6218 </para>
6219 <para>
6220 In this situation, the package declared as being replaced can be
6221 a virtual package, so for example, all mail transport agents
6222 (MTAs) would have the following fields in their control files:
6223 </para>
6224 <programlisting>
6225 Provides: mail-transport-agent
6226 Conflicts: mail-transport-agent
6227 Replaces: mail-transport-agent</programlisting>
6228 <para>
6229 ensuring that only one MTA can be unpacked at any one time. See
6230 <xref linkend="s-virtual"/> for more information about this
6231 example.
6232 </para>
6233 </section>
6234 </section>
6236 <section id="s-sourcebinarydeps">
6237 <title>
6238 Relationships between source and binary packages -
6239 <literal>Build-Depends</literal>,
6240 <literal>Build-Depends-Indep</literal>,
6241 <literal>Build-Depends-Arch</literal>,
6242 <literal>Build-Conflicts</literal>,
6243 <literal>Build-Conflicts-Indep</literal>,
6244 <literal>Build-Conflicts-Arch</literal>
6245 </title>
6246 <para>
6247 Source packages that require certain binary packages to be
6248 installed or absent at the time of building the package can
6249 declare relationships to those binary packages.
6250 </para>
6251 <para>
6252 This is done using the <literal>Build-Depends</literal>,
6253 <literal>Build-Depends-Indep</literal>,
6254 <literal>Build-Depends-Arch</literal>,
6255 <literal>Build-Conflicts</literal>,
6256 <literal>Build-Conflicts-Indep</literal> and
6257 <literal>Build-Conflicts-Arch</literal> control fields.
6258 </para>
6259 <para>
6260 Build-dependencies on "build-essential" binary packages can be
6261 omitted. Please see <xref linkend="s-pkg-relations"/> for more
6262 information.
6263 </para>
6264 <para>
6265 The dependencies and conflicts they define must be satisfied (as
6266 defined earlier for binary packages) in order to invoke the
6267 targets in <literal>debian/rules</literal>, as follows:
6268 </para>
6269 <variablelist>
6270 <varlistentry>
6271 <term><literal>clean</literal></term>
6272 <listitem>
6273 <para>
6274 Only the <literal>Build-Depends</literal> and
6275 <literal>Build-Conflicts</literal> fields must be satisfied
6276 when this target is invoked.
6277 </para>
6278 </listitem>
6279 </varlistentry>
6280 <varlistentry>
6281 <term>
6282 <literal>build-arch</literal>, and
6283 <literal>binary-arch</literal>
6284 </term>
6285 <listitem>
6286 <para>
6287 The <literal>Build-Depends</literal>,
6288 <literal>Build-Conflicts</literal>,
6289 <literal>Build-Depends-Arch</literal>, and
6290 <literal>Build-Conflicts-Arch</literal> fields must be
6291 satisfied when these targets are invoked.
6292 </para>
6293 </listitem>
6294 </varlistentry>
6295 <varlistentry>
6296 <term>
6297 <literal>build-indep</literal>, and
6298 <literal>binary-indep</literal>
6299 </term>
6300 <listitem>
6301 <para>
6302 The <literal>Build-Depends</literal>,
6303 <literal>Build-Conflicts</literal>,
6304 <literal>Build-Depends-Indep</literal>, and
6305 <literal>Build-Conflicts-Indep</literal> fields must be
6306 satisfied when these targets are invoked.
6307 </para>
6308 </listitem>
6309 </varlistentry>
6310 <varlistentry>
6311 <term>
6312 <literal>build</literal> and <literal>binary</literal>
6313 </term>
6314 <listitem>
6315 <para>
6316 The <literal>Build-Depends</literal>,
6317 <literal>Build-Conflicts</literal>,
6318 <literal>Build-Depends-Indep</literal>,
6319 <literal>Build-Conflicts-Indep</literal>,
6320 <literal>Build-Depends-Arch</literal>, and
6321 <literal>Build-Conflicts-Arch</literal> fields must be
6322 satisfied when these targets are invoked.
6323 </para>
6324 </listitem>
6325 </varlistentry>
6326 </variablelist>
6327 </section>
6329 <section id="s-built-using">
6330 <title>
6331 Additional source packages used to build the binary -
6332 <literal>Built-Using</literal>
6333 </title>
6334 <para>
6335 Some binary packages incorporate parts of other packages when
6336 built but do not have to depend on those packages. Examples
6337 include linking with static libraries or incorporating source code
6338 from another package during the build. In this case, the source
6339 packages of those other packages are a required part of the
6340 complete source (the binary package is not reproducible without
6341 them).
6342 </para>
6343 <para>
6344 A <literal>Built-Using</literal> field must list the corresponding
6345 source package for any such binary package incorporated during the
6346 build,
6347 <footnote>
6348 <para>
6349 <literal>Build-Depends</literal> in the source package is not
6350 adequate since it (rightfully) does not document the exact
6351 version used in the build.
6352 </para>
6353 </footnote>
6354 including an "exactly equal" ("=") version relation on the version
6355 that was used to build that binary package.
6356 <footnote>
6357 <para>
6358 The archive software might reject packages that refer to
6359 non-existent sources.
6360 </para>
6361 </footnote>
6362 </para>
6363 <para>
6364 A package using the source code from the gcc-4.6-source binary
6365 package built from the gcc-4.6 source package would have this
6366 field in its control file:
6367 </para>
6368 <programlisting>Built-Using: gcc-4.6 (= 4.6.0-11)</programlisting>
6369 <para>
6370 A package including binaries from grub2 and loadlin would have
6371 this field in its control file:
6372 </para>
6373 <programlisting>Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)</programlisting>
6374 </section>
6375 </chapter>
6377 <chapter id="ch-sharedlibs">
6378 <title>Shared libraries</title>
6380 <para>
6381 Packages containing shared libraries must be constructed with a
6382 little care to make sure that the shared library is always
6383 available. This is especially important for packages whose shared
6384 libraries are vitally important, such as the C library (currently
6385 <literal>libc6</literal>).
6386 </para>
6387 <para>
6388 This section deals only with public shared libraries: shared
6389 libraries that are placed in directories searched by the dynamic
6390 linker by default or which are intended to be linked against
6391 normally and possibly used by other, independent packages. Shared
6392 libraries that are internal to a particular package or that are only
6393 loaded as dynamic modules are not covered by this section and are
6394 not subject to its requirements.
6395 </para>
6396 <para>
6397 A shared library is identified by the <literal>SONAME</literal>
6398 attribute stored in its dynamic section. When a binary is linked
6399 against a shared library, the <literal>SONAME</literal> of the
6400 shared library is recorded in the binary's <literal>NEEDED</literal>
6401 section so that the dynamic linker knows that library must be loaded
6402 at runtime. The shared library file's full name (which usually
6403 contains additional version information not needed in the
6404 <literal>SONAME</literal>) is therefore normally not referenced
6405 directly. Instead, the shared library is loaded by its
6406 <literal>SONAME</literal>, which exists on the file system as a
6407 symlink pointing to the full name of the shared library. This
6408 symlink must be provided by the package. <xref
6409 linkend="s-sharedlibs-runtime"/> describes how to do this.
6410 <footnote>
6411 <para>
6412 This is a convention of shared library versioning, but not a
6413 requirement. Some libraries use the <literal>SONAME</literal>
6414 as the full library file name instead and therefore do not need
6415 a symlink. Most, however, encode additional information about
6416 backwards-compatible revisions as a minor version number in the
6417 file name. The <literal>SONAME</literal> itself only changes
6418 when binaries linked with the earlier version of the shared
6419 library may no longer work, but the filename may change with
6420 each release of the library. See <xref
6421 linkend="s-sharedlibs-runtime"/> for more information.
6422 </para>
6423 </footnote>
6424 </para>
6425 <para>
6426 When linking a binary or another shared library against a shared
6427 library, the <literal>SONAME</literal> for that shared library is
6428 not yet known. Instead, the shared library is found by looking for
6429 a file matching the library name with <literal>.so</literal>
6430 appended. This file exists on the file system as a symlink pointing
6431 to the shared library.
6432 </para>
6433 <para>
6434 Shared libraries are normally split into several binary packages.
6435 The <literal>SONAME</literal> symlink is installed by the runtime
6436 shared library package, and the bare <literal>.so</literal> symlink
6437 is installed in the development package since it's only used when
6438 linking binaries or shared libraries. However, there are some
6439 exceptions for unusual shared libraries or for shared libraries that
6440 are also loaded as dynamic modules by other programs.
6441 </para>
6442 <para>
6443 This section is primarily concerned with how the separation of
6444 shared libraries into multiple packages should be done and how
6445 dependencies on and between shared library binary packages are
6446 managed in Debian. <xref linkend="s-libraries"/> should be read in
6447 conjunction with this section and contains additional rules for the
6448 files contained in the shared library packages.
6449 </para>
6451 <section id="s-sharedlibs-runtime">
6452 <title>Run-time shared libraries</title>
6454 <para>
6455 The run-time shared library must be placed in a package whose name
6456 changes whenever the <literal>SONAME</literal> of the shared
6457 library changes. This allows several versions of the shared
6458 library to be installed at the same time, allowing installation of
6459 the new version of the shared library without immediately breaking
6460 binaries that depend on the old version. Normally, the run-time
6461 shared library and its <literal>SONAME</literal> symlink should be
6462 placed in a package named <systemitem
6463 role="package"><replaceable>libraryname</replaceable><replaceable>soversion</replaceable></systemitem>,
6464 where <replaceable>soversion</replaceable> is the version number
6465 in the <literal>SONAME</literal> of the shared library.
6466 Alternatively, if it would be confusing to directly append
6467 <replaceable>soversion</replaceable> to
6468 <replaceable>libraryname</replaceable> (if, for example,
6469 <replaceable>libraryname</replaceable> itself ends in a number),
6470 you should use <systemitem
6471 role="package"><replaceable>libraryname</replaceable>-<replaceable>soversion</replaceable></systemitem>
6472 instead.
6473 </para>
6474 <para>
6475 To determine the <replaceable>soversion</replaceable>, look at the
6476 <literal>SONAME</literal> of the library, stored in the ELF
6477 <literal>SONAME</literal> attribute. It is usually of the form
6478 <literal><replaceable>name</replaceable>.so.<replaceable>major-version</replaceable></literal>
6479 (for example, <literal>libz.so.1</literal>). The version part is
6480 the part which comes after <literal>.so.</literal>, so in that
6481 example it is <literal>1</literal>. The soname may instead be of
6482 the form
6483 <literal><replaceable>name</replaceable>-<replaceable>major-version</replaceable>.so</literal>,
6484 such as <literal>libdb-5.1.so</literal>, in which case the name
6485 would be <literal>libdb</literal> and the version would be
6486 <literal>5.1</literal>.
6487 </para>
6488 <para>
6489 If you have several shared libraries built from the same source
6490 tree, you may lump them all together into a single shared library
6491 package provided that all of their <literal>SONAME</literal>s will
6492 always change together. Be aware that this is not normally the
6493 case, and if the <literal>SONAME</literal>s do not change
6494 together, upgrading such a merged shared library package will be
6495 unnecessarily difficult because of file conflicts with the old
6496 version of the package. When in doubt, always split shared
6497 library packages so that each binary package installs a single
6498 shared library.
6499 </para>
6500 <para>
6501 Every time the shared library ABI changes in a way that may break
6502 binaries linked against older versions of the shared library, the
6503 <literal>SONAME</literal> of the library and the corresponding
6504 name for the binary package containing the runtime shared library
6505 should change. Normally, this means the <literal>SONAME</literal>
6506 should change any time an interface is removed from the shared
6507 library or the signature of an interface (the number of parameters
6508 or the types of parameters that it takes, for example) is changed.
6509 This practice is vital to allowing clean upgrades from older
6510 versions of the package and clean transitions between the old ABI
6511 and new ABI without having to upgrade every affected package
6512 simultaneously.
6513 </para>
6514 <para>
6515 The <literal>SONAME</literal> and binary package name need not,
6516 and indeed normally should not, change if new interfaces are added
6517 but none are removed or changed, since this will not break
6518 binaries linked against the old shared library. Correct
6519 versioning of dependencies on the newer shared library by binaries
6520 that use the new interfaces is handled via the <link
6521 linkend="s-sharedlibs-depends"><literal>symbols</literal> or
6522 <literal>shlibs</literal> system</link>.
6523 </para>
6524 <para>
6525 The package should install the shared libraries under their normal
6526 names. For example, the <systemitem
6527 role="package">libgdbm3</systemitem> package should install
6528 <filename>libgdbm.so.3.0.0</filename> as
6529 <filename>/usr/lib/libgdbm.so.3.0.0</filename>. The files should
6530 not be renamed or re-linked by any <command>prerm</command> or
6531 <command>postrm</command> scripts; <command>dpkg</command> will
6532 take care of renaming things safely without affecting running
6533 programs, and attempts to interfere with this are likely to lead
6534 to problems.
6535 </para>
6536 <para>
6537 Shared libraries should not be installed executable, since the
6538 dynamic linker does not require this and trying to execute a
6539 shared library usually results in a core dump.
6540 </para>
6541 <para>
6542 The run-time library package should include the symbolic link for
6543 the <literal>SONAME</literal> that <command>ldconfig</command>
6544 would create for the shared libraries. For example, the
6545 <systemitem role="package">libgdbm3</systemitem> package should
6546 include a symbolic link from
6547 <filename>/usr/lib/libgdbm.so.3</filename> to
6548 <filename>libgdbm.so.3.0.0</filename>. This is needed so that the
6549 dynamic linker (for example <command>ld.so</command> or
6550 <command>ld-linux.so.*</command>) can find the library between the
6551 time that <command>dpkg</command> installs it and the time that
6552 <command>ldconfig</command> is run in the
6553 <command>postinst</command> script.
6554 <footnote>
6555 <para>
6556 The package management system requires the library to be
6557 placed before the symbolic link pointing to it in the
6558 <filename>.deb</filename> file. This is so that when
6559 <command>dpkg</command> comes to install the symlink
6560 (overwriting the previous symlink pointing at an older version
6561 of the library), the new shared library is already in place.
6562 In the past, this was achieved by creating the library in the
6563 temporary packaging directory before creating the symlink.
6564 Unfortunately, this was not always effective, since the
6565 building of the tar file in the <filename>.deb</filename>
6566 depended on the behavior of the underlying file system. Some
6567 file systems (such as reiserfs) reorder the files so that the
6568 order of creation is forgotten. Since version 1.7.0,
6569 <command>dpkg</command> reorders the files itself as necessary
6570 when building a package. Thus it is no longer important to
6571 concern oneself with the order of file creation.
6572 </para>
6573 </footnote>
6574 </para>
6576 <section id="s-ldconfig">
6577 <title><literal>ldconfig</literal></title>
6579 <para>
6580 Any package installing shared libraries in one of the default
6581 library directories of the dynamic linker (which are currently
6582 <filename>/usr/lib</filename> and <filename>/lib</filename>) or
6583 a directory that is listed in
6584 <filename>/etc/ld.so.conf</filename>
6585 <footnote>
6586 <para>
6587 These are currently <filename>/usr/local/lib</filename> plus
6588 directories under <filename>/lib</filename> and
6589 <filename>/usr/lib</filename> matching the multiarch triplet
6590 for the system architecture.
6591 </para>
6592 </footnote>
6593 must use <command>ldconfig</command> to update the shared
6594 library system.
6595 </para>
6597 <para>
6598 Any such package must have the line
6599 <literal>activate-noawait ldconfig</literal> in its
6600 <literal>triggers</literal> control file
6601 (i.e. <filename>DEBIAN/triggers</filename>
6602 </para>
6603 </section>
6604 </section>
6606 <section id="s-sharedlibs-support-files">
6607 <title>Shared library support files</title>
6609 <para>
6610 If your package contains files whose names do not change with each
6611 change in the library shared object version, you must not put them
6612 in the shared library package. Otherwise, several versions of the
6613 shared library cannot be installed at the same time without
6614 filename clashes, making upgrades and transitions unnecessarily
6615 difficult.
6616 </para>
6617 <para>
6618 It is recommended that supporting files and run-time support
6619 programs that do not need to be invoked manually by users, but are
6620 nevertheless required for the package to function, be placed (if
6621 they are binary) in a subdirectory of
6622 <filename>/usr/lib</filename>, preferably under
6623 <filename>/usr/lib/</filename><replaceable>package-name</replaceable>.
6624 If the program or file is architecture independent, the
6625 recommendation is for it to be placed in a subdirectory of
6626 <filename>/usr/share</filename> instead, preferably under
6627 <filename>/usr/share/</filename><replaceable>package-name</replaceable>.
6628 Following the <replaceable>package-name</replaceable> naming
6629 convention ensures that the file names change when the shared
6630 object version changes.
6631 </para>
6632 <para>
6633 Run-time support programs that use the shared library but are not
6634 required for the library to function or files used by the shared
6635 library that can be used by any version of the shared library
6636 package should instead be put in a separate package. This package
6637 might typically be named <systemitem
6638 role="package"><replaceable>libraryname</replaceable>-tools</systemitem>;
6639 note the absence of the <replaceable>soversion</replaceable> in
6640 the package name.
6641 </para>
6642 <para>
6643 Files and support programs only useful when compiling software
6644 against the library should be included in the development package
6645 for the library.
6646 <footnote>
6647 <para>
6648 For example, a
6649 <filename><replaceable>package-name</replaceable>-config</filename>
6650 script or <systemitem role="package">pkg-config</systemitem>
6651 configuration files.
6652 </para>
6653 </footnote>
6654 </para>
6655 </section>
6657 <section id="s-sharedlibs-static">
6658 <title>Static libraries</title>
6660 <para>
6661 The static library
6662 (<filename><replaceable>libraryname.a</replaceable></filename>) is
6663 usually provided in addition to the shared version. It is placed
6664 into the development package (see below).
6665 </para>
6666 <para>
6667 In some cases, it is acceptable for a library to be available in
6668 static form only; these cases include:
6669 </para>
6670 <itemizedlist>
6671 <listitem>
6672 <para>
6673 libraries for languages whose shared library support is
6674 immature or unstable
6675 </para>
6676 </listitem>
6677 <listitem>
6678 <para>
6679 libraries whose interfaces are in flux or under development
6680 (commonly the case when the library's major version number is
6681 zero, or where the ABI breaks across patchlevels)
6682 </para>
6683 </listitem>
6684 <listitem>
6685 <para>
6686 libraries which are explicitly intended to be available only
6687 in static form by their upstream author(s)
6688 </para>
6689 </listitem>
6690 </itemizedlist>
6691 </section>
6693 <section id="s-sharedlibs-dev">
6694 <title>Development files</title>
6696 <para>
6697 If there are development files associated with a shared library,
6698 the source package needs to generate a binary development package
6699 named <systemitem
6700 role="package"><replaceable>libraryname</replaceable>-dev</systemitem>,
6701 or if you need to support multiple development versions at a time,
6702 <systemitem
6703 role="package"><replaceable>libraryname</replaceable><replaceable>apiversion</replaceable>-dev</systemitem>.
6704 Installing the development package must result in installation of
6705 all the development files necessary for compiling programs against
6706 that shared library.
6707 <footnote>
6708 <para>
6709 This wording allows the development files to be split into
6710 several packages, such as a separate architecture-independent
6711 <systemitem
6712 role="package"><replaceable>libraryname</replaceable>-headers</systemitem>,
6713 provided that the development package depends on all the
6714 required additional packages.
6715 </para>
6716 </footnote>
6717 </para>
6718 <para>
6719 In case several development versions of a library exist, you may
6720 need to use <command>dpkg</command>'s Conflicts mechanism (see
6721 <xref linkend="s-conflicts"/>) to ensure that the user only
6722 installs one development version at a time (as different
6723 development versions are likely to have the same header files in
6724 them, which would cause a filename clash if both were unpacked).
6725 </para>
6726 <para>
6727 The development package should contain a symlink for the
6728 associated shared library without a version number. For example,
6729 the <systemitem role="package">libgdbm-dev</systemitem> package
6730 should include a symlink from
6731 <filename>/usr/lib/libgdbm.so</filename> to
6732 <filename>libgdbm.so.3.0.0</filename>. This symlink is needed by
6733 the linker (<command>ld</command>) when compiling packages, as it
6734 will only look for <filename>libgdbm.so</filename> when compiling
6735 dynamically.
6736 </para>
6737 <para>
6738 If the package provides Ada Library Information
6739 (<filename>*.ali</filename>) files for use with GNAT, these files
6740 must be installed read-only (mode 0444) so that GNAT will not
6741 attempt to recompile them. This overrides the normal file mode
6742 requirements given in <xref linkend="s-permissions-owners"/>.
6743 </para>
6744 </section>
6746 <section id="s-sharedlibs-intradeps">
6747 <title>Dependencies between the packages of the same library</title>
6749 <para>
6750 Typically the development version should have an exact version
6751 dependency on the runtime library, to make sure that compilation
6752 and linking happens correctly. The
6753 <literal>${binary:Version}</literal> substitution variable can be
6754 useful for this purpose.
6755 <footnote>
6756 <para>
6757 Previously, <literal>${Source-Version}</literal> was used, but
6758 its name was confusing and it has been deprecated since dpkg
6759 1.13.19.
6760 </para>
6761 </footnote>
6762 </para>
6763 </section>
6765 <section id="s-sharedlibs-depends">
6766 <title>Dependencies between the library and other packages</title>
6768 <para>
6769 If a package contains a binary or library which links to a shared
6770 library, we must ensure that, when the package is installed on the
6771 system, all of the libraries needed are also installed. These
6772 dependencies must be added to the binary package when it is built,
6773 since they may change based on which version of a shared library
6774 the binary or library was linked with even if there are no changes
6775 to the source of the binary (for example, symbol versions change,
6776 macros become functions or vice versa, or the binary package may
6777 determine at compile-time whether new library interfaces are
6778 available and can be called). To allow these dependencies to be
6779 constructed, shared libraries must provide either a
6780 <filename>symbols</filename> file or a <filename>shlibs</filename>
6781 file. These provide information on the package dependencies
6782 required to ensure the presence of interfaces provided by this
6783 library. Any package with binaries or libraries linking to a
6784 shared library must use these files to determine the required
6785 dependencies when it is built. Other packages which use a shared
6786 library (for example using <literal>dlopen()</literal>) should
6787 compute appropriate dependencies using these files at build time
6788 as well.
6789 </para>
6790 <para>
6791 The two mechanisms differ in the degree of detail that they
6792 provide. A <filename>symbols</filename> file documents, for each
6793 symbol exported by a library, the minimal version of the package
6794 any binary using this symbol will need. This is typically the
6795 version of the package in which the symbol was introduced. This
6796 information permits detailed analysis of the symbols used by a
6797 particular package and construction of an accurate dependency, but
6798 it requires the package maintainer to track more information about
6799 the shared library.
6800 </para>
6801 <para>
6802 A <filename>shlibs</filename> file, in contrast, only documents
6803 the last time the library ABI changed in any way. It only
6804 provides information about the library as a whole, not individual
6805 symbols. When a package is built using a shared library with only
6806 a <filename>shlibs</filename> file, the generated dependency will
6807 require a version of the shared library equal to or newer than the
6808 version of the last ABI change. This generates unnecessarily
6809 restrictive dependencies compared to <filename>symbols</filename>
6810 files if none of the symbols used by the package have changed.
6811 This, in turn, may make upgrades needlessly complex and
6812 unnecessarily restrict use of the package on systems with older
6813 versions of the shared libraries.
6814 </para>
6815 <para>
6816 <filename>shlibs</filename> files also only support a limited
6817 range of library SONAMEs, making it difficult to use
6818 <filename>shlibs</filename> files in some unusual corner
6819 cases.
6820 <footnote>
6821 <para>
6822 A <filename>shlibs</filename> file represents an SONAME as a
6823 library name and version number, such as <literal>libfoo
6824 VERSION</literal>, instead of recording the actual SONAME. If
6825 the SONAME doesn't match one of the two expected formats
6826 (<literal>libfoo-VERSION.so</literal> or
6827 <literal>libfoo.so.VERSION</literal>), it cannot be
6828 represented.
6829 </para>
6830 </footnote>
6831 </para>
6832 <para>
6833 <filename>symbols</filename> files are therefore recommended for
6834 most shared library packages since they provide more accurate
6835 dependencies. For most C libraries, the additional detail
6836 required by <filename>symbols</filename> files is not too
6837 difficult to maintain. However, maintaining exhaustive symbols
6838 information for a C++ library can be quite onerous, so
6839 <filename>shlibs</filename> files may be more appropriate for most
6840 C++ libraries. Libraries with a corresponding udeb must also
6841 provide a <filename>shlibs</filename> file, since the udeb
6842 infrastructure does not use <filename>symbols</filename> files.
6843 </para>
6845 <section id="s-dpkg-shlibdeps">
6846 <title>Generating dependencies on shared libraries</title>
6848 <para>
6849 When a package that contains any shared libraries or compiled
6850 binaries is built, it must run <command>dpkg-shlibdeps</command>
6851 on each shared library and compiled binary to determine the
6852 libraries used and hence the dependencies needed by the
6853 package.<footnote><para> <command>dpkg-shlibdeps</command> will
6854 use a program like <command>objdump</command> or
6855 <command>readelf</command> to find the libraries and the symbols
6856 in those libraries directly needed by the binaries or shared
6857 libraries in the package. </para> </footnote> To do this, put a
6858 call to <command>dpkg-shlibdeps</command> into your
6859 <filename>debian/rules</filename> file in the source package.
6860 List all of the compiled binaries, libraries, or loadable
6861 modules in your package.
6862 <footnote>
6863 <para>
6864 The easiest way to call <command>dpkg-shlibdeps</command>
6865 correctly is to use a package helper framework such as
6866 <systemitem role="package">debhelper</systemitem>. If you
6867 are using <systemitem role="package">debhelper</systemitem>,
6868 the <command>dh_shlibdeps</command> program will do this
6869 work for you. It will also correctly handle multi-binary
6870 packages.
6871 </para>
6872 </footnote>
6873 <command>dpkg-shlibdeps</command> will use the
6874 <filename>symbols</filename> or <filename>shlibs</filename>
6875 files installed by the shared libraries to generate dependency
6876 information. The package must then provide a substitution
6877 variable into which the discovered dependency information can be
6878 placed.
6879 </para>
6880 <para>
6881 If you are creating a udeb for use in the Debian Installer, you
6882 will need to specify that <command>dpkg-shlibdeps</command>
6883 should use the dependency line of type <literal>udeb</literal>
6884 by adding the <literal>-tudeb</literal> option.
6885 <footnote>
6886 <para>
6887 <command>dh_shlibdeps</command> from the
6888 <literal>debhelper</literal> suite will automatically add
6889 this option if it knows it is processing a udeb.
6890 </para>
6891 </footnote>
6892 If there is no dependency line of type <literal>udeb</literal>
6893 in the <filename>shlibs</filename> file,
6894 <command>dpkg-shlibdeps</command> will fall back to the regular
6895 dependency line.
6896 </para>
6897 <para>
6898 <command>dpkg-shlibdeps</command> puts the dependency
6899 information into the <filename>debian/substvars</filename> file
6900 by default, which is then used by
6901 <command>dpkg-gencontrol</command>. You will need to place a
6902 <literal>${shlibs:Depends}</literal> variable in the
6903 <literal>Depends</literal> field in the control file of every
6904 binary package built by this source package that contains
6905 compiled binaries, libraries, or loadable modules. If you have
6906 multiple binary packages, you will need to call
6907 <command>dpkg-shlibdeps</command> on each one which contains
6908 compiled libraries or binaries. For example, you could use the
6909 <literal>-T</literal> option to the <literal>dpkg</literal>
6910 utilities to specify a different <filename>substvars</filename>
6911 file for each binary package.
6912 <footnote>
6913 <para>
6914 Again, <command>dh_shlibdeps</command> and
6915 <command>dh_gencontrol</command> will handle everything
6916 except the addition of the variable to the control file for
6917 you if you're using <systemitem
6918 role="package">debhelper</systemitem>, including generating
6919 separate <filename>substvars</filename> files for each
6920 binary package and calling
6921 <command>dpkg-gencontrol</command> with the appropriate
6922 flags.
6923 </para>
6924 </footnote>
6925 </para>
6926 <para>
6927 For more details on <command>dpkg-shlibdeps</command>, see
6928 <citerefentry><refentrytitle>dpkg-shlibdeps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
6929 </para>
6930 <para>
6931 We say that a binary <literal>foo</literal>
6932 <emphasis>directly</emphasis> uses a library
6933 <literal>libbar</literal> if it is explicitly linked with that
6934 library (that is, the library is listed in the ELF
6935 <literal>NEEDED</literal> attribute, caused by adding
6936 <literal>-lbar</literal> to the link line when the binary is
6937 created). Other libraries that are needed by
6938 <literal>libbar</literal> are linked
6939 <emphasis>indirectly</emphasis> to <literal>foo</literal>, and
6940 the dynamic linker will load them automatically when it loads
6941 <literal>libbar</literal>. A package should depend on the
6942 libraries it directly uses, but not the libraries it only uses
6943 indirectly. The dependencies for the libraries used directly
6944 will automatically pull in the indirectly-used libraries.
6945 <command>dpkg-shlibdeps</command> will handle this logic
6946 automatically, but package maintainers need to be aware of this
6947 distinction between directly and indirectly using a library if
6948 they have to override its results for some reason.
6949 <footnote>
6950 <para>
6951 A good example of where this helps is the following. We
6952 could update <literal>libimlib</literal> with a new version
6953 that supports a new revision of a graphics format called dgf
6954 (but retaining the same major version number) and depends on
6955 a new library package <systemitem
6956 role="package">libdgf4</systemitem> instead of the older
6957 <systemitem role="package">libdgf3</systemitem>. If we used
6958 <command>ldd</command> to add dependencies for every library
6959 directly or indirectly linked with a binary, every package
6960 that uses <literal>libimlib</literal> would need to be
6961 recompiled so it would also depend on <systemitem
6962 role="package">libdgf4</systemitem> in order to retire the
6963 older <systemitem role="package">libdgf3</systemitem>
6964 package. Since dependencies are only added based on ELF
6965 <literal>NEEDED</literal> attribute, packages using
6966 <literal>libimlib</literal> can rely on
6967 <literal>libimlib</literal> itself having the dependency on
6968 an appropriate version of <literal>libdgf</literal> and do
6969 not need rebuilding.
6970 </para>
6971 </footnote>
6972 </para>
6973 </section>
6975 <section id="s-sharedlibs-updates">
6976 <title>Shared library ABI changes</title>
6978 <para>
6979 Maintaining a shared library package using either
6980 <filename>symbols</filename> or <filename>shlibs</filename>
6981 files requires being aware of the exposed ABI of the shared
6982 library and any changes to it. Both
6983 <filename>symbols</filename> and <filename>shlibs</filename>
6984 files record every change to the ABI of the shared library;
6985 <filename>symbols</filename> files do so per public symbol,
6986 whereas <filename>shlibs</filename> files record only the last
6987 change for the entire library.
6988 </para>
6989 <para>
6990 There are two types of ABI changes: ones that are
6991 backward-compatible and ones that are not. An ABI change is
6992 backward-compatible if any reasonable program or library that
6993 was linked with the previous version of the shared library will
6994 still work correctly with the new version of the shared
6995 library.
6996 <footnote>
6997 <para>
6998 An example of an "unreasonable" program is one that uses
6999 library interfaces that are documented as internal and
7000 unsupported. If the only programs or libraries affected by
7001 a change are "unreasonable" ones, other techniques, such as
7002 declaring <literal>Breaks</literal> relationships with
7003 affected packages or treating their usage of the library as
7004 bugs in those packages, may be appropriate instead of
7005 changing the SONAME. However, the default approach is to
7006 change the SONAME for any change to the ABI that could break
7007 a program.
7008 </para>
7009 </footnote>
7010 Adding new symbols to the shared library is a
7011 backward-compatible change. Removing symbols from the shared
7012 library is not. Changing the behavior of a symbol may or may
7013 not be backward-compatible depending on the change; for example,
7014 changing a function to accept a new enum constant not previously
7015 used by the library is generally backward-compatible, but
7016 changing the members of a struct that is passed into library
7017 functions is generally not unless the library takes special
7018 precautions to accept old versions of the data structure.
7019 </para>
7020 <para>
7021 ABI changes that are not backward-compatible normally require
7022 changing the <literal>SONAME</literal> of the library and
7023 therefore the shared library package name, which forces
7024 rebuilding all packages using that shared library to update
7025 their dependencies and allow them to use the new version of the
7026 shared library. For more information, see <xref
7027 linkend="s-sharedlibs-runtime"/>. The remainder of this section
7028 will deal with backward-compatible changes.
7029 </para>
7030 <para>
7031 Backward-compatible changes require either updating or recording
7032 the <replaceable>minimal-version</replaceable> for that symbol
7033 in <filename>symbols</filename> files or updating the version in
7034 the <replaceable>dependencies</replaceable> in
7035 <filename>shlibs</filename> files. For more information on how
7036 to do this in the two formats, see <xref linkend="s-symbols"/>
7037 and <xref linkend="s-shlibs"/>. Below are general rules that
7038 apply to both files.
7039 </para>
7040 <para>
7041 The easy case is when a public symbol is added. Simply add the
7042 version at which the symbol was introduced (for
7043 <filename>symbols</filename> files) or update the dependency
7044 version (for <filename>shlibs</filename>) files. But special
7045 care should be taken to update dependency versions when the
7046 behavior of a public symbol changes. This is easy to neglect,
7047 since there is no automated method of determining such changes,
7048 but failing to update versions in this case may result in binary
7049 packages with too-weak dependencies that will fail at runtime,
7050 possibly in ways that can cause security vulnerabilities. If
7051 the package maintainer believes that a symbol behavior change
7052 may have occurred but isn't sure, it's safer to update the
7053 version rather than leave it unmodified. This may result in
7054 unnecessarily strict dependencies, but it ensures that packages
7055 whose dependencies are satisfied will work properly.
7056 </para>
7057 <para>
7058 A common example of when a change to the dependency version is
7059 required is a function that takes an enum or struct argument
7060 that controls what the function does. For example:
7061 </para>
7062 <programlisting>
7063 enum library_op { OP_FOO, OP_BAR };
7064 int library_do_operation(enum library_op);</programlisting>
7065 <para>
7066 If a new operation, <literal>OP_BAZ</literal>, is added, the
7067 <replaceable>minimal-version</replaceable> of
7068 <literal>library_do_operation</literal> (for
7069 <filename>symbols</filename> files) or the version in the
7070 dependency for the shared library (for
7071 <filename>shlibs</filename> files) must be increased to the
7072 version at which <literal>OP_BAZ</literal> was introduced.
7073 Otherwise, a binary built against the new version of the library
7074 (having detected at compile-time that the library supports
7075 <literal>OP_BAZ</literal>) may be installed with a shared
7076 library that doesn't support <literal>OP_BAZ</literal> and will
7077 fail at runtime when it tries to pass <literal>OP_BAZ</literal>
7078 into this function.
7079 </para>
7080 <para>
7081 Dependency versions in either <filename>symbols</filename> or
7082 <filename>shlibs</filename> files normally should not contain
7083 the Debian revision of the package, since the library behavior
7084 is normally fixed for a particular upstream version and any
7085 Debian packaging of that upstream version will have the same
7086 behavior. In the rare case that the library behavior was
7087 changed in a particular Debian revision, appending
7088 <literal>~</literal> to the end of the version that includes the
7089 Debian revision is recommended, since this allows backports of
7090 the shared library package using the normal backport versioning
7091 convention to satisfy the dependency.
7092 </para>
7093 </section>
7095 <section id="s-sharedlibs-symbols">
7096 <title>The <literal>symbols</literal> system</title>
7098 <para>
7099 In the following sections, we will first describe where the
7100 various <filename>symbols</filename> files are to be found, then
7101 the <filename>symbols</filename> file format, and finally how to
7102 create <filename>symbols</filename> files if your package
7103 contains a shared library.
7104 </para>
7106 <section id="s-symbols-paths">
7107 <title>
7108 The <filename>symbols</filename> files present on the system
7109 </title>
7111 <para>
7112 <filename>symbols</filename> files for a shared library are
7113 normally provided by the shared library package as a control
7114 file, but there are several override paths that are checked
7115 first in case that information is wrong or missing. The
7116 following list gives them in the order in which they are read
7117 by <command>dpkg-shlibdeps</command> The first one that
7118 contains the required information is used.
7119 </para>
7120 <variablelist>
7121 <varlistentry>
7122 <term>
7123 <filename>debian/*/DEBIAN/symbols</filename>
7124 </term>
7125 <listitem>
7126 <para>
7127 During the package build, if the package itself contains
7128 shared libraries with <filename>symbols</filename>
7129 files, they will be generated in these staging
7130 directories by <command>dpkg-gensymbols</command> (see
7131 <xref linkend="s-providing-symbols"/>).
7132 <filename>symbols</filename> files found in the build
7133 tree take precedence over <filename>symbols</filename>
7134 files from other binary packages.
7135 </para>
7136 <para>
7137 These files must exist before
7138 <command>dpkg-shlibdeps</command> is run or the
7139 dependencies of binaries and libraries from a source
7140 package on other libraries from that same source package
7141 will not be correct. In practice, this means that
7142 <command>dpkg-gensymbols</command> must be run before
7143 <command>dpkg-shlibdeps</command> during the package
7144 build.
7145 <footnote>
7146 <para>
7147 An example may clarify. Suppose the source package
7148 <literal>foo</literal> generates two binary
7149 packages, <literal>libfoo2</literal> and
7150 <literal>foo-runtime</literal>. When building the
7151 binary packages, the contents of the packages are
7152 staged in the directories
7153 <filename>debian/libfoo2</filename> and
7154 <filename>debian/foo-runtime</filename>
7155 respectively. (<filename>debian/tmp</filename>
7156 could be used instead of one of these.) Since
7157 <literal>libfoo2</literal> provides the
7158 <literal>libfoo</literal> shared library, it will
7159 contain a <literal>symbols</literal> file, which
7160 will be installed in
7161 <filename>debian/libfoo2/DEBIAN/symbols</filename>,
7162 eventually to be included as a control file in that
7163 package. When <command>dpkg-shlibdeps</command> is
7164 run on the executable
7165 <filename>debian/foo-runtime/usr/bin/foo-prog</filename>,
7166 it will examine the
7167 <filename>debian/libfoo2/DEBIAN/symbols</filename>
7168 file to determine whether
7169 <literal>foo-prog</literal>'s library dependencies
7170 are satisfied by any of the libraries provided by
7171 <literal>libfoo2</literal>. Since those binaries
7172 were linked against the just-built shared library as
7173 part of the build process, the
7174 <filename>symbols</filename> file for the
7175 newly-built <literal>libfoo2</literal> must take
7176 precedence over a <filename>symbols</filename> file
7177 for any other <literal>libfoo2</literal> package
7178 already installed on the system.
7179 </para>
7180 </footnote>
7181 </para>
7182 </listitem>
7183 </varlistentry>
7184 <varlistentry>
7185 <term>
7186 <filename>/etc/dpkg/symbols/<replaceable>package</replaceable>.symbols.<replaceable>arch</replaceable></filename>
7187 and
7188 <filename>/etc/dpkg/symbols/<replaceable>package</replaceable>.symbols</filename>
7189 </term>
7190 <listitem>
7191 <para>
7192 Per-system overrides of shared library dependencies.
7193 These files normally do not exist. They are maintained
7194 by the local system administrator and must not be
7195 created by any Debian package.
7196 </para>
7197 </listitem>
7198 </varlistentry>
7199 <varlistentry>
7200 <term>
7201 <filename>symbols</filename> control files for packages
7202 installed on the system
7203 </term>
7204 <listitem>
7205 <para>
7206 The <filename>symbols</filename> control files for all
7207 the packages currently installed on the system are
7208 searched last. This will be the most common source of
7209 shared library dependency information. These files can
7210 be read with <literal>dpkg-query --control-show
7211 <replaceable>package</replaceable> symbols</literal>.
7212 </para>
7213 </listitem>
7214 </varlistentry>
7215 </variablelist>
7216 <para>
7217 Be aware that if a <filename>debian/shlibs.local</filename>
7218 exists in the source package, it will override any
7219 <filename>symbols</filename> files. This is the only case
7220 where a <filename>shlibs</filename> is used despite
7221 <filename>symbols</filename> files being present. See <xref
7222 linkend="s-shlibs-paths"/> and <xref
7223 linkend="s-sharedlibs-shlibdeps"/> for more information.
7224 </para>
7225 </section>
7227 <section id="s-symbols">
7228 <title>The <filename>symbols</filename> File Format</title>
7230 <para>
7231 The following documents the format of the
7232 <filename>symbols</filename> control file as included in
7233 binary packages. These files are built from template
7234 <filename>symbols</filename> files in the source package by
7235 <command>dpkg-gensymbols</command>. The template files
7236 support a richer syntax that allows
7237 <command>dpkg-gensymbols</command> to do some of the tedious
7238 work involved in maintaining <filename>symbols</filename>
7239 files, such as handling C++ symbols or optional symbols that
7240 may not exist on particular architectures. When writing
7241 <filename>symbols</filename> files for a shared library
7242 package, refer to
7243 <citerefentry><refentrytitle>dpkg-gensymbols</refentrytitle><manvolnum>1</manvolnum></citerefentry>
7244 for the richer syntax.
7245 </para>
7246 <para>
7247 A <filename>symbols</filename> may contain one or more
7248 entries, one for each shared library contained in the package
7249 corresponding to that <filename>symbols</filename>. Each
7250 entry has the following format:
7251 </para>
7252 <programlisting>
7253 <replaceable>library-soname</replaceable> <replaceable>main-dependency-template</replaceable>
7254 [| <replaceable>alternative-dependency-template</replaceable>]
7255 [...]
7256 [* <replaceable>field-name</replaceable>: <replaceable>field-value</replaceable>]
7257 [...]
7258 <replaceable>symbol</replaceable> <replaceable>minimal-version</replaceable>[ <replaceable>id-of-dependency-template</replaceable> ]</programlisting>
7259 <para>
7260 To explain this format, we'll use the
7261 <literal>zlib1g</literal> package as an example, which (at the
7262 time of writing) installs the shared library
7263 <filename>/usr/lib/libz.so.1.2.3.4</filename>. Mandatory
7264 lines will be described first, followed by optional lines.
7265 </para>
7266 <para>
7267 <replaceable>library-soname</replaceable> must contain exactly
7268 the value of the ELF <literal>SONAME</literal> attribute of
7269 the shared library. In our example, this is
7270 <literal>libz.so.1</literal>.
7271 <footnote>
7272 <para>
7273 This can be determined by using the command
7274 </para>
7275 <screen>readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME</screen>
7276 </footnote>
7277 </para>
7278 <para>
7279 <replaceable>main-dependency-template</replaceable> has the
7280 same syntax as a dependency field in a binary package control
7281 file, except that the string <literal>#MINVER#</literal> is
7282 replaced by a version restriction like <literal>(>=
7283 <replaceable>version</replaceable>)</literal> or by nothing if
7284 an unversioned dependency is deemed sufficient. The version
7285 restriction will be based on which symbols from the shared
7286 library are referenced and the version at which they were
7287 introduced (see below). In nearly all cases,
7288 <replaceable>main-dependency-template</replaceable> will be
7289 <literal><replaceable>package</replaceable>
7290 #MINVER#</literal>, where <replaceable>package</replaceable>
7291 is the name of the binary package containing the shared
7292 library. This adds a simple, possibly-versioned dependency on
7293 the shared library package. In some rare cases, such as when
7294 multiple packages provide the same shared library ABI, the
7295 dependency template may need to be more complex.
7296 </para>
7297 <para>
7298 In our example, the first line of the
7299 <literal>zlib1g</literal> <filename>symbols</filename> file
7300 would be:
7301 </para>
7302 <programlisting>libz.so.1 zlib1g #MINVER#</programlisting>
7303 <para>
7304 Each public symbol exported by the shared library must have a
7305 corresponding symbol line, indented by one space.
7306 <replaceable>symbol</replaceable> is the exported symbol
7307 (which, for C++, means the mangled symbol) followed by
7308 <literal>@</literal> and the symbol version, or the string
7309 <literal>Base</literal> if there is no symbol version.
7310 <replaceable>minimal-version</replaceable> is the most recent
7311 version of the shared library that changed the behavior of
7312 that symbol, whether by adding it, changing its function
7313 signature (the parameters, their types, or the return type),
7314 or changing its behavior in a way that is visible to a caller.
7315 <replaceable>id-of-dependency-template</replaceable> is an
7316 optional field that references an
7317 <replaceable>alternative-dependency-template</replaceable>;
7318 see below for a full description.
7319 </para>
7320 <para>
7321 For example, <literal>libz.so.1</literal> contains the symbols
7322 <literal>compress</literal> and
7323 <literal>compressBound</literal>. <literal>compress</literal>
7324 has no symbol version and last changed its behavior in
7325 upstream version <literal>1:1.1.4</literal>.
7326 <literal>compressBound</literal> has the symbol version
7327 <literal>ZLIB_1.2.0</literal>, was introduced in upstream
7328 version <literal>1:1.2.0</literal>, and has not changed its
7329 behavior. Its <filename>symbols</filename> file therefore
7330 contains the lines:
7331 </para>
7332 <programlisting>
7333 compress@Base 1:1.1.4
7334 compressBound@ZLIB_1.2.0 1:1.2.0</programlisting>
7335 <para>
7336 Packages using only <literal>compress</literal> would then get
7337 a dependency on <literal>zlib1g (>= 1:1.1.4)</literal>, but
7338 packages using <literal>compressBound</literal> would get a
7339 dependency on <literal>zlib1g (>= 1:1.2.0)</literal>.
7340 </para>
7341 <para>
7342 One or more
7343 <replaceable>alternative-dependency-template</replaceable>
7344 lines may be provided. These are used in cases where some
7345 symbols in the shared library should use one dependency
7346 template while others should use a different template. The
7347 alternative dependency templates are used only if a symbol
7348 line contains the
7349 <replaceable>id-of-dependency-template</replaceable> field.
7350 The first alternative dependency template is numbered 1, the
7351 second 2, and so forth.
7352 <footnote>
7353 <para>
7354 An example of where this may be needed is with a library
7355 that implements the libGL interface. All GL
7356 implementations provide the same set of base interfaces,
7357 and then may provide some additional interfaces only used
7358 by programs that require that specific GL implementation.
7359 So, for example, libgl1-mesa-glx may use the following
7360 <filename>symbols</filename> file:
7361 </para>
7362 <programlisting>
7363 libGL.so.1 libgl1 | libgl1-mesa-glx #MINVER#
7364 publicGlSymbol@Base 6.3-1 [...] implementationSpecificSymbol@Base 6.5.2-7 1
7365 [...]</programlisting>
7366 <para>
7367 Binaries or shared libraries using only
7368 <literal>publicGlSymbol</literal> would depend only on
7369 <literal>libgl1</literal> (which may be provided by
7370 multiple packages), but ones using
7371 <literal>implementationSpecificSymbol</literal> would get
7372 a dependency on <literal>libgl1-mesa-glx (>=
7373 6.5.2-7)</literal>
7374 </para>
7375 </footnote>
7376 </para>
7377 <para>
7378 Finally, the entry for the library may contain one or more
7379 metadata fields. Currently, the only supported
7380 <replaceable>field-name</replaceable> is
7381 <literal>Build-Depends-Package</literal>, whose value lists
7382 the <link linkend="s-sharedlibs-dev">library development
7383 package</link> on which packages using this shared library
7384 declare a build dependency. If this field is present,
7385 <command>dpkg-shlibdeps</command> uses it to ensure that the
7386 resulting binary package dependency on the shared library is
7387 at least as strict as the source package dependency on the
7388 shared library development package.
7389 <footnote>
7390 <para>
7391 This field should normally not be necessary, since if the
7392 behavior of any symbol has changed, the corresponding
7393 symbol <replaceable>minimal-version</replaceable> should
7394 have been increased. But including it makes the
7395 <literal>symbols</literal> system more robust by
7396 tightening the dependency in cases where the package using
7397 the shared library specifically requires at least a
7398 particular version of the shared library development
7399 package for some reason.
7400 </para>
7401 </footnote>
7402 For our example, the <literal>zlib1g</literal>
7403 <filename>symbols</filename> file would contain:
7404 </para>
7405 <programlisting>* Build-Depends-Package: zlib1g-dev</programlisting>
7406 <para>
7407 Also see
7408 <citerefentry><refentrytitle>deb-symbols</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
7409 </para>
7410 </section>
7412 <section id="s-providing-symbols">
7413 <title>Providing a <filename>symbols</filename> file</title>
7415 <para>
7416 If your package provides a shared library, you should arrange
7417 to include a <filename>symbols</filename> control file
7418 following the format described above in that package. You
7419 must include either a <filename>symbols</filename> control
7420 file or a <filename>shlibs</filename> control file.
7421 </para>
7422 <para>
7423 Normally, this is done by creating a
7424 <filename>symbols</filename> in the source package named
7425 <filename>debian/<replaceable>package</replaceable>.symbols</filename>
7426 or <filename>debian/symbols</filename>, possibly with
7427 <filename>.<replaceable>arch</replaceable></filename> appended
7428 if the symbols information varies by architecture. This file
7429 may use the extended syntax documented in
7430 <citerefentry><refentrytitle>dpkg-gensymbols</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
7431 Then, call <command>dpkg-gensymbols</command> as part of the
7432 package build process. It will create
7433 <filename>symbols</filename> files in the package staging area
7434 based on the binaries and libraries in the package staging
7435 area and the <filename>symbols</filename> files in the source
7436 package.<footnote><para> If you are using
7437 <literal>debhelper</literal>, <command>dh_makeshlibs</command>
7438 will take care of calling either
7439 <command>dpkg-gensymbols</command> or generating a
7440 <filename>shlibs</filename> file as appropriate. </para>
7441 </footnote>
7442 </para>
7443 <para>
7444 Packages that provide <filename>symbols</filename> files must
7445 keep them up-to-date to ensure correct dependencies in
7446 packages that use the shared libraries. This means updating
7447 the <filename>symbols</filename> file whenever a new public
7448 symbol is added, changing the
7449 <replaceable>minimal-version</replaceable> field whenever a
7450 symbol changes behavior or signature in a backward-compatible
7451 way (see <xref linkend="s-sharedlibs-updates"/>), and changing
7452 the <replaceable>library-soname</replaceable> and
7453 <replaceable>main-dependency-template</replaceable>, and
7454 probably all of the <replaceable>minimal-version</replaceable>
7455 fields, when the library changes <literal>SONAME</literal>.
7456 Removing a public symbol from the <filename>symbols</filename>
7457 file because it's no longer provided by the library normally
7458 requires changing the <literal>SONAME</literal> of the
7459 library. See <xref linkend="s-sharedlibs-runtime"/> for more
7460 information on <literal>SONAME</literal>s.
7461 </para>
7462 </section>
7463 </section>
7465 <section id="s-sharedlibs-shlibdeps">
7466 <title>The <literal>shlibs</literal> system</title>
7468 <para>
7469 The <literal>shlibs</literal> system is a simpler alternative to
7470 the <literal>symbols</literal> system for declaring dependencies
7471 for shared libraries. It may be more appropriate for C++
7472 libraries and other cases where tracking individual symbols is
7473 too difficult. It predated the <literal>symbols</literal>
7474 system and is therefore frequently seen in older packages. It
7475 is also required for udebs, which do not support
7476 <literal>symbols</literal>.
7477 </para>
7478 <para>
7479 In the following sections, we will first describe where the
7480 various <filename>shlibs</filename> files are to be found, then
7481 how to use <command>dpkg-shlibdeps</command>, and finally the
7482 <filename>shlibs</filename> file format and how to create them.
7483 </para>
7485 <section id="s-shlibs-paths">
7486 <title>
7487 The <filename>shlibs</filename> files present on the system
7488 </title>
7490 <para>
7491 There are several places where <literal>shlibs</literal> files
7492 are found. The following list gives them in the order in
7493 which they are read by <command>dpkg-shlibdeps</command>.
7494 (The first one which gives the required information is used.)
7495 </para>
7496 <variablelist>
7497 <varlistentry>
7498 <term>
7499 <filename>debian/shlibs.local</filename>
7500 </term>
7501 <listitem>
7502 <para>
7503 This lists overrides for this package. This file should
7504 normally not be used, but may be needed temporarily in
7505 unusual situations to work around bugs in other
7506 packages, or in unusual cases where the normally
7507 declared dependency information in the installed
7508 <filename>shlibs</filename> file for a library cannot be
7509 used. This file overrides information obtained from any
7510 other source.
7511 </para>
7512 </listitem>
7513 </varlistentry>
7514 <varlistentry>
7515 <term>
7516 <filename>/etc/dpkg/shlibs.override</filename>
7517 </term>
7518 <listitem>
7519 <para>
7520 This lists global overrides. This list is normally
7521 empty. It is maintained by the local system
7522 administrator.
7523 </para>
7524 </listitem>
7525 </varlistentry>
7526 <varlistentry>
7527 <term>
7528 <filename>DEBIAN/shlibs</filename> files in the "build
7529 directory"
7530 </term>
7531 <listitem>
7532 <para>
7533 These files are generated as part of the package build
7534 process and staged for inclusion as control files in the
7535 binary packages being built. They provide details of
7536 any shared libraries included in the same package.
7537 </para>
7538 </listitem>
7539 </varlistentry>
7540 <varlistentry>
7541 <term>
7542 <filename>shlibs</filename> control files for packages
7543 installed on the system
7544 </term>
7545 <listitem>
7546 <para>
7547 The <filename>shlibs</filename> control files for all
7548 the packages currently installed on the system. These
7549 files can be read using <literal>dpkg-query
7550 --control-show <replaceable>package</replaceable>
7551 shlibs</literal>.
7552 </para>
7553 </listitem>
7554 </varlistentry>
7555 <varlistentry>
7556 <term>
7557 <filename>/etc/dpkg/shlibs.default</filename>
7558 </term>
7559 <listitem>
7560 <para>
7561 This file lists any shared libraries whose packages have
7562 failed to provide correct <filename>shlibs</filename>
7563 files. It was used when the <filename>shlibs</filename>
7564 setup was first introduced, but it is now normally
7565 empty. It is maintained by the <literal>dpkg</literal>
7566 maintainer.
7567 </para>
7568 </listitem>
7569 </varlistentry>
7570 </variablelist>
7571 <para>
7572 If a <filename>symbols</filename> file for a shared library
7573 package is available, <command>dpkg-shlibdeps</command> will
7574 always use it in preference to a <filename>shlibs</filename>,
7575 with the exception of
7576 <filename>debian/shlibs.local</filename>. The latter
7577 overrides any other <filename>shlibs</filename> or
7578 <filename>symbols</filename> files.
7579 </para>
7580 </section>
7582 <section id="s-shlibs">
7583 <title>The <filename>shlibs</filename> File Format</title>
7585 <para>
7586 Each <filename>shlibs</filename> file has the same format.
7587 Lines beginning with <literal>#</literal> are considered to be
7588 comments and are ignored. Each line is of the form:
7589 </para>
7590 <screen>
7591 [<replaceable>type</replaceable>: ]<replaceable>library-name</replaceable> <replaceable>soname-version</replaceable> <replaceable>dependencies ...</replaceable></screen>
7592 <para>
7593 We will explain this by reference to the example of the
7594 <literal>zlib1g</literal> package, which (at the time of
7595 writing) installs the shared library
7596 <filename>/usr/lib/libz.so.1.2.3.4</filename>.
7597 </para>
7598 <para>
7599 <replaceable>type</replaceable> is an optional element that
7600 indicates the type of package for which the line is valid.
7601 The only type currently in use is <literal>udeb</literal>.
7602 The colon and space after the type are required.
7603 </para>
7604 <para>
7605 <replaceable>library-name</replaceable> is the name of the
7606 shared library, in this case <literal>libz</literal>. (This
7607 must match the name part of the soname, see below.)
7608 </para>
7609 <para>
7610 <replaceable>soname-version</replaceable> is the version part
7611 of the ELF <literal>SONAME</literal> attribute of the library,
7612 determined the same way that the
7613 <replaceable>soversion</replaceable> component of the
7614 recommended shared library package name is determined. See
7615 <xref linkend="s-sharedlibs-runtime"/> for the details.
7616 </para>
7617 <para>
7618 <replaceable>dependencies</replaceable> has the same syntax as
7619 a dependency field in a binary package control file. It
7620 should give details of which packages are required to satisfy
7621 a binary built against the version of the library contained in
7622 the package. See <xref linkend="s-depsyntax"/> for details on
7623 the syntax, and <xref linkend="s-sharedlibs-updates"/> for
7624 details on how to maintain the dependency version constraint.
7625 </para>
7626 <para>
7627 In our example, if the last change to the
7628 <literal>zlib1g</literal> package that could change behavior
7629 for a client of that library was in version
7630 <literal>1:1.2.3.3.dfsg-1</literal>, then the
7631 <literal>shlibs</literal> entry for this library could say:
7632 </para>
7633 <programlisting>libz 1 zlib1g (>= 1:1.2.3.3.dfsg)</programlisting>
7634 <para>
7635 This version restriction must be new enough that any binary
7636 built against the current version of the library will work
7637 with any version of the shared library that satisfies that
7638 dependency.
7639 </para>
7640 <para>
7641 As zlib1g also provides a udeb containing the shared library,
7642 there would also be a second line:
7643 </para>
7644 <programlisting>udeb: libz 1 zlib1g-udeb (>= 1:1.2.3.3.dfsg)</programlisting>
7645 </section>
7647 <section id="s8.6.4.3">
7648 <title>Providing a <filename>shlibs</filename> file</title>
7650 <para>
7651 To provide a <filename>shlibs</filename> file for a shared
7652 library binary package, create a <filename>shlibs</filename>
7653 file following the format described above and place it in the
7654 <filename>DEBIAN</filename> directory for that package during
7655 the build. It will then be included as a control file for
7656 that package.
7657 <footnote>
7658 <para>
7659 This is what <command>dh_makeshlibs</command> in the
7660 <systemitem role="package">debhelper</systemitem> suite
7661 does. If your package also has a udeb that provides a
7662 shared library, <command>dh_makeshlibs</command> can
7663 automatically generate the <literal>udeb:</literal> lines
7664 if you specify the name of the udeb with the
7665 <literal>--add-udeb</literal> option.
7666 </para>
7667 </footnote>
7668 </para>
7669 <para>
7670 Since <command>dpkg-shlibdeps</command> reads the
7671 <filename>DEBIAN/shlibs</filename> files in all of the binary
7672 packages being built from this source package, all of the
7673 <filename>DEBIAN/shlibs</filename> files should be installed
7674 before <command>dpkg-shlibdeps</command> is called on any of
7675 the binary packages.
7676 </para>
7677 </section>
7678 </section>
7679 </section>
7680 </chapter>
7682 <chapter id="ch-opersys">
7683 <title>The Operating System</title>
7685 <section id="s9.1">
7686 <title>File system hierarchy</title>
7688 <section id="s-fhs">
7689 <title>File System Structure</title>
7691 <para>
7692 The location of all files and directories must comply with the
7693 Filesystem Hierarchy Standard (FHS), version 2.3, with the
7694 exceptions noted below, and except where doing so would violate
7695 other terms of Debian Policy. The following exceptions to the
7696 FHS apply:
7697 </para>
7698 <orderedlist numeration="arabic">
7699 <listitem>
7700 <para>
7701 The FHS requirement that architecture-independent
7702 application-specific static files be located in
7703 <filename>/usr/share</filename> is relaxed to a suggestion.
7704 In particular, a subdirectory of
7705 <filename>/usr/lib</filename> may be used by a package (or a
7706 collection of packages) to hold a mixture of
7707 architecture-independent and architecture-dependent files.
7708 However, when a directory is entirely composed of
7709 architecture-independent files, it should be located in
7710 <filename>/usr/share</filename>.
7711 </para>
7712 </listitem>
7713 <listitem>
7714 <para>
7715 The optional rules related to user specific configuration
7716 files for applications are stored in the user's home
7717 directory are relaxed. It is recommended that such files
7718 start with the '<literal>.</literal>' character (a "dot
7719 file"), and if an application needs to create more than one
7720 dot file then the preferred placement is in a subdirectory
7721 with a name starting with a '.' character, (a "dot
7722 directory"). In this case it is recommended the
7723 configuration files not start with the '.' character.
7724 </para>
7725 </listitem>
7726 <listitem>
7727 <para>
7728 The requirement for amd64 to use <filename>/lib64</filename>
7729 for 64 bit binaries is removed.
7730 </para>
7731 </listitem>
7732 <listitem>
7733 <para>
7734 The requirement for object files, internal binaries, and
7735 libraries, including <filename>libc.so.*</filename>, to be
7736 located directly under <filename>/lib{,32}</filename> and
7737 <filename>/usr/lib{,32}</filename> is amended, permitting
7738 files to instead be installed to
7739 <filename>/lib/<replaceable>triplet</replaceable></filename>
7740 and
7741 <filename>/usr/lib/<replaceable>triplet</replaceable></filename>,
7742 where <literal><replaceable>triplet</replaceable></literal>
7743 is the value returned by <literal>dpkg-architecture
7744 -qDEB_HOST_MULTIARCH</literal> for the architecture of the
7745 package. Packages may <emphasis>not</emphasis> install
7746 files to any <replaceable>triplet</replaceable> path other
7747 than the one matching the architecture of that package; for
7748 instance, an <literal>Architecture: amd64</literal> package
7749 containing 32-bit x86 libraries may not install these
7750 libraries to <filename>/usr/lib/i386-linux-gnu</filename>.
7751 <footnote><para> This is necessary in order to reserve the
7752 directories for use in cross-installation of library
7753 packages from other architectures, as part of
7754 <literal>multiarch</literal>. </para> </footnote>
7755 </para>
7756 <para>
7757 The requirement for C and C++ headers files to be accessible
7758 through the search path <filename>/usr/include/</filename>
7759 is amended, permitting files to be accessible through the
7760 search path
7761 <filename>/usr/include/<replaceable>triplet</replaceable></filename>
7762 where <literal><replaceable>triplet</replaceable></literal>
7763 is as above. <footnote><para> This is necessary for
7764 architecture-dependent headers file to coexist in a
7765 <literal>multiarch</literal> setup. </para> </footnote>
7766 </para>
7767 <para>
7768 Applications may also use a single subdirectory under
7769 <filename>/usr/lib/<replaceable>triplet</replaceable></filename>.
7770 </para>
7771 <para>
7772 The execution time linker/loader, ld*, must still be made
7773 available in the existing location under /lib or /lib64
7774 since this is part of the ELF ABI for the architecture.
7775 </para>
7776 </listitem>
7777 <listitem>
7778 <para>
7779 The requirement that
7780 <filename>/usr/local/share/man</filename> be "synonymous"
7781 with <filename>/usr/local/man</filename> is relaxed to a
7782 recommendation
7783 </para>
7784 </listitem>
7785 <listitem>
7786 <para>
7787 The requirement that windowmanagers with a single
7788 configuration file call it <filename>system.*wmrc</filename>
7789 is removed, as is the restriction that the window manager
7790 subdirectory be named identically to the window manager name
7791 itself.
7792 </para>
7793 </listitem>
7794 <listitem>
7795 <para>
7796 The requirement that boot manager configuration files live
7797 in <filename>/etc</filename>, or at least are symlinked
7798 there, is relaxed to a recommendation.
7799 </para>
7800 </listitem>
7801 <listitem>
7802 <para>
7803 The additional directory <filename>/run</filename> in the
7804 root file system is allowed. <filename>/run</filename>
7805 replaces <filename>/var/run</filename>, and the subdirectory
7806 <filename>/run/lock</filename> replaces
7807 <filename>/var/lock</filename>, with the
7808 <filename>/var</filename> directories replaced by symlinks
7809 for backwards compatibility. <filename>/run</filename> and
7810 <filename>/run/lock</filename> must follow all of the
7811 requirements in the FHS for <filename>/var/run</filename>
7812 and <filename>/var/lock</filename>, respectively, such as
7813 file naming conventions, file format requirements, or the
7814 requirement that files be cleared during the boot process.
7815 Files and directories residing in <filename>/run</filename>
7816 should be stored on a temporary file system.
7817 </para>
7818 </listitem>
7819 <listitem>
7820 <para>
7821 The <filename>/sys</filename> directory in the root
7822 filesystem is additionally allowed.
7823 <footnote>
7824 <para>
7825 This directory is used as mount point to mount virtual
7826 filesystems to get access to kernel information.
7827 </para>
7828 </footnote>
7829 </para>
7830 </listitem>
7831 <listitem>
7832 <para>
7833 The <filename>/var/www</filename> directory is additionally
7834 allowed.
7835 </para>
7836 </listitem>
7837 <listitem>
7838 <para>
7839 The requirement for
7840 <filename>/usr/local/lib<replaceable>qual</replaceable></filename>
7841 to exist if
7842 <filename>/lib<replaceable>qual</replaceable></filename> or
7843 <filename>/usr/lib<replaceable>qual</replaceable></filename>
7844 exists (where
7845 <filename>lib<replaceable>qual</replaceable></filename> is a
7846 variant of <filename>lib</filename> such as
7847 <filename>lib32</filename> or <filename>lib64</filename>) is
7848 removed.
7849 </para>
7850 </listitem>
7851 <listitem>
7852 <para>
7853 On GNU/Hurd systems, the following additional directories
7854 are allowed in the root filesystem:
7855 <filename>/hurd</filename> and
7856 <filename>/servers</filename>.
7857 <footnote>
7858 <para>
7859 These directories are used to store translators and as a
7860 set of standard names for mount points, respectively.
7861 </para>
7862 </footnote>
7863 </para>
7864 </listitem>
7865 </orderedlist>
7866 <para>
7867 The version of this document referred here can be found in the
7868 <literal>debian-policy</literal> package or on <ulink
7869 url="https://www.debian.org/doc/packaging-manuals/fhs/">FHS
7870 (Debian copy)</ulink> alongside this manual (or, if you have the
7871 <systemitem role="package">debian-policy</systemitem> installed,
7872 you can try <ulink
7873 url="file:///usr/share/doc/debian-policy/fhs/">FHS (local
7874 copy)</ulink>). The latest version, which may be a more recent
7875 version, may be found on <ulink
7876 url="http://www.pathname.com/fhs/">FHS (upstream)</ulink>.
7877 Specific questions about following the standard may be asked on
7878 the <literal>debian-devel</literal> mailing list, or referred to
7879 the FHS mailing list (see the <ulink
7880 url="http://www.pathname.com/fhs/">FHS web site</ulink> for more
7881 information).
7882 </para>
7883 </section>
7885 <section id="s9.1.2">
7886 <title>Site-specific programs</title>
7888 <para>
7889 As mandated by the FHS, packages must not place any files in
7890 <filename>/usr/local</filename>, either by putting them in the
7891 file system archive to be unpacked by <command>dpkg</command> or
7892 by manipulating them in their maintainer scripts.
7893 </para>
7894 <para>
7895 However, the package may create empty directories below
7896 <filename>/usr/local</filename> so that the system administrator
7897 knows where to place site-specific files. These are not
7898 directories <emphasis>in</emphasis>
7899 <filename>/usr/local</filename>, but are children of directories
7900 in <filename>/usr/local</filename>. These directories
7901 (<filename>/usr/local/*/dir/</filename>) should be removed on
7902 package removal if they are empty.
7903 </para>
7904 <para>
7905 Note that this applies only to directories
7906 <emphasis>below</emphasis> <filename>/usr/local</filename>, not
7907 <emphasis>in</emphasis> <filename>/usr/local</filename>.
7908 Packages must not create sub-directories in the directory
7909 <filename>/usr/local</filename> itself, except those listed in
7910 FHS, section 4.5. However, you may create directories below
7911 them as you wish. You must not remove any of the directories
7912 listed in 4.5, even if you created them.
7913 </para>
7914 <para>
7915 Since <filename>/usr/local</filename> can be mounted read-only
7916 from a remote server, these directories must be created and
7917 removed by the <command>postinst</command> and
7918 <command>prerm</command> maintainer scripts and not be included
7919 in the <filename>.deb</filename> archive. These scripts must
7920 not fail if either of these operations fail.
7921 </para>
7922 <para>
7923 For example, the <literal>emacsen-common</literal> package could
7924 contain something like
7925 </para>
7926 <programlisting>
7927 if [ ! -e /usr/local/share/emacs ]; then
7928 if mkdir /usr/local/share/emacs 2>/dev/null; then
7929 if chown root:staff /usr/local/share/emacs; then
7930 chmod 2775 /usr/local/share/emacs || true
7931 fi
7932 fi
7933 fi</programlisting>
7934 <para>
7935 in its <command>postinst</command> script, and
7936 </para>
7937 <programlisting>
7938 rmdir /usr/local/share/emacs/site-lisp 2>/dev/null || true
7939 rmdir /usr/local/share/emacs 2>/dev/null || true</programlisting>
7940 <para>
7941 in the <command>prerm</command> script. (Note that this form is
7942 used to ensure that if the script is interrupted, the directory
7943 <filename>/usr/local/share/emacs</filename> will still be
7944 removed.)
7945 </para>
7946 <para>
7947 If you do create a directory in <filename>/usr/local</filename>
7948 for local additions to a package, you should ensure that
7949 settings in <filename>/usr/local</filename> take precedence over
7950 the equivalents in <filename>/usr</filename>.
7951 </para>
7952 <para>
7953 However, because <filename>/usr/local</filename> and its
7954 contents are for exclusive use of the local administrator, a
7955 package must not rely on the presence or absence of files or
7956 directories in <filename>/usr/local</filename> for normal
7957 operation.
7958 </para>
7959 <para>
7960 The <filename>/usr/local</filename> directory itself and all the
7961 subdirectories created by the package should (by default) have
7962 permissions 2775 (group-writable and set-group-id) and be owned
7963 by <literal>root:staff</literal>.
7964 </para>
7965 </section>
7967 <section id="s9.1.3">
7968 <title>The system-wide mail directory</title>
7970 <para>
7971 The system-wide mail directory is
7972 <filename>/var/mail</filename>. This directory is part of the
7973 base system and should not be owned by any particular mail
7974 agents. The use of the old location
7975 <filename>/var/spool/mail</filename> is deprecated, even though
7976 the spool may still be physically located there.
7977 </para>
7978 </section>
7980 <section id="s-fhs-run">
7981 <title>
7982 <filename>/run</filename> and <filename>/run/lock</filename>
7983 </title>
7985 <para>
7986 The directory <filename>/run</filename> is cleared at boot,
7987 normally by being a mount point for a temporary file system.
7988 Packages therefore must not assume that any files or directories
7989 under <filename>/run</filename> other than
7990 <filename>/run/lock</filename> exist unless the package has
7991 arranged to create those files or directories since the last
7992 reboot. Normally, this is done by the package via an init
7993 script. See <xref linkend="s-writing-init"/> for more
7994 information.
7995 </para>
7996 <para>
7997 Packages must not include files or directories under
7998 <filename>/run</filename>, or under the older
7999 <filename>/var/run</filename> and <filename>/var/lock</filename>
8000 paths. The latter paths will normally be symlinks or other
8001 redirections to <filename>/run</filename> for backwards
8002 compatibility.
8003 </para>
8004 </section>
8005 </section>
8007 <section id="s9.2">
8008 <title>Users and groups</title>
8010 <section id="s9.2.1">
8011 <title>Introduction</title>
8013 <para>
8014 The Debian system can be configured to use either plain or
8015 shadow passwords.
8016 </para>
8017 <para>
8018 Some user ids (UIDs) and group ids (GIDs) are reserved globally
8019 for use by certain packages. Because some packages need to
8020 include files which are owned by these users or groups, or need
8021 the ids compiled into binaries, these ids must be used on any
8022 Debian system only for the purpose for which they are allocated.
8023 This is a serious restriction, and we should avoid getting in
8024 the way of local administration policies. In particular, many
8025 sites allocate users and/or local system groups starting at 100.
8026 </para>
8027 <para>
8028 Apart from this we should have dynamically allocated ids, which
8029 should by default be arranged in some sensible order, but the
8030 behavior should be configurable.
8031 </para>
8032 <para>
8033 Packages other than <literal>base-passwd</literal> must not
8034 modify <filename>/etc/passwd</filename>,
8035 <filename>/etc/shadow</filename>,
8036 <filename>/etc/group</filename> or
8037 <filename>/etc/gshadow</filename>.
8038 </para>
8039 </section>
8041 <section id="s9.2.2">
8042 <title>UID and GID classes</title>
8044 <para>
8045 The UID and GID numbers are divided into classes as follows:
8046 </para>
8047 <variablelist>
8048 <varlistentry>
8049 <term>0-99:</term>
8050 <listitem>
8051 <para>
8052 Globally allocated by the Debian project, the same on
8053 every Debian system. These ids will appear in the
8054 <filename>passwd</filename> and <filename>group</filename>
8055 files of all Debian systems, new ids in this range being
8056 added automatically as the <literal>base-passwd</literal>
8057 package is updated.
8058 </para>
8059 <para>
8060 Packages which need a single statically allocated uid or
8061 gid should use one of these; their maintainers should ask
8062 the <literal>base-passwd</literal> maintainer for ids.
8063 </para>
8064 </listitem>
8065 </varlistentry>
8066 <varlistentry>
8067 <term>100-999:</term>
8068 <listitem>
8069 <para>
8070 Dynamically allocated system users and groups. Packages
8071 which need a user or group, but can have this user or
8072 group allocated dynamically and differently on each
8073 system, should use <literal>adduser --system</literal> to
8074 create the group and/or user. <command>adduser</command>
8075 will check for the existence of the user or group, and if
8076 necessary choose an unused id based on the ranges
8077 specified in <filename>adduser.conf</filename>.
8078 </para>
8079 </listitem>
8080 </varlistentry>
8081 <varlistentry>
8082 <term>1000-59999:</term>
8083 <listitem>
8084 <para>
8085 Dynamically allocated user accounts. By default
8086 <command>adduser</command> will choose UIDs and GIDs for
8087 user accounts in this range, though
8088 <filename>adduser.conf</filename> may be used to modify
8089 this behavior.
8090 </para>
8091 </listitem>
8092 </varlistentry>
8093 <varlistentry>
8094 <term>60000-64999:</term>
8095 <listitem>
8096 <para>
8097 Globally allocated by the Debian project, but only created
8098 on demand. The ids are allocated centrally and
8099 statically, but the actual accounts are only created on
8100 users' systems on demand.
8101 </para>
8102 <para>
8103 These ids are for packages which are obscure or which
8104 require many statically-allocated ids. These packages
8105 should check for and create the accounts in
8106 <filename>/etc/passwd</filename> or
8107 <filename>/etc/group</filename> (using
8108 <command>adduser</command> if it has this facility) if
8109 necessary. Packages which are likely to require further
8110 allocations should have a "hole" left after them in the
8111 allocation, to give them room to grow.
8112 </para>
8113 </listitem>
8114 </varlistentry>
8115 <varlistentry>
8116 <term>65000-65533:</term>
8117 <listitem>
8118 <para>
8119 Reserved.
8120 </para>
8121 </listitem>
8122 </varlistentry>
8123 <varlistentry>
8124 <term>65534:</term>
8125 <listitem>
8126 <para>
8127 User <literal>nobody</literal>. The corresponding gid
8128 refers to the group <literal>nogroup</literal>.
8129 </para>
8130 </listitem>
8131 </varlistentry>
8132 <varlistentry>
8133 <term>65535:</term>
8134 <listitem>
8135 <para>
8136 This value <emphasis>must not</emphasis> be used, because
8137 it was the error return sentinel value when
8138 <literal>uid_t</literal> was 16 bits.
8139 </para>
8140 </listitem>
8141 </varlistentry>
8142 <varlistentry>
8143 <term>65536-4294967293:</term>
8144 <listitem>
8145 <para>
8146 Dynamically allocated user accounts. By default
8147 <command>adduser</command> will not allocate UIDs and GIDs
8148 in this range, to ease compatibility with legacy systems
8149 where <literal>uid_t</literal> is still 16 bits.
8150 </para>
8151 </listitem>
8152 </varlistentry>
8153 <varlistentry>
8154 <term>4294967294:</term>
8155 <listitem>
8156 <para>
8157 <literal>(uid_t)(-2) == (gid_t)(-2)</literal>
8158 <emphasis>must not</emphasis> be used, because it is used
8159 as the anonymous, unauthenticated user by some NFS
8160 implementations.
8161 </para>
8162 </listitem>
8163 </varlistentry>
8164 <varlistentry>
8165 <term>4294967295:</term>
8166 <listitem>
8167 <para>
8168 <literal>(uid_t)(-1) == (gid_t)(-1)</literal>
8169 <emphasis>must not</emphasis> be used, because it is the
8170 error return sentinel value.
8171 </para>
8172 </listitem>
8173 </varlistentry>
8174 </variablelist>
8175 </section>
8176 </section>
8178 <section id="s-sysvinit">
8179 <title>System run levels and <filename>init.d</filename> scripts</title>
8181 <section id="s-etc-init.d">
8182 <title>Introduction</title>
8184 <para>
8185 The <filename>/etc/init.d</filename> directory contains the
8186 scripts executed by <command>init</command> at boot time and
8187 when the init state (or "runlevel") is changed (see
8188 <citerefentry><refentrytitle>init</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
8189 </para>
8190 <para>
8191 There are at least two different, yet functionally equivalent,
8192 ways of handling these scripts. For the sake of simplicity,
8193 this document describes only the symbolic link method. However,
8194 it must not be assumed by maintainer scripts that this method is
8195 being used, and any automated manipulation of the various
8196 runlevel behaviors by maintainer scripts must be performed using
8197 <command>update-rc.d</command> as described below and not by
8198 manually installing or removing symlinks. For information on
8199 the implementation details of the other method, implemented in
8200 the <literal>file-rc</literal> package, please refer to the
8201 documentation of that package.
8202 </para>
8203 <para>
8204 These scripts are referenced by symbolic links in the
8205 <filename>/etc/rc<replaceable>n</replaceable>.d</filename>
8206 directories. When changing runlevels, <command>init</command>
8207 looks in the directory
8208 <filename>/etc/rc<replaceable>n</replaceable>.d</filename> for
8209 the scripts it should execute, where
8210 <literal><replaceable>n</replaceable></literal> is the runlevel
8211 that is being changed to, or <literal>S</literal> for the
8212 boot-up scripts.
8213 </para>
8214 <para>
8215 The names of the links all have the form
8216 <filename>S<replaceable>mm</replaceable><replaceable>script</replaceable></filename>
8217 or
8218 <filename>K<replaceable>mm</replaceable><replaceable>script</replaceable></filename>
8219 where <replaceable>mm</replaceable> is a two-digit number and
8220 <replaceable>script</replaceable> is the name of the script
8221 (this should be the same as the name of the actual script in
8222 <filename>/etc/init.d</filename>).
8223 </para>
8224 <para>
8225 When <command>init</command> changes runlevel first the targets
8226 of the links whose names start with a <literal>K</literal> are
8227 executed, each with the single argument <literal>stop</literal>,
8228 followed by the scripts prefixed with an <literal>S</literal>,
8229 each with the single argument <literal>start</literal>. (The
8230 links are those in the
8231 <filename>/etc/rc<replaceable>n</replaceable>.d</filename>
8232 directory corresponding to the new runlevel.) The
8233 <literal>K</literal> links are responsible for killing services
8234 and the <literal>S</literal> link for starting services upon
8235 entering the runlevel.
8236 </para>
8237 <para>
8238 For example, if we are changing from runlevel 2 to runlevel 3,
8239 init will first execute all of the <literal>K</literal> prefixed
8240 scripts it finds in <filename>/etc/rc3.d</filename>, and then
8241 all of the <literal>S</literal> prefixed scripts in that
8242 directory. The links starting with <literal>K</literal> will
8243 cause the referred-to file to be executed with an argument of
8244 <literal>stop</literal>, and the <literal>S</literal> links with
8245 an argument of <literal>start</literal>.
8246 </para>
8247 <para>
8248 The two-digit number <replaceable>mm</replaceable> is used to
8249 determine the order in which to run the scripts: low-numbered
8250 links have their scripts run first. For example, the
8251 <literal>K20</literal> scripts will be executed before the
8252 <literal>K30</literal> scripts. This is used when a certain
8253 service must be started before another. For example, the name
8254 server <command>bind</command> might need to be started before
8255 the news server <command>inn</command> so that
8256 <command>inn</command> can set up its access lists. In this
8257 case, the script that starts <command>bind</command> would have
8258 a lower number than the script that starts
8259 <command>inn</command> so that it runs first:
8260 </para>
8261 <screen>
8262 /etc/rc2.d/S17bind
8263 /etc/rc2.d/S70inn</screen>
8264 <para>
8265 The two runlevels 0 (halt) and 6 (reboot) are slightly
8266 different. In these runlevels, the links with an
8267 <literal>S</literal> prefix are still called after those with a
8268 <literal>K</literal> prefix, but they too are called with the
8269 single argument <literal>stop</literal>.
8270 </para>
8271 </section>
8273 <section id="s-writing-init">
8274 <title>Writing the scripts</title>
8276 <para>
8277 Packages that include daemons for system services should place
8278 scripts in <filename>/etc/init.d</filename> to start or stop
8279 services at boot time or during a change of runlevel. These
8280 scripts should be named
8281 <filename>/etc/init.d/<replaceable>package</replaceable></filename>,
8282 and they should accept one argument, saying what to do:
8283 </para>
8284 <variablelist>
8285 <varlistentry>
8286 <term><literal>start</literal></term>
8287 <listitem>
8288 <para>
8289 start the service,
8290 </para>
8291 </listitem>
8292 </varlistentry>
8293 <varlistentry>
8294 <term><literal>stop</literal></term>
8295 <listitem>
8296 <para>
8297 stop the service,
8298 </para>
8299 </listitem>
8300 </varlistentry>
8301 <varlistentry>
8302 <term><literal>restart</literal></term>
8303 <listitem>
8304 <para>
8305 stop and restart the service if it's already running,
8306 otherwise start the service
8307 </para>
8308 </listitem>
8309 </varlistentry>
8310 <varlistentry>
8311 <term><literal>try-restart</literal></term>
8312 <listitem>
8313 <para>
8314 restart the service if it's already running, otherwise
8315 just report success.
8316 </para>
8317 </listitem>
8318 </varlistentry>
8319 <varlistentry>
8320 <term><literal>reload</literal></term>
8321 <listitem>
8322 <para>
8323 cause the configuration of the service to be reloaded
8324 without actually stopping and restarting the service,
8325 </para>
8326 </listitem>
8327 </varlistentry>
8328 <varlistentry>
8329 <term><literal>force-reload</literal></term>
8330 <listitem>
8331 <para>
8332 cause the configuration to be reloaded if the service
8333 supports this, otherwise restart the service.
8334 </para>
8335 </listitem>
8336 </varlistentry>
8337 <varlistentry>
8338 <term><literal>status</literal></term>
8339 <listitem>
8340 <para>
8341 report the current status of the service
8342 </para>
8343 </listitem>
8344 </varlistentry>
8345 </variablelist>
8346 <para>
8347 The <literal>start</literal>, <literal>stop</literal>,
8348 <literal>restart</literal>, and <literal>force-reload</literal>
8349 options should be supported by all scripts in
8350 <filename>/etc/init.d</filename>. Supporting
8351 <literal>status</literal> is recommended but not required. The
8352 <literal>reload</literal> and <literal>try-restart</literal>
8353 options are optional.
8354 </para>
8355 <para>
8356 The <filename>init.d</filename> scripts must ensure that they
8357 will behave sensibly (i.e., returning success and not starting
8358 multiple copies of a service) if invoked with
8359 <literal>start</literal> when the service is already running, or
8360 with <literal>stop</literal> when it isn't, and that they don't
8361 kill unfortunately-named user processes. The best way to
8362 achieve this is usually to use
8363 <command>start-stop-daemon</command> with the
8364 <literal>--oknodo</literal> option.
8365 </para>
8366 <para>
8367 Be careful of using <literal>set -e</literal> in
8368 <filename>init.d</filename> scripts. Writing correct
8369 <filename>init.d</filename> scripts requires accepting various
8370 error exit statuses when daemons are already running or already
8371 stopped without aborting the <filename>init.d</filename> script,
8372 and common <filename>init.d</filename> function libraries are
8373 not safe to call with <literal>set -e</literal> in
8374 effect.
8375 <footnote>
8376 <para>
8377 <literal>/lib/lsb/init-functions</literal>, which assists in
8378 writing LSB-compliant init scripts, may fail if <literal>set
8379 -e</literal> is in effect and echoing status messages to the
8380 console fails, for example.
8381 </para>
8382 </footnote>
8383 For <literal>init.d</literal> scripts, it's often easier to not
8384 use <literal>set -e</literal> and instead check the result of
8385 each command separately.
8386 </para>
8387 <para>
8388 If a service reloads its configuration automatically (as in the
8389 case of <command>cron</command>, for example), the
8390 <literal>reload</literal> option of the
8391 <filename>init.d</filename> script should behave as if the
8392 configuration has been reloaded successfully.
8393 </para>
8394 <para>
8395 The <filename>/etc/init.d</filename> scripts must be treated as
8396 configuration files, either (if they are present in the package,
8397 that is, in the .deb file) by marking them as
8398 <literal>conffile</literal>s, or, (if they do not exist in the
8399 .deb) by managing them correctly in the maintainer scripts (see
8400 <xref linkend="s-config-files"/>). This is important since we
8401 want to give the local system administrator the chance to adapt
8402 the scripts to the local system, e.g., to disable a service
8403 without de-installing the package, or to specify some special
8404 command line options when starting a service, while making sure
8405 their changes aren't lost during the next package upgrade.
8406 </para>
8407 <para>
8408 These scripts should not fail obscurely when the configuration
8409 files remain but the package has been removed, as configuration
8410 files remain on the system after the package has been removed.
8411 Only when <command>dpkg</command> is executed with the
8412 <literal>--purge</literal> option will configuration files be
8413 removed. In particular, as the
8414 <filename>/etc/init.d/<replaceable>package</replaceable></filename>
8415 script itself is usually a <literal>conffile</literal>, it will
8416 remain on the system if the package is removed but not purged.
8417 Therefore, you should include a <literal>test</literal>
8418 statement at the top of the script, like this:
8419 </para>
8420 <programlisting>
8421 test -f <replaceable>program-executed-later-in-script</replaceable> || exit 0</programlisting>
8422 <para>
8423 Often there are some variables in the
8424 <filename>init.d</filename> scripts whose values control the
8425 behavior of the scripts, and which a system administrator is
8426 likely to want to change. As the scripts themselves are
8427 frequently <literal>conffile</literal>s, modifying them requires
8428 that the administrator merge in their changes each time the
8429 package is upgraded and the <literal>conffile</literal> changes.
8430 To ease the burden on the system administrator, such
8431 configurable values should not be placed directly in the script.
8432 Instead, they should be placed in a file in
8433 <filename>/etc/default</filename>, which typically will have the
8434 same base name as the <filename>init.d</filename> script. This
8435 extra file should be sourced by the script when the script runs.
8436 It must contain only variable settings and comments in SUSv3
8437 <command>sh</command> format. It may either be a
8438 <literal>conffile</literal> or a configuration file maintained
8439 by the package maintainer scripts. See <xref
8440 linkend="s-config-files"/> for more details.
8441 </para>
8442 <para>
8443 To ensure that vital configurable values are always available,
8444 the <filename>init.d</filename> script should set default values
8445 for each of the shell variables it uses, either before sourcing
8446 the <filename>/etc/default/</filename> file or afterwards using
8447 something like the <literal>: ${VAR:=default}</literal> syntax.
8448 Also, the <filename>init.d</filename> script must behave
8449 sensibly and not fail if the <filename>/etc/default</filename>
8450 file is deleted.
8451 </para>
8452 <para>
8453 Files and directories under <filename>/run</filename>, including
8454 ones referred to via the compatibility paths
8455 <filename>/var/run</filename> and
8456 <filename>/var/lock</filename>, are normally stored on a
8457 temporary filesystem and are normally not persistent across a
8458 reboot. The <filename>init.d</filename> scripts must handle
8459 this correctly. This will typically mean creating any required
8460 subdirectories dynamically when the <filename>init.d</filename>
8461 script is run. See <xref linkend="s-fhs-run"/> for more
8462 information.
8463 </para>
8464 </section>
8466 <section id="s9.3.3">
8467 <title>Interfacing with init systems</title>
8469 <para>
8470 Maintainers should use the abstraction layer provided by the
8471 <command>update-rc.d</command> and
8472 <command>invoke-rc.d</command> programs to deal with initscripts
8473 in their packages' scripts such as <command>postinst</command>,
8474 <command>prerm</command> and <command>postrm</command>.
8475 </para>
8476 <para>
8477 Directly managing the /etc/rc?.d links and directly invoking the
8478 <filename>/etc/init.d/</filename> initscripts should be done
8479 only by packages providing the initscript subsystem (such as
8480 <command>sysv-rc</command> and <command>file-rc</command>).
8481 </para>
8483 <section id="s9.3.3.1">
8484 <title>Managing the links</title>
8486 <para>
8487 The program <command>update-rc.d</command> is provided for
8488 package maintainers to arrange for the proper creation and
8489 removal of
8490 <filename>/etc/rc<replaceable>n</replaceable>.d</filename>
8491 symbolic links, or their functional equivalent if another
8492 method is being used. This may be used by maintainers in
8493 their packages' <command>postinst</command> and
8494 <command>postrm</command> scripts.
8495 </para>
8496 <para>
8497 You must not include any
8498 <filename>/etc/rc<replaceable>n</replaceable>.d</filename>
8499 symbolic links in the actual archive or manually create or
8500 remove the symbolic links in maintainer scripts; you must use
8501 the <command>update-rc.d</command> program instead. (The
8502 former will fail if an alternative method of maintaining
8503 runlevel information is being used.) You must not include the
8504 <filename>/etc/rc<replaceable>n</replaceable>.d</filename>
8505 directories themselves in the archive either. (Only the
8506 <literal>sysvinit</literal> package may do so.)
8507 </para>
8508 <para>
8509 To get the default behavior for your package, put in your
8510 <command>postinst</command> script
8511 </para>
8512 <programlisting>
8513 update-rc.d <replaceable>package</replaceable> defaults</programlisting>
8514 <para>
8515 and in your <command>postrm</command>
8516 </para>
8517 <programlisting>
8518 if [ "$1" = purge ]; then
8519 update-rc.d <replaceable>package</replaceable> remove
8520 fi</programlisting>
8521 <para>
8522 Note that if your package changes runlevels or priority, you
8523 may have to remove and recreate the links, since otherwise the
8524 old links may persist. Refer to the documentation of
8525 <command>update-rc.d</command>.
8526 </para>
8527 <para>
8528 For more information about using
8529 <literal>update-rc.d</literal>, please consult its man page
8530 <citerefentry><refentrytitle>update-rc.d</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
8531 </para>
8532 <para>
8533 It is easiest for packages not to call
8534 <command>update-rc.d</command> directly, but instead use
8535 debhelper programs that add the required
8536 <command>update-rc.d</command> calls automatically. See
8537 <command>dh_installinit</command>,
8538 <command>dh_systemd_enable</command>, etc.
8539 </para>
8540 </section>
8542 <section id="s9.3.3.2">
8543 <title>Running initscripts</title>
8545 <para>
8546 The program <command>invoke-rc.d</command> is provided to make
8547 it easier for package maintainers to properly invoke an
8548 initscript, obeying runlevel and other locally-defined
8549 constraints that might limit a package's right to start, stop
8550 and otherwise manage services. This program may be used by
8551 maintainers in their packages' scripts.
8552 </para>
8553 <para>
8554 The package maintainer scripts must use
8555 <command>invoke-rc.d</command> to invoke the
8556 <filename>/etc/init.d/*</filename> initscripts or
8557 equivalent, instead of calling them directly.
8558 </para>
8559 <para>
8560 By default, <command>invoke-rc.d</command> will pass any
8561 action requests (start, stop, reload, restart...) to the
8562 <filename>/etc/init.d</filename> script, filtering out
8563 requests to start or restart a service out of its intended
8564 runlevels.
8565 </para>
8566 <para>
8567 Most packages will simply use:
8568 </para>
8569 <programlisting>
8570 invoke-rc.d <replaceable>package</replaceable> <replaceable>action</replaceable></programlisting>
8571 <para>
8572 in their <command>postinst</command> and
8573 <command>prerm</command> scripts.
8574 </para>
8575 <para>
8576 A package should register its initscript services using
8577 <command>update-rc.d</command> before it tries to invoke them
8578 using <command>invoke-rc.d</command>. Invocation of
8579 unregistered services may fail.
8580 </para>
8581 <para>
8582 For more information about using
8583 <command>invoke-rc.d</command>, please consult its man page
8584 <citerefentry><refentrytitle>invoke-rc.d</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
8585 </para>
8586 <para>
8587 It is easiest for packages not to call
8588 <command>invoke-rc.d</command> directly, but instead use
8589 debhelper programs that add the required
8590 <command>invoke-rc.d</command> calls automatically. See
8591 <command>dh_installinit</command>,
8592 <command>dh_systemd_start</command>, etc.
8593 </para>
8594 </section>
8596 </section>
8598 <section id="s9.3.4">
8599 <title>Boot-time initialization</title>
8601 <para>
8602 This section has been deleted.
8603 </para>
8604 </section>
8606 <section id="s9.3.5">
8607 <title>Example</title>
8609 <para>
8610 Examples on which you can base your systemd integration on
8611 is available in the man page
8612 <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
8613 An example on which you can base your
8614 <filename>/etc/init.d</filename> scripts is found in
8615 <filename>/etc/init.d/skeleton</filename>.
8616 </para>
8617 </section>
8618 </section>
8620 <section id="s9.4">
8621 <title>Console messages from <filename>init.d</filename> scripts</title>
8623 <para>
8624 This section has been deleted.
8625 </para>
8626 </section>
8628 <section id="s-cron-jobs">
8629 <title>Cron jobs</title>
8631 <para>
8632 Packages must not modify the configuration file
8633 <filename>/etc/crontab</filename>, and they must not modify the
8634 files in <filename>/var/spool/cron/crontabs</filename>.
8635 </para>
8636 <para>
8637 If a package wants to install a job that has to be executed via
8638 cron, it should place a file named as specified in <xref
8639 linkend="s-cron-files"/> into one or more of the following
8640 directories:
8641 </para>
8642 <itemizedlist spacing="compact">
8643 <listitem><para><filename>/etc/cron.hourly</filename></para></listitem>
8644 <listitem><para><filename>/etc/cron.daily</filename></para></listitem>
8645 <listitem><para><filename>/etc/cron.weekly</filename></para></listitem>
8646 <listitem><para><filename>/etc/cron.monthly</filename></para></listitem>
8647 </itemizedlist>
8648 <para>
8649 As these directory names imply, the files within them are executed
8650 on an hourly, daily, weekly, or monthly basis, respectively. The
8651 exact times are listed in <filename>/etc/crontab</filename>.
8652 </para>
8653 <para>
8654 All files installed in any of these directories must be scripts
8655 (e.g., shell scripts or Perl scripts) so that they can easily be
8656 modified by the local system administrator. In addition, they
8657 must be treated as configuration files.
8658 </para>
8659 <para>
8660 If a certain job has to be executed at some other frequency or at
8661 a specific time, the package should install a file in
8662 <filename>/etc/cron.d</filename> with a name as specified in <xref
8663 linkend="s-cron-files"/>. This file uses the same syntax as
8664 <filename>/etc/crontab</filename> and is processed by
8665 <command>cron</command> automatically. The file must also be
8666 treated as a configuration file. (Note that entries in the
8667 <filename>/etc/cron.d</filename> directory are not handled by
8668 <command>anacron</command>. Thus, you should only use this
8669 directory for jobs which may be skipped if the system is not
8670 running.)
8671 </para>
8672 <para>
8673 Unlike <filename>crontab</filename> files described in the IEEE
8674 Std 1003.1-2008 (POSIX.1) available from <ulink
8675 url="https://www.opengroup.org/onlinepubs/9699919799/">The Open
8676 Group</ulink>, the files in <filename>/etc/cron.d</filename> and
8677 the file <filename>/etc/crontab</filename> have seven fields;
8678 namely:
8679 </para>
8680 <orderedlist numeration="arabic" spacing="compact">
8681 <listitem>
8682 <para>
8683 Minute [0,59]
8684 </para>
8685 </listitem>
8686 <listitem>
8687 <para>
8688 Hour [0,23]
8689 </para>
8690 </listitem>
8691 <listitem>
8692 <para>
8693 Day of the month [1,31]
8694 </para>
8695 </listitem>
8696 <listitem>
8697 <para>
8698 Month of the year [1,12]
8699 </para>
8700 </listitem>
8701 <listitem>
8702 <para>
8703 Day of the week ([0,6] with 0=Sunday)
8704 </para>
8705 </listitem>
8706 <listitem>
8707 <para>
8708 Username
8709 </para>
8710 </listitem>
8711 <listitem>
8712 <para>
8713 Command to be run
8714 </para>
8715 </listitem>
8716 </orderedlist>
8717 <para>
8718 Ranges of numbers are allowed. Ranges are two numbers separated
8719 with a hyphen. The specified range is inclusive. Lists are
8720 allowed. A list is a set of numbers (or ranges) separated by
8721 commas. Step values can be used in conjunction with ranges.
8722 </para>
8723 <para>
8724 The scripts or <literal>crontab</literal> entries in these
8725 directories should check if all necessary programs are installed
8726 before they try to execute them. Otherwise, problems will arise
8727 when a package was removed but not purged since configuration
8728 files are kept on the system in this situation.
8729 </para>
8730 <para>
8731 Any <literal>cron</literal> daemon must provide
8732 <filename>/usr/bin/crontab</filename> and support normal
8733 <literal>crontab</literal> entries as specified in POSIX. The
8734 daemon must also support names for days and months, ranges, and
8735 step values. It has to support <filename>/etc/crontab</filename>,
8736 and correctly execute the scripts in
8737 <filename>/etc/cron.d</filename>. The daemon must also correctly
8738 execute scripts in
8739 <filename>/etc/cron.{hourly,daily,weekly,monthly}</filename>.
8740 </para>
8742 <section id="s-cron-files">
8743 <title>Cron job file names</title>
8745 <para>
8746 The file name of a cron job file should normally match the name
8747 of the package from which it comes.
8748 </para>
8749 <para>
8750 If a package supplies multiple cron job files files in the same
8751 directory, the file names should all start with the name of the
8752 package (possibly modified as described below) followed by a
8753 hyphen (<literal>-</literal>) and a suitable suffix.
8754 </para>
8755 <para>
8756 A cron job file name must not include any period or plus
8757 characters (<literal>.</literal> or <literal>+</literal>)
8758 characters as this will cause cron to ignore the file.
8759 Underscores (<literal>_</literal>) should be used instead of
8760 <literal>.</literal> and <literal>+</literal> characters.
8761 </para>
8762 </section>
8763 </section>
8765 <section id="s-menus">
8766 <title>Menus</title>
8768 <para>
8769 Packages shipping applications that comply with minimal
8770 requirements described below for integration with desktop
8771 environments should register these applications in the desktop
8772 menu, following the <emphasis>FreeDesktop</emphasis> standard,
8773 using text files called <emphasis>desktop entries</emphasis>.
8774 Their format is described in the <emphasis>Desktop Entry
8775 Specification</emphasis> at <ulink
8776 url="https://standards.freedesktop.org/desktop-entry-spec/latest/">https://standards.freedesktop.org/desktop-entry-spec/latest/</ulink>
8777 and complementary information can be found in the
8778 <emphasis>Desktop Menu Specification</emphasis> at <ulink
8779 url="https://standards.freedesktop.org/menu-spec/latest/">https://standards.freedesktop.org/menu-spec/latest/</ulink>.
8780 </para>
8781 <para>
8782 The desktop entry files are installed by the packages in the
8783 directory <filename>/usr/share/applications</filename> and the
8784 FreeDesktop menus are refreshed using <emphasis>dpkg
8785 triggers</emphasis>. It is therefore not necessary to depend on
8786 packages providing FreeDesktop menu systems.
8787 </para>
8788 <para>
8789 Entries displayed in the FreeDesktop menu should conform to the
8790 following minima for relevance and visual integration.
8791 </para>
8792 <itemizedlist>
8793 <listitem>
8794 <para>
8795 Unless hidden by default, the desktop entry must point to a
8796 PNG or SVG icon with a transparent background, providing at
8797 least the 22×22 size, and preferably up to 64×64.
8798 The icon should be neutral enough to integrate well with the
8799 default icon themes. It is encouraged to ship the icon in the
8800 default <emphasis>hicolor</emphasis> icon theme directories,
8801 or to use an existing icon from the
8802 <emphasis>hicolor</emphasis> theme.
8803 </para>
8804 </listitem>
8805 <listitem>
8806 <para>
8807 If the menu entry is not useful in the general case as a
8808 standalone application, the desktop entry should set the
8809 <literal>NoDisplay</literal> key to
8810 <replaceable>true</replaceable>, so that it can be configured
8811 to be displayed only by those who need it.
8812 </para>
8813 </listitem>
8814 <listitem>
8815 <para>
8816 In doubt, the package maintainer should coordinate with the
8817 maintainers of menu implementations through the
8818 <emphasis>debian-desktop</emphasis> mailing list in order to
8819 avoid problems with categories or bad interactions with other
8820 icons. Especially for packages which are part of installation
8821 tasks, the contents of the
8822 <literal>NotShowIn</literal>/<literal>OnlyShowIn</literal>
8823 keys should be validated by the maintainers of the relevant
8824 environments.
8825 </para>
8826 </listitem>
8827 </itemizedlist>
8828 <para>
8829 Since the FreeDesktop menu is a cross-distribution standard, the
8830 desktop entries written for Debian should be forwarded upstream,
8831 where they will benefit to other users and are more likely to
8832 receive extra contributions such as translations.
8833 </para>
8834 <para>
8835 If a package installs a FreeDesktop desktop entry, it must not
8836 also install a Debian menu entry.
8837 </para>
8838 </section>
8840 <section id="s-mime">
8841 <title>Multimedia handlers</title>
8843 <para>
8844 Media types (formerly known as MIME types, Multipurpose Internet
8845 Mail Extensions, RFCs 2045-2049) is a mechanism for encoding files
8846 and data streams and providing meta-information about them, in
8847 particular their type and format (e.g.
8848 <literal>image/png</literal>, <literal>text/html</literal>,
8849 <literal>audio/ogg</literal>).
8850 </para>
8851 <para>
8852 Registration of media type handlers allows programs like mail user
8853 agents and web browsers to invoke these handlers to view, edit or
8854 display media types they don't support directly.
8855 </para>
8856 <para>
8857 There are two overlapping systems to associate media types to
8858 programs which can handle them. The <emphasis>mailcap</emphasis>
8859 system is found on a large number of Unix systems. The
8860 <emphasis>FreeDesktop</emphasis> system is aimed at Desktop
8861 environments. In Debian, FreeDesktop entries are automatically
8862 translated in mailcap entries, therefore packages already using
8863 desktop entries should not use the mailcap system directly.
8864 </para>
8866 <section id="s-media-types-freedesktop">
8867 <title>
8868 Registration of media type handlers with desktop entries
8869 </title>
8871 <para>
8872 Packages shipping an application able to view, edit or point to
8873 files of a given media type, or open links with a given URI
8874 scheme, should list it in the <literal>MimeType</literal> key of
8875 the application's <link linkend="s-menus">desktop entry</link>.
8876 For URI schemes, the relevant MIME types are
8877 <literal>x-scheme-handler/*</literal> (e.g.
8878 <literal>x-scheme-handler/https</literal>).
8879 </para>
8880 </section>
8882 <section id="s-mailcap">
8883 <title>Registration of media type handlers with mailcap entries</title>
8885 <para>
8886 Packages that are not using desktop entries for registration
8887 should install a file in
8888 <citerefentry><refentrytitle>mailcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>
8889 format (RFC 1524) in the directory
8890 <filename>/usr/lib/mime/packages/</filename>. The file name
8891 should be the binary package's name.
8892 </para>
8893 <para>
8894 The <systemitem role="package">mime-support</systemitem> package
8895 provides the <command>update-mime</command> program, which
8896 integrates these registrations in the
8897 <filename>/etc/mailcap</filename> file, using dpkg
8898 triggers.
8899 <footnote>
8900 <para>
8901 Creating, modifying or removing a file in
8902 <filename>/usr/lib/mime/packages/</filename> using
8903 maintainer scripts will not activate the trigger. In that
8904 case, it can be done by calling <literal>dpkg-trigger
8905 --no-await /usr/lib/mime/packages</literal> from the
8906 maintainer script after creating, modifying, or removing the
8907 file.
8908 </para>
8909 </footnote>
8910 </para>
8911 <para>
8912 Packages installing desktop entries should not install mailcap
8913 entries for the same program, because the <systemitem
8914 role="package">mime-support</systemitem> package already reads
8915 desktop entries.
8916 </para>
8917 <para>
8918 Packages using these facilities <emphasis>should not</emphasis>
8919 depend on, recommend, or suggest
8920 <command>mime-support</command>.
8921 </para>
8922 </section>
8924 <section id="s-file-media-type">
8925 <title>Providing media types to files</title>
8927 <para>
8928 The media type of a file is discovered by inspecting the file's
8929 extension or its
8930 <citerefentry><refentrytitle>magic</refentrytitle><manvolnum>5</manvolnum></citerefentry>
8931 pattern, and interrogating a database associating them with
8932 media types.
8933 </para>
8934 <para>
8935 To support new associations between media types and files, their
8936 characteristic file extensions and magic patterns should be
8937 registered to the IANA (Internet Assigned Numbers Authority).
8938 See <ulink
8939 url="https://www.iana.org/assignments/media-types">https://www.iana.org/assignments/media-types</ulink>
8940 and RFC 6838 for details. This information will then propagate
8941 to the systems discovering file media types in Debian, provided
8942 by the <systemitem role="package">shared-mime-info</systemitem>,
8943 <systemitem role="package">mime-support</systemitem> and
8944 <systemitem role="package">file</systemitem> packages. If
8945 registration and propagation can not be waited for, support can
8946 be asked to the maintainers of the packages mentioned above.
8947 </para>
8948 <para>
8949 For files that are produced and read by a single application, it
8950 is also possible to declare this association to the
8951 <emphasis>Shared MIME Info</emphasis> system by installing in
8952 the directory <filename>/usr/share/mime/packages</filename> a
8953 file in the XML format specified at <ulink
8954 url="https://standards.freedesktop.org/shared-mime-info-spec/latest/">https://standards.freedesktop.org/shared-mime-info-spec/latest/</ulink>.
8955 </para>
8956 </section>
8957 </section>
8959 <section id="s9.8">
8960 <title>Keyboard configuration</title>
8962 <para>
8963 To achieve a consistent keyboard configuration so that all
8964 applications interpret a keyboard event the same way, all programs
8965 in the Debian distribution must be configured to comply with the
8966 following guidelines.
8967 </para>
8968 <para>
8969 The following keys must have the specified interpretations:
8970 </para>
8971 <variablelist>
8972 <varlistentry>
8973 <term><literal><--</literal></term>
8974 <listitem>
8975 <para>
8976 delete the character to the left of the cursor
8977 </para>
8978 </listitem>
8979 </varlistentry>
8980 <varlistentry>
8981 <term><literal>Delete</literal></term>
8982 <listitem>
8983 <para>
8984 delete the character to the right of the cursor
8985 </para>
8986 </listitem>
8987 </varlistentry>
8988 <varlistentry>
8989 <term><literal>Control+H</literal></term>
8990 <listitem>
8991 <para>
8992 emacs: the help prefix
8993 </para>
8994 </listitem>
8995 </varlistentry>
8996 </variablelist>
8997 <para>
8998 The interpretation of any keyboard events should be independent of
8999 the terminal that is used, be it a virtual console, an X terminal
9000 emulator, an rlogin/telnet session, etc.
9001 </para>
9002 <para>
9003 The following list explains how the different programs should be
9004 set up to achieve this:
9005 </para>
9006 <itemizedlist>
9007 <listitem>
9008 <para>
9009 <literal><--</literal> generates
9010 <literal>KB_BackSpace</literal> in X.
9011 </para>
9012 </listitem>
9013 <listitem>
9014 <para>
9015 <literal>Delete</literal> generates
9016 <literal>KB_Delete</literal> in X.
9017 </para>
9018 </listitem>
9019 <listitem>
9020 <para>
9021 X translations are set up to make
9022 <literal>KB_Backspace</literal> generate ASCII DEL, and to
9023 make <literal>KB_Delete</literal> generate <literal>ESC [ 3
9024 ~</literal> (this is the vt220 escape code for the "delete
9025 character" key). This must be done by loading the X resources
9026 using <command>xrdb</command> on all local X displays, not
9027 using the application defaults, so that the translation
9028 resources used correspond to the <command>xmodmap</command>
9029 settings.
9030 </para>
9031 </listitem>
9032 <listitem>
9033 <para>
9034 The Linux console is configured to make
9035 <literal><--</literal> generate DEL, and
9036 <literal>Delete</literal> generate <literal>ESC [ 3
9037 ~</literal>.
9038 </para>
9039 </listitem>
9040 <listitem>
9041 <para>
9042 X applications are configured so that <literal><</literal>
9043 deletes left, and <literal>Delete</literal> deletes right.
9044 Motif applications already work like this.
9045 </para>
9046 </listitem>
9047 <listitem>
9048 <para>
9049 Terminals should have <literal>stty erase ^?</literal> .
9050 </para>
9051 </listitem>
9052 <listitem>
9053 <para>
9054 The <literal>xterm</literal> terminfo entry should have
9055 <literal>ESC [ 3 ~</literal> for <literal>kdch1</literal>,
9056 just as for <literal>TERM=linux</literal> and
9057 <literal>TERM=vt220</literal>.
9058 </para>
9059 </listitem>
9060 <listitem>
9061 <para>
9062 Emacs is programmed to map <literal>KB_Backspace</literal> or
9063 the <literal>stty erase</literal> character to
9064 <literal>delete-backward-char</literal>, and
9065 <literal>KB_Delete</literal> or <literal>kdch1</literal> to
9066 <literal>delete-forward-char</literal>, and
9067 <literal>^H</literal> to <literal>help</literal> as always.
9068 </para>
9069 </listitem>
9070 <listitem>
9071 <para>
9072 Other applications use the <literal>stty erase</literal>
9073 character and <literal>kdch1</literal> for the two delete
9074 keys, with ASCII DEL being "delete previous character" and
9075 <literal>kdch1</literal> being "delete character under
9076 cursor".
9077 </para>
9078 </listitem>
9079 </itemizedlist>
9080 <para>
9081 This will solve the problem except for the following cases:
9082 </para>
9083 <itemizedlist>
9084 <listitem>
9085 <para>
9086 Some terminals have a <literal><--</literal> key that
9087 cannot be made to produce anything except
9088 <literal>^H</literal>. On these terminals Emacs help will be
9089 unavailable on <literal>^H</literal> (assuming that the
9090 <literal>stty erase</literal> character takes precedence in
9091 Emacs, and has been set correctly). <literal>M-x
9092 help</literal> or <literal>F1</literal> (if available) can be
9093 used instead.
9094 </para>
9095 </listitem>
9096 <listitem>
9097 <para>
9098 Some operating systems use <literal>^H</literal> for
9099 <literal>stty erase</literal>. However, modern telnet
9100 versions and all rlogin versions propagate
9101 <literal>stty</literal> settings, and almost all UNIX versions
9102 honour <literal>stty erase</literal>. Where the
9103 <literal>stty</literal> settings are not propagated correctly,
9104 things can be made to work by using <literal>stty</literal>
9105 manually.
9106 </para>
9107 </listitem>
9108 <listitem>
9109 <para>
9110 Some systems (including previous Debian versions) use
9111 <command>xmodmap</command> to arrange for both
9112 <literal><--</literal> and <literal>Delete</literal> to
9113 generate <literal>KB_Delete</literal>. We can change the
9114 behavior of their X clients using the same X resources that we
9115 use to do it for our own clients, or configure our clients
9116 using their resources when things are the other way around.
9117 On displays configured like this <literal>Delete</literal>
9118 will not work, but <literal><--</literal> will.
9119 </para>
9120 </listitem>
9121 <listitem>
9122 <para>
9123 Some operating systems have different <literal>kdch1</literal>
9124 settings in their <literal>terminfo</literal> database for
9125 <literal>xterm</literal> and others. On these systems the
9126 <literal>Delete</literal> key will not work correctly when you
9127 log in from a system conforming to our policy, but
9128 <literal><--</literal> will.
9129 </para>
9130 </listitem>
9131 </itemizedlist>
9132 </section>
9134 <section id="s9.9">
9135 <title>Environment variables</title>
9137 <para>
9138 Programs installed on the system PATH (<filename>/bin</filename>,
9139 <filename>/usr/bin</filename>, <filename>/sbin</filename>,
9140 <filename>/usr/sbin</filename>, or similar directories) must not
9141 depend on custom environment variable settings to get reasonable
9142 defaults. This is because such environment variables would have
9143 to be set in a system-wide configuration file such as a file in
9144 <filename>/etc/profile.d</filename>, which is not supported by all
9145 shells.
9146 </para>
9147 <para>
9148 If a program usually depends on environment variables for its
9149 configuration, the program should be changed to fall back to a
9150 reasonable default configuration if these environment variables
9151 are not present. If this cannot be done easily (e.g., if the
9152 source code of a non-free program is not available), the program
9153 must be replaced by a small "wrapper" shell script that sets the
9154 environment variables if they are not already defined, and calls
9155 the original program.
9156 </para>
9157 <para>
9158 Here is an example of a wrapper script for this purpose:
9159 </para>
9160 <programlisting>
9161 #!/bin/sh
9162 BAR=${BAR:-/var/lib/fubar}
9163 export BAR
9164 exec /usr/lib/foo/foo "$@"</programlisting>
9165 </section>
9167 <section id="s-doc-base">
9168 <title>Registering Documents using doc-base</title>
9170 <para>
9171 The <systemitem role="package">doc-base</systemitem> package
9172 implements a flexible mechanism for handling and presenting
9173 documentation. The recommended practice is for every Debian
9174 package that provides online documentation (other than just manual
9175 pages) to register these documents with <systemitem
9176 role="package">doc-base</systemitem> by installing a <systemitem
9177 role="package">doc-base</systemitem> control file in
9178 <filename>/usr/share/doc-base/</filename>.
9179 </para>
9180 <para>
9181 Please refer to the documentation that comes with the <systemitem
9182 role="package">doc-base</systemitem> package for information and
9183 details.
9184 </para>
9185 </section>
9187 <section id="s-alternateinit">
9188 <title>Alternate init systems</title>
9190 <para>
9191 A number of other init systems are available now in Debian that
9192 can be used in place of <systemitem
9193 role="package">sysvinit</systemitem>. Alternative init
9194 implementations must support running SysV init scripts as
9195 described at <xref linkend="s-sysvinit"/> for compatibility.
9196 </para>
9197 <para>
9198 Packages may integrate with these replacement init systems by
9199 providing implementation-specific configuration information about
9200 how and when to start a service or in what order to run certain
9201 tasks at boot time. However, any package integrating with other
9202 init systems must also be backwards-compatible with <systemitem
9203 role="package">sysvinit</systemitem> by providing a SysV-style
9204 init script with the same name as and equivalent functionality to
9205 any init-specific job, as this is the only start-up configuration
9206 method guaranteed to be supported by all init implementations. An
9207 exception to this rule is scripts or jobs provided by the init
9208 implementation itself; such jobs may be required for an
9209 implementation-specific equivalent of the
9210 <filename>/etc/rcS.d/</filename> scripts and may not have a
9211 one-to-one correspondence with the init scripts.
9212 </para>
9214 <section id="s-upstart">
9215 <title>Event-based boot with upstart</title>
9217 <para>
9218 The <command>upstart</command> event-based boot system is no
9219 longer maintained in Debian, so this section has been removed.
9220 </para>
9221 </section>
9222 </section>
9223 </chapter>
9225 <chapter id="ch-files">
9226 <title>Files</title>
9228 <section id="s-binaries">
9229 <title>Binaries</title>
9231 <para>
9232 Two different packages must not install programs with different
9233 functionality but with the same filenames. (The case of two
9234 programs having the same functionality but different
9235 implementations is handled via "alternatives" or the "Conflicts"
9236 mechanism. See <xref linkend="s-maintscripts"/> and <xref
9237 linkend="s-conflicts"/> respectively.) If this case happens, one
9238 of the programs must be renamed. The maintainers should report
9239 this to the <literal>debian-devel</literal> mailing list and try
9240 to find a consensus about which program will have to be renamed.
9241 If a consensus cannot be reached, <emphasis>both</emphasis>
9242 programs must be renamed.
9243 </para>
9244 <para>
9245 To support merged-<filename>/usr</filename> systems, packages must
9246 not install files in both
9247 <filename>/<replaceable>path</replaceable></filename> and
9248 <filename>/usr/<replaceable>path</replaceable></filename>. For
9249 example, a package may not install both
9250 <filename>/bin/example</filename> and
9251 <filename>/usr/bin/example</filename>.
9252 </para>
9253 <para>
9254 If a file is moved between
9255 <filename>/<replaceable>path</replaceable></filename> and
9256 <filename>/usr/<replaceable>path</replaceable></filename> in
9257 revisions of a Debian package, and a compatibility symlink at the
9258 old path is needed, the symlink must be managed in a way that will
9259 not break when
9260 <filename>/<replaceable>path</replaceable></filename> and
9261 <filename>/usr/<replaceable>path</replaceable></filename> are the
9262 same underlying directory due to symlinks or other mechanisms.
9263 </para>
9264 <para>
9265 Binary executables must not be statically linked with the GNU C
9266 library, since this prevents the binary from benefiting from fixes
9267 and improvements to the C library without being rebuilt and
9268 complicates security updates. This requirement may be relaxed for
9269 binary executables whose intended purpose is to diagnose and fix
9270 the system in situations where the GNU C library may not be usable
9271 (such as system recovery shells or utilities like ldconfig) or for
9272 binary executables where the security benefits of static linking
9273 outweigh the drawbacks.
9274 </para>
9275 <para>
9276 By default, when a package is being built, any binaries created
9277 should include debugging information, as well as being compiled
9278 with optimization. You should also turn on as many reasonable
9279 compilation warnings as possible; this makes life easier for
9280 porters, who can then look at build logs for possible problems.
9281 For the C programming language, this means the following
9282 compilation parameters should be used:
9283 </para>
9284 <programlisting>
9285 CC = gcc
9286 CFLAGS = -O2 -g -Wall # sane warning options vary between programs
9287 LDFLAGS = # none
9288 INSTALL = install -s # (or use strip on the files in debian/tmp)</programlisting>
9289 <para>
9290 Note that by default all installed binaries should be stripped,
9291 either by using the <literal>-s</literal> flag to
9292 <command>install</command>, or by calling <command>strip</command>
9293 on the binaries after they have been copied into
9294 <filename>debian/tmp</filename> but before the tree is made into a
9295 package.
9296 </para>
9297 <para>
9298 Although binaries in the build tree should be compiled with
9299 debugging information by default, it can often be difficult to
9300 debug programs if they are also subjected to compiler
9301 optimization. For this reason, it is recommended to support the
9302 standardized environment variable
9303 <literal>DEB_BUILD_OPTIONS</literal> (see <xref
9304 linkend="s-debianrules-options"/>). This variable can contain
9305 several flags to change how a package is compiled and built.
9306 </para>
9307 <para>
9308 It is up to the package maintainer to decide what compilation
9309 options are best for the package. Certain binaries (such as
9310 computationally-intensive programs) will function better with
9311 certain flags (<literal>-O3</literal>, for example); feel free to
9312 use them. Please use good judgment here. Don't use flags for the
9313 sake of it; only use them if there is good reason to do so. Feel
9314 free to override the upstream author's ideas about which
9315 compilation options are best: they are often inappropriate for
9316 our environment.
9317 </para>
9318 </section>
9320 <section id="s-libraries">
9321 <title>Libraries</title>
9323 <para>
9324 If the package is <emphasis role="strong">architecture:
9325 any</emphasis>, then the shared library compilation and linking
9326 flags must have <literal>-fPIC</literal>, or the package shall not
9327 build on some of the supported architectures.
9328 <footnote>
9329 <para>
9330 If you are using GCC, <literal>-fPIC</literal> produces code
9331 with relocatable position independent code, which is required
9332 for most architectures to create a shared library, with i386
9333 and perhaps some others where non position independent code is
9334 permitted in a shared library. </para> <para> Position
9335 independent code may have a performance penalty, especially on
9336 <literal>i386</literal>. However, in most cases the speed
9337 penalty must be measured against the memory wasted on the few
9338 architectures where non position independent code is even
9339 possible.
9340 </para>
9341 </footnote>
9342 Any exception to this rule must be discussed on the mailing list
9343 <emphasis>debian-devel@lists.debian.org</emphasis>, and a rough
9344 consensus obtained. The reasons for not compiling with
9345 <literal>-fPIC</literal> flag must be recorded in the file
9346 <literal>README.Debian</literal>, and care must be taken to either
9347 restrict the architecture or arrange for <literal>-fPIC</literal>
9348 to be used on architectures where it is required.
9349 <footnote>
9350 <para>
9351 Some of the reasons why this might be required is if the
9352 library contains hand crafted assembly code that is not
9353 relocatable, the speed penalty is excessive for compute
9354 intensive libs, and similar reasons.
9355 </para>
9356 </footnote>
9357 </para>
9358 <para>
9359 As to the static libraries, the common case is not to have
9360 relocatable code, since there is no benefit, unless in specific
9361 cases; therefore the static version must not be compiled with the
9362 <literal>-fPIC</literal> flag. Any exception to this rule should
9363 be discussed on the mailing list
9364 <emphasis>debian-devel@lists.debian.org</emphasis>, and the
9365 reasons for compiling with the <literal>-fPIC</literal> flag must
9366 be recorded in the file <literal>README.Debian</literal>.
9367 <footnote>
9368 <para>
9369 Some of the reasons for linking static libraries with the
9370 <literal>-fPIC</literal> flag are if, for example, one needs a
9371 Perl API for a library that is under rapid development, and
9372 has an unstable API, so shared libraries are pointless at this
9373 phase of the library's development. In that case, since Perl
9374 needs a library with relocatable code, it may make sense to
9375 create a static library with relocatable code. Another reason
9376 cited is if you are distilling various libraries into a common
9377 shared library, like <literal>mklibs</literal> does in the
9378 Debian installer project.
9379 </para>
9380 </footnote>
9381 </para>
9382 <para>
9383 In other words, if both a shared and a static library is being
9384 built, each source unit (<literal>*.c</literal>, for example, for
9385 C files) will need to be compiled twice, for the normal case.
9386 </para>
9387 <para>
9388 Libraries should be built with threading support and to be
9389 thread-safe if the library supports this.
9390 </para>
9391 <para>
9392 Although not enforced by the build tools, shared libraries must be
9393 linked against all libraries that they use symbols from in the
9394 same way that binaries are. This ensures the correct functioning
9395 of the <link linkend="s-sharedlibs-symbols">symbols</link> and
9396 <link linkend="s-sharedlibs-shlibdeps">shlibs</link> systems and
9397 guarantees that all libraries can be safely opened with
9398 <literal>dlopen()</literal>. Packagers may wish to use the gcc
9399 option <literal>-Wl,-z,defs</literal> when building a shared
9400 library. Since this option enforces symbol resolution at build
9401 time, a missing library reference will be caught early as a fatal
9402 build error.
9403 </para>
9404 <para>
9405 All installed shared libraries should be stripped with
9406 </para>
9407 <screen>
9408 strip --strip-unneeded <replaceable>your-lib</replaceable></screen>
9409 <para>
9410 (The option <literal>--strip-unneeded</literal> makes
9411 <command>strip</command> remove only the symbols which aren't
9412 needed for relocation processing.) Shared libraries can function
9413 perfectly well when stripped, since the symbols for dynamic
9414 linking are in a separate part of the ELF object
9415 file.
9416 <footnote>
9417 <para>
9418 You might also want to use the options
9419 <literal>--remove-section=.comment</literal> and
9420 <literal>--remove-section=.note</literal> on both shared
9421 libraries and executables, and
9422 <literal>--strip-debug</literal> on static libraries.
9423 </para>
9424 </footnote>
9425 </para>
9426 <para>
9427 Note that under some circumstances it may be useful to install a
9428 shared library unstripped, for example when building a separate
9429 package to support debugging.
9430 </para>
9431 <para>
9432 Shared object files (often <filename>.so</filename> files) that
9433 are not public libraries, that is, they are not meant to be linked
9434 to by third party executables (binaries of other packages), should
9435 be installed in subdirectories of the
9436 <filename>/usr/lib</filename> directory. Such files are exempt
9437 from the rules that govern ordinary shared libraries, except that
9438 they must not be installed executable and should be
9439 stripped.<footnote><para> A common example are the so-called
9440 "plug-ins", internal shared objects that are dynamically loaded by
9441 programs using
9442 <citerefentry><refentrytitle>dlopen</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
9443 </para> </footnote>
9444 </para>
9445 <para>
9446 Packages that use <command>libtool</command> to create and install
9447 their shared libraries install a file containing additional
9448 metadata (ending in <filename>.la</filename>) alongside the
9449 library. For public libraries intended for use by other packages,
9450 these files normally should not be included in the Debian package,
9451 since the information they include is not necessary to link with
9452 the shared library on Debian and can add unnecessary additional
9453 dependencies to other programs or libraries.
9454 <footnote>
9455 <para>
9456 These files store, among other things, all libraries on which
9457 that shared library depends. Unfortunately, if the
9458 <filename>.la</filename> file is present and contains that
9459 dependency information, using <command>libtool</command> when
9460 linking against that library will cause the resulting program
9461 or library to be linked against those dependencies as well,
9462 even if this is unnecessary. This can create unneeded
9463 dependencies on shared library packages that would otherwise
9464 be hidden behind the library ABI, and can make library
9465 transitions to new SONAMEs unnecessarily complicated and
9466 difficult to manage.
9467 </para>
9468 </footnote>
9469 If the <filename>.la</filename> file is required for that library
9470 (if, for instance, it's loaded via <literal>libltdl</literal> in a
9471 way that requires that meta-information), the
9472 <literal>dependency_libs</literal> setting in the
9473 <filename>.la</filename> file should normally be set to the empty
9474 string. If the shared library development package has
9475 historically included the <filename>.la</filename>, it must be
9476 retained in the development package (with
9477 <literal>dependency_libs</literal> emptied) until all libraries
9478 that depend on it have removed or emptied
9479 <literal>dependency_libs</literal> in their
9480 <filename>.la</filename> files to prevent linking with those other
9481 libraries using <command>libtool</command> from failing.
9482 </para>
9483 <para>
9484 If the <filename>.la</filename> must be included, it should be
9485 included in the development (<literal>-dev</literal>) package,
9486 unless the library will be loaded by <command>libtool</command>'s
9487 <literal>libltdl</literal> library. If it is intended for use
9488 with <literal>libltdl</literal>, the <filename>.la</filename>
9489 files must go in the run-time library package.
9490 </para>
9491 <para>
9492 These requirements for handling of <filename>.la</filename> files
9493 do not apply to loadable modules or libraries not installed in
9494 directories searched by default by the dynamic linker. Packages
9495 installing loadable modules will frequently need to install the
9496 <filename>.la</filename> files alongside the modules so that they
9497 can be loaded by <literal>libltdl</literal>.
9498 <literal>dependency_libs</literal> does not need to be modified
9499 for libraries or modules that are not installed in directories
9500 searched by the dynamic linker by default and not intended for use
9501 by other packages.
9502 </para>
9503 <para>
9504 You must make sure that you use only released versions of shared
9505 libraries to build your packages; otherwise other users will not
9506 be able to run your binaries properly. Producing source packages
9507 that depend on unreleased compilers is also usually a bad idea.
9508 </para>
9509 </section>
9511 <section id="s10.3">
9512 <title>Shared libraries</title>
9514 <para>
9515 This section has moved to <xref linkend="ch-sharedlibs"/>.
9516 </para>
9517 </section>
9519 <section id="s-scripts">
9520 <title>Scripts</title>
9522 <para>
9523 All command scripts, including the package maintainer scripts
9524 inside the package and used by <command>dpkg</command>, should
9525 have a <literal>#!</literal> line naming the shell to be used to
9526 interpret them.
9527 </para>
9528 <para>
9529 In the case of Perl scripts this should be
9530 <literal>#!/usr/bin/perl</literal>.
9531 </para>
9532 <para>
9533 When scripts are installed into a directory in the system PATH,
9534 the script name should not include an extension such as
9535 <literal>.sh</literal> or <literal>.pl</literal> that denotes the
9536 scripting language currently used to implement it.
9537 </para>
9538 <para>
9539 Shell scripts (<command>sh</command> and <command>bash</command>)
9540 other than <filename>init.d</filename> scripts should almost
9541 certainly start with <literal>set -e</literal> so that errors are
9542 detected. <filename>init.d</filename> scripts are something of a
9543 special case, due to how frequently they need to call commands
9544 that are allowed to fail, and it may instead be easier to check
9545 the exit status of commands directly. See <xref
9546 linkend="s-writing-init"/> for more information about writing
9547 <filename>init.d</filename> scripts.
9548 </para>
9549 <para>
9550 Every script should use <literal>set -e</literal> or check the
9551 exit status of <emphasis>every</emphasis> command.
9552 </para>
9553 <para>
9554 Scripts may assume that <filename>/bin/sh</filename> implements
9555 the SUSv3 Shell Command Language
9556 <footnote>
9557 <para>
9558 Single UNIX Specification, version 3, which is also IEEE
9559 1003.1-2004 (POSIX), and is available on the World Wide Web
9560 from <ulink url="http://www.unix.org/version3/online.html">The
9561 Open Group</ulink> after free registration.
9562 </para>
9563 </footnote>
9564 plus the following additional features not mandated by
9565 SUSv3:
9566 <footnote>
9567 <para>
9568 These features are in widespread use in the Linux community
9569 and are implemented in all of bash, dash, and ksh, the most
9570 common shells users may wish to use as
9571 <filename>/bin/sh</filename>.
9572 </para>
9573 </footnote>
9574 </para>
9575 <itemizedlist>
9576 <listitem>
9577 <para>
9578 <literal>echo -n</literal>, if implemented as a shell
9579 built-in, must not generate a newline.
9580 </para>
9581 </listitem>
9582 <listitem>
9583 <para>
9584 <literal>test</literal>, if implemented as a shell built-in,
9585 must support <literal>-a</literal> and <literal>-o</literal>
9586 as binary logical operators.
9587 </para>
9588 </listitem>
9589 <listitem>
9590 <para>
9591 <literal>local</literal> to create a scoped variable must be
9592 supported, including listing multiple variables in a single
9593 local command and assigning a value to a variable at the same
9594 time as localizing it. <literal>local</literal> may or may
9595 not preserve the variable value from an outer scope if no
9596 assignment is present. Uses such as:
9597 </para>
9598 <programlisting>
9599 fname () {
9600 local a b c=delta d
9601 # ... use a, b, c, d ...
9602 }</programlisting>
9603 <para>
9604 must be supported and must set the value of
9605 <literal>c</literal> to <literal>delta</literal>.
9606 </para>
9607 </listitem>
9608 <listitem>
9609 <para>
9610 The XSI extension to <command>kill</command> allowing
9611 <literal>kill -<replaceable>signal</replaceable></literal>,
9612 where <replaceable>signal</replaceable> is either the name of
9613 a signal or one of the numeric signals listed in the XSI
9614 extension (0, 1, 2, 3, 6, 9, 14, and 15), must be supported if
9615 <command>kill</command> is implemented as a shell built-in.
9616 </para>
9617 </listitem>
9618 <listitem>
9619 <para>
9620 The XSI extension to <command>trap</command> allowing numeric
9621 signals must be supported. In addition to the signal numbers
9622 listed in the extension, which are the same as for
9623 <command>kill</command> above, 13 (SIGPIPE) must be allowed.
9624 </para>
9625 </listitem>
9626 </itemizedlist>
9627 <para>
9628 If a shell script requires non-SUSv3 features from the shell
9629 interpreter other than those listed above, the appropriate shell
9630 must be specified in the first line of the script (e.g.,
9631 <literal>#!/bin/bash</literal>) and the package must depend on the
9632 package providing the shell (unless the shell package is marked
9633 "Essential", as in the case of <command>bash</command>).
9634 </para>
9635 <para>
9636 You may wish to restrict your script to SUSv3 features plus the
9637 above set when possible so that it may use
9638 <filename>/bin/sh</filename> as its interpreter. Checking your
9639 script with <command>checkbashisms</command> from the <systemitem
9640 role="package">devscripts</systemitem> package or running your
9641 script with an alternate shell such as <command>posh</command> may
9642 help uncover violations of the above requirements. If in doubt
9643 whether a script complies with these requirements, use
9644 <filename>/bin/bash</filename>.
9645 </para>
9646 <para>
9647 Perl scripts should check for errors when making any system calls,
9648 including <literal>open</literal>, <literal>print</literal>,
9649 <literal>close</literal>, <literal>rename</literal> and
9650 <literal>system</literal>.
9651 </para>
9652 <para>
9653 <command>csh</command> and <command>tcsh</command> should be
9654 avoided as scripting languages. See <emphasis>Csh Programming
9655 Considered Harmful</emphasis>, one of the
9656 <literal>comp.unix.*</literal> FAQs, which can be found at <ulink
9657 url="http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/">http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/</ulink>.
9658 If an upstream package comes with <command>csh</command> scripts
9659 then you must make sure that they start with
9660 <literal>#!/bin/csh</literal> and make your package depend on the
9661 <command>c-shell</command> virtual package.
9662 </para>
9663 <para>
9664 Any scripts which create files in world-writeable directories
9665 (e.g., in <filename>/tmp</filename>) must use a mechanism which
9666 will fail atomically if a file with the same name already exists.
9667 </para>
9668 <para>
9669 The Debian base system provides the <command>tempfile</command>
9670 and <command>mktemp</command> utilities for use by scripts for
9671 this purpose.
9672 </para>
9673 </section>
9675 <section id="s10.5">
9676 <title>Symbolic links</title>
9678 <para>
9679 In general, symbolic links within a top-level directory should be
9680 relative, and symbolic links pointing from one top-level directory
9681 to or into another should be absolute. (A top-level directory is
9682 a sub-directory of the root directory <filename>/</filename>.) For
9683 example, a symbolic link from <filename>/usr/lib/foo</filename> to
9684 <filename>/usr/share/bar</filename> should be relative
9685 (<filename>../share/bar</filename>), but a symbolic link from
9686 <filename>/var/run</filename> to <filename>/run</filename> should
9687 be absolute.
9688 <footnote>
9689 <para>
9690 This is necessary to allow top-level directories to be
9691 symlinks. If linking <filename>/var/run</filename> to
9692 <filename>/run</filename> were done with the relative symbolic
9693 link <filename>../run</filename>, but
9694 <filename>/var</filename> were a symbolic link to
9695 <filename>/srv/disk1</filename>, the symbolic link would point
9696 to <filename>/srv/run</filename> rather than the intended
9697 target.
9698 </para>
9699 </footnote>
9700 Symbolic links must not traverse above the root directory.
9701 </para>
9702 <para>
9703 In addition, symbolic links should be specified as short as
9704 possible, i.e., link targets like <filename>foo/../bar</filename>
9705 are deprecated.
9706 </para>
9707 <para>
9708 Note that when creating a relative link using
9709 <command>ln</command> it is not necessary for the target of the
9710 link to exist relative to the working directory you're running
9711 <command>ln</command> from, nor is it necessary to change
9712 directory to the directory where the link is to be made. Simply
9713 include the string that should appear as the target of the link
9714 (this will be a pathname relative to the directory in which the
9715 link resides) as the first argument to <command>ln</command>.
9716 </para>
9717 <para>
9718 For example, in your <command>Makefile</command> or
9719 <filename>debian/rules</filename>, you can do things like:
9720 </para>
9721 <programlisting>
9722 ln -fs gcc $(prefix)/bin/cc
9723 ln -fs gcc debian/tmp/usr/bin/cc
9724 ln -fs ../sbin/sendmail $(prefix)/bin/runq
9725 ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq</programlisting>
9726 <para>
9727 A symbolic link pointing to a compressed file (in the sense that
9728 it is meant to be uncompressed with <command>unzip</command> or
9729 <command>zless</command> etc.) should always have the same file
9730 extension as the referenced file. (For example, if a file
9731 <filename>foo.gz</filename> is referenced by a symbolic link, the
9732 filename of the link has to end with "<filename>.gz</filename>"
9733 too, as in <filename>bar.gz</filename>.)
9734 </para>
9735 </section>
9737 <section id="s10.6">
9738 <title>Device files</title>
9740 <para>
9741 Packages must not include device files or named pipes in the
9742 package file tree.
9743 </para>
9744 <para>
9745 Debian packages should assume that device files in
9746 <filename>/dev</filename> are dynamically managed by the kernel or
9747 some other system facility and do not have to be explicitly
9748 created or managed by the package. Debian packages other than
9749 those whose purpose is to manage the <filename>/dev</filename>
9750 device file tree must not attempt to create or remove device files
9751 in <filename>/dev</filename> when a dynamic device management
9752 facility is in use.
9753 </para>
9754 <para>
9755 If named pipes or device files outside of
9756 <filename>/dev</filename> are required by a package, they should
9757 normally be created when necessary by the programs in the package,
9758 by init scripts or systemd unit files, or by similar on-demand
9759 mechanisms. If such files need to be created during package
9760 installation, they must be created in the
9761 <command>postinst</command> maintainer script
9762 <footnote>
9763 <para>
9764 It's better to use <command>mkfifo</command> rather than
9765 <command>mknod</command> to create named pipes to avoid false
9766 positives from automated checks for packages incorrectly
9767 creating device files.
9768 </para>
9769 </footnote>
9770 and removed in either the <command>prerm</command> or the
9771 <command>postrm</command> maintainer script.
9772 </para>
9773 </section>
9775 <section id="s-config-files">
9776 <title>Configuration files</title>
9778 <section id="s10.7.1">
9779 <title>Definitions</title>
9781 <variablelist>
9782 <varlistentry>
9783 <term>configuration file</term>
9784 <listitem>
9785 <para>
9786 A file that affects the operation of a program, or
9787 provides site- or host-specific information, or otherwise
9788 customizes the behavior of a program. Typically,
9789 configuration files are intended to be modified by the
9790 system administrator (if needed or desired) to conform to
9791 local policy or to provide more useful site-specific
9792 behavior.
9793 </para>
9794 </listitem>
9795 </varlistentry>
9796 <varlistentry>
9797 <term><literal>conffile</literal></term>
9798 <listitem>
9799 <para>
9800 A file listed in a package's <literal>conffiles</literal>
9801 file, and is treated specially by <command>dpkg</command>
9802 (see <xref linkend="s-configdetails"/>).
9803 </para>
9804 </listitem>
9805 </varlistentry>
9806 </variablelist>
9807 <para>
9808 The distinction between these two is important; they are not
9809 interchangeable concepts. Almost all
9810 <literal>conffile</literal>s are configuration files, but many
9811 configuration files are not <literal>conffiles</literal>.
9812 </para>
9813 <para>
9814 As noted elsewhere, <filename>/etc/init.d</filename> scripts,
9815 <filename>/etc/default</filename> files, scripts installed in
9816 <filename>/etc/cron.{hourly,daily,weekly,monthly}</filename>,
9817 and cron configuration installed in
9818 <filename>/etc/cron.d</filename> must be treated as
9819 configuration files. In general, any script that embeds
9820 configuration information is de-facto a configuration file and
9821 should be treated as such.
9822 </para>
9823 </section>
9825 <section id="s10.7.2">
9826 <title>Location</title>
9828 <para>
9829 Any configuration files created or used by your package must
9830 reside in <filename>/etc</filename>. If there are several,
9831 consider creating a subdirectory of <filename>/etc</filename>
9832 named after your package.
9833 </para>
9834 <para>
9835 If your package creates or uses configuration files outside of
9836 <filename>/etc</filename>, and it is not feasible to modify the
9837 package to use <filename>/etc</filename> directly, put the files
9838 in <filename>/etc</filename> and create symbolic links to those
9839 files from the location that the package requires.
9840 </para>
9841 </section>
9843 <section id="s10.7.3">
9844 <title>Behavior</title>
9846 <para>
9847 Configuration file handling must conform to the following
9848 behavior:
9849 </para>
9850 <itemizedlist>
9851 <listitem>
9852 <para>
9853 local changes must be preserved during a package upgrade,
9854 and
9855 </para>
9856 </listitem>
9857 <listitem>
9858 <para>
9859 configuration files must be preserved when the package is
9860 removed, and only deleted when the package is purged.
9861 </para>
9862 </listitem>
9863 </itemizedlist>
9864 <para>
9865 Obsolete configuration files without local changes should be
9866 removed by the package during upgrade.
9867 <footnote>
9868 <para>
9869 The <command>dpkg-maintscript-helper</command> tool,
9870 available from the <systemitem
9871 role="package">dpkg</systemitem> package, can help for this
9872 task.
9873 </para>
9874 </footnote>
9875 </para>
9876 <para>
9877 The easy way to achieve this behavior is to make the
9878 configuration file a <literal>conffile</literal>. This is
9879 appropriate only if it is possible to distribute a default
9880 version that will work for most installations, although some
9881 system administrators may choose to modify it. This implies
9882 that the default version will be part of the package
9883 distribution, and must not be modified by the maintainer scripts
9884 during installation (or at any other time).
9885 </para>
9886 <para>
9887 In order to ensure that local changes are preserved correctly,
9888 no package may contain or make hard links to
9889 conffiles.<footnote><para> Rationale: There are two problems
9890 with hard links. The first is that some editors break the link
9891 while editing one of the files, so that the two files may
9892 unwittingly become unlinked and different. The second is that
9893 <command>dpkg</command> might break the hard link while
9894 upgrading <literal>conffile</literal>s. </para>
9895 </footnote>
9896 </para>
9897 <para>
9898 The other way to do it is via the maintainer scripts. In this
9899 case, the configuration file must not be listed as a
9900 <literal>conffile</literal> and must not be part of the package
9901 distribution. If the existence of a file is required for the
9902 package to be sensibly configured it is the responsibility of
9903 the package maintainer to provide maintainer scripts which
9904 correctly create, update and maintain the file and remove it on
9905 purge. (See <xref linkend="ch-maintainerscripts"/> for more
9906 information.) These scripts must be idempotent (i.e., must work
9907 correctly if <command>dpkg</command> needs to re-run them due to
9908 errors during installation or removal), must cope with all the
9909 variety of ways <command>dpkg</command> can call maintainer
9910 scripts, must not overwrite or otherwise mangle the user's
9911 configuration without asking, must not ask unnecessary questions
9912 (particularly during upgrades), and must otherwise be good
9913 citizens.
9914 </para>
9915 <para>
9916 The scripts are not required to configure every possible option
9917 for the package, but only those necessary to get the package
9918 running on a given system. Ideally the sysadmin should not have
9919 to do any configuration other than that done
9920 (semi-)automatically by the <command>postinst</command> script.
9921 </para>
9922 <para>
9923 A common practice is to create a script called
9924 <filename><replaceable>package</replaceable>-configure</filename>
9925 and have the package's <command>postinst</command> call it if
9926 and only if the configuration file does not already exist. In
9927 certain cases it is useful for there to be an example or
9928 template file which the maintainer scripts use. Such files
9929 should be in
9930 <filename>/usr/share/<replaceable>package</replaceable></filename>
9931 or
9932 <filename>/usr/lib/<replaceable>package</replaceable></filename>
9933 (depending on whether they are architecture-independent or not).
9934 There should be symbolic links to them from
9935 <filename>/usr/share/doc/<replaceable>package</replaceable>/examples</filename>
9936 if they are examples, and should be perfectly ordinary
9937 <command>dpkg</command>-handled files (<emphasis>not</emphasis>
9938 configuration files).
9939 </para>
9940 <para>
9941 These two styles of configuration file handling must not be
9942 mixed, for that way lies madness: <command>dpkg</command> will
9943 ask about overwriting the file every time the package is
9944 upgraded.
9945 </para>
9946 </section>
9948 <section id="s10.7.4">
9949 <title>Sharing configuration files</title>
9951 <para>
9952 If two or more packages use the same configuration file and it
9953 is reasonable for both to be installed at the same time, one of
9954 these packages must be defined as <emphasis>owner</emphasis> of
9955 the configuration file, i.e., it will be the package which
9956 handles that file as a configuration file. Other packages that
9957 use the configuration file must depend on the owning package if
9958 they require the configuration file to operate. If the other
9959 package will use the configuration file if present, but is
9960 capable of operating without it, no dependency need be declared.
9961 </para>
9962 <para>
9963 If it is desirable for two or more related packages to share a
9964 configuration file <emphasis>and</emphasis> for all of the
9965 related packages to be able to modify that configuration file,
9966 then the following should be done:
9967 </para>
9968 <orderedlist numeration="arabic">
9969 <listitem>
9970 <para>
9971 One of the related packages (the "owning" package) will
9972 manage the configuration file with maintainer scripts as
9973 described in the previous section.
9974 </para>
9975 </listitem>
9976 <listitem>
9977 <para>
9978 The owning package should also provide a program that the
9979 other packages may use to modify the configuration file.
9980 </para>
9981 </listitem>
9982 <listitem>
9983 <para>
9984 The related packages must use the provided program to make
9985 any desired modifications to the configuration file. They
9986 should either depend on the core package to guarantee that
9987 the configuration modifier program is available or accept
9988 gracefully that they cannot modify the configuration file if
9989 it is not. (This is in addition to the fact that the
9990 configuration file may not even be present in the latter
9991 scenario.)
9992 </para>
9993 </listitem>
9994 </orderedlist>
9995 <para>
9996 Sometimes it's appropriate to create a new package which
9997 provides the basic infrastructure for the other packages and
9998 which manages the shared configuration files. (The
9999 <literal>sgml-base</literal> package is a good example.)
10000 </para>
10001 <para>
10002 If the configuration file cannot be shared as described above,
10003 the packages must be marked as conflicting with each other. Two
10004 packages that specify the same file as a
10005 <literal>conffile</literal> must conflict. This is an instance
10006 of the general rule about not sharing files. Neither
10007 alternatives nor diversions are likely to be appropriate in this
10008 case; in particular, <command>dpkg</command> does not handle
10009 diverted <literal>conffile</literal>s well.
10010 </para>
10011 <para>
10012 When two packages both declare the same
10013 <literal>conffile</literal>, they may see left-over
10014 configuration files from each other even though they conflict
10015 with each other. If a user removes (without purging) one of the
10016 packages and installs the other, the new package will take over
10017 the <literal>conffile</literal> from the old package. If the
10018 file was modified by the user, it will be treated the same as
10019 any other locally modified <literal>conffile</literal> during an
10020 upgrade.
10021 </para>
10022 <para>
10023 The maintainer scripts must not alter a
10024 <literal>conffile</literal> of <emphasis>any</emphasis> package,
10025 including the one the scripts belong to.
10026 </para>
10027 </section>
10029 <section id="s10.7.5">
10030 <title>User configuration files ("dotfiles")</title>
10032 <para>
10033 The files in <filename>/etc/skel</filename> will automatically
10034 be copied into new user accounts by <command>adduser</command>.
10035 No other program should reference the files in
10036 <filename>/etc/skel</filename>.
10037 </para>
10038 <para>
10039 Therefore, if a program needs a dotfile to exist in advance in
10040 <filename>$HOME</filename> to work sensibly, that dotfile should
10041 be installed in <filename>/etc/skel</filename> and treated as a
10042 configuration file.
10043 </para>
10044 <para>
10045 However, programs that require dotfiles in order to operate
10046 sensibly are a bad thing, unless they do create the dotfiles
10047 themselves automatically.
10048 </para>
10049 <para>
10050 Furthermore, programs should be configured by the Debian default
10051 installation to behave as closely to the upstream default
10052 behavior as possible.
10053 </para>
10054 <para>
10055 Therefore, if a program in a Debian package needs to be
10056 configured in some way in order to operate sensibly, that should
10057 be done using a site-wide configuration file placed in
10058 <filename>/etc</filename>. Only if the program doesn't support
10059 a site-wide default configuration and the package maintainer
10060 doesn't have time to add it may a default per-user file be
10061 placed in <filename>/etc/skel</filename>.
10062 </para>
10063 <para>
10064 <filename>/etc/skel</filename> should be as empty as we can make
10065 it. This is particularly true because there is no easy (or
10066 necessarily desirable) mechanism for ensuring that the
10067 appropriate dotfiles are copied into the accounts of existing
10068 users when a package is installed.
10069 </para>
10070 </section>
10071 </section>
10073 <section id="s10.8">
10074 <title>Log files</title>
10076 <para>
10077 Log files should usually be named
10078 <filename>/var/log/<replaceable>package</replaceable>.log</filename>.
10079 If you have many log files, or need a separate directory for
10080 permission reasons (<filename>/var/log</filename> is writable only
10081 by <filename>root</filename>), you should usually create a
10082 directory named
10083 <filename>/var/log/<replaceable>package</replaceable></filename>
10084 and place your log files there.
10085 </para>
10086 <para>
10087 Log files must be rotated occasionally so that they don't grow
10088 indefinitely. The best way to do this is to install a log
10089 rotation configuration file in the directory
10090 <filename>/etc/logrotate.d</filename>, normally named
10091 <filename>/etc/logrotate.d/<replaceable>package</replaceable></filename>,
10092 and use the facilities provided by <command>logrotate</command>.
10093 <footnote>
10094 <para>
10095 The traditional approach to log files has been to set up
10096 <emphasis>ad hoc</emphasis> log rotation schemes using simple
10097 shell scripts and cron. While this approach is highly
10098 customizable, it requires quite a lot of sysadmin work. Even
10099 though the original Debian system helped a little by
10100 automatically installing a system which can be used as a
10101 template, this was deemed not enough.
10102 </para>
10103 <para>
10104 The use of <command>logrotate</command>, a program developed
10105 by Red Hat, is better, as it centralizes log management. It
10106 has both a configuration file
10107 (<filename>/etc/logrotate.conf</filename>) and a directory
10108 where packages can drop their individual log rotation
10109 configurations (<filename>/etc/logrotate.d</filename>).
10110 </para>
10111 </footnote>
10112 Here is a good example for a logrotate config file (for more
10113 information see
10114 <citerefentry><refentrytitle>logrotate</refentrytitle><manvolnum>8</manvolnum></citerefentry>):
10115 </para>
10116 <programlisting>
10117 /var/log/foo/*.log {
10118 rotate 12
10119 weekly
10120 compress
10121 missingok
10122 postrotate
10123 start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
10124 endscript
10125 }</programlisting>
10126 <para>
10127 This rotates all files under <filename>/var/log/foo</filename>,
10128 saves 12 compressed generations, and tells the daemon to reopen
10129 its log files after the log rotation. It skips this log rotation
10130 (via <literal>missingok</literal>) if no such log file is present,
10131 which avoids errors if the package is removed but not purged.
10132 </para>
10133 <para>
10134 Log files should be removed when the package is purged (but not
10135 when it is only removed). This should be done by the
10136 <command>postrm</command> script when it is called with the
10137 argument <literal>purge</literal> (see <xref
10138 linkend="s-removedetails"/>).
10139 </para>
10140 </section>
10142 <section id="s-permissions-owners">
10143 <title>Permissions and owners</title>
10145 <para>
10146 The rules in this section are guidelines for general use. If
10147 necessary you may deviate from the details below. However, if you
10148 do so you must make sure that what is done is secure and you
10149 should try to be as consistent as possible with the rest of the
10150 system. You should probably also discuss it on
10151 <command>debian-devel</command> first.
10152 </para>
10153 <para>
10154 Files should be owned by <literal>root:root</literal>, and made
10155 writable only by the owner and universally readable (and
10156 executable, if appropriate), that is mode 644 or 755.
10157 </para>
10158 <para>
10159 Directories should be mode 755 or (for group-writability) mode
10160 2775. The ownership of the directory should be consistent with
10161 its mode: if a directory is mode 2775, it should be owned by the
10162 group that needs write access to it.
10163 <footnote>
10164 <para>
10165 When a package is upgraded, and the owner or permissions of a
10166 file included in the package has changed, dpkg arranges for
10167 the ownership and permissions to be correctly set upon
10168 installation. However, this does not extend to directories;
10169 the permissions and ownership of directories already on the
10170 system does not change on install or upgrade of packages.
10171 This makes sense, since otherwise common directories like
10172 <literal>/usr</literal> would always be in flux. To correctly
10173 change permissions of a directory the package owns, explicit
10174 action is required, usually in the <literal>postinst</literal>
10175 script. Care must be taken to handle downgrades as well, in
10176 that case.
10177 </para>
10178 </footnote>
10179 </para>
10180 <para>
10181 Control information files should be owned by
10182 <literal>root:root</literal> and either mode 644 (for most files)
10183 or mode 755 (for executables such as <link
10184 linkend="s-maintscripts">maintainer scripts</link>).
10185 </para>
10186 <para>
10187 Setuid and setgid executables should be mode 4755 or 2755
10188 respectively, and owned by the appropriate user or group. They
10189 should not be made unreadable (modes like 4711 or 2711 or even
10190 4111); doing so achieves no extra security, because anyone can
10191 find the binary in the freely available Debian package; it is
10192 merely inconvenient. For the same reason you should not restrict
10193 read or execute permissions on non-set-id executables.
10194 </para>
10195 <para>
10196 Some setuid programs need to be restricted to particular sets of
10197 users, using file permissions. In this case they should be owned
10198 by the uid to which they are set-id, and by the group which should
10199 be allowed to execute them. They should have mode 4754; again
10200 there is no point in making them unreadable to those users who
10201 must not be allowed to execute them.
10202 </para>
10203 <para>
10204 It is possible to arrange that the system administrator can
10205 reconfigure the package to correspond to their local security
10206 policy by changing the permissions on a binary: they can do this
10207 by using <command>dpkg-statoverride</command>, as described
10208 below.
10209 <footnote>
10210 <para>
10211 Ordinary files installed by <command>dpkg</command> (as
10212 opposed to <literal>conffile</literal>s and other similar
10213 objects) normally have their permissions reset to the
10214 distributed permissions when the package is reinstalled.
10215 However, the use of <command>dpkg-statoverride</command>
10216 overrides this default behavior.
10217 </para>
10218 </footnote>
10219 Another method you should consider is to create a group for people
10220 allowed to use the program(s) and make any setuid executables
10221 executable only by that group.
10222 </para>
10223 <para>
10224 If you need to create a new user or group for your package there
10225 are two possibilities. Firstly, you may need to make some files
10226 in the binary package be owned by this user or group, or you may
10227 need to compile the user or group id (rather than just the name)
10228 into the binary (though this latter should be avoided if possible,
10229 as in this case you need a statically allocated id).
10230 </para>
10231 <para>
10232 If you need a statically allocated id, you must ask for a user or
10233 group id from the <literal>base-passwd</literal> maintainer, and
10234 must not release the package until you have been allocated one.
10235 Once you have been allocated one you must either make the package
10236 depend on a version of the <literal>base-passwd</literal> package
10237 with the id present in <filename>/etc/passwd</filename> or
10238 <filename>/etc/group</filename>, or arrange for your package to
10239 create the user or group itself with the correct id (using
10240 <literal>adduser</literal>) in its <command>preinst</command> or
10241 <command>postinst</command>. (Doing it in the
10242 <command>postinst</command> is to be preferred if it is possible,
10243 otherwise a pre-dependency will be needed on the
10244 <literal>adduser</literal> package.)
10245 </para>
10246 <para>
10247 On the other hand, the program might be able to determine the uid
10248 or gid from the user or group name at runtime, so that a
10249 dynamically allocated id can be used. In this case you should
10250 choose an appropriate user or group name, discussing this on
10251 <command>debian-devel</command> and checking that it is unique.
10252 When this has been checked you must arrange for your package to
10253 create the user or group if necessary using
10254 <command>adduser</command> in the <command>preinst</command> or
10255 <command>postinst</command> script (again, the latter is to be
10256 preferred if it is possible).
10257 </para>
10258 <para>
10259 Note that changing the numeric value of an id associated with a
10260 name is very difficult, and involves searching the file system for
10261 all appropriate files. You need to think carefully whether a
10262 static or dynamic id is required, since changing your mind later
10263 will cause problems.
10264 </para>
10266 <section id="s10.9.1">
10267 <title>The use of <command>dpkg-statoverride</command></title>
10269 <para>
10270 This section is not intended as policy, but as a description of
10271 the use of <command>dpkg-statoverride</command>.
10272 </para>
10273 <para>
10274 If a system administrator wishes to have a file (or directory or
10275 other such thing) installed with owner and permissions different
10276 from those in the distributed Debian package, they can use the
10277 <command>dpkg-statoverride</command> program to instruct
10278 <command>dpkg</command> to use the different settings every time
10279 the file is installed. Thus the package maintainer should
10280 distribute the files with their normal permissions, and leave it
10281 for the system administrator to make any desired changes. For
10282 example, a daemon which is normally required to be setuid root,
10283 but in certain situations could be used without being setuid,
10284 should be installed setuid in the <literal>.deb</literal>. Then
10285 the local system administrator can change this if they wish. If
10286 there are two standard ways of doing it, the package maintainer
10287 can use <literal>debconf</literal> to find out the preference,
10288 and call <command>dpkg-statoverride</command> in the maintainer
10289 script if necessary to accommodate the system administrator's
10290 choice. Care must be taken during upgrades to not override an
10291 existing setting.
10292 </para>
10293 <para>
10294 Given the above, <command>dpkg-statoverride</command> is
10295 essentially a tool for system administrators and would not
10296 normally be needed in the maintainer scripts. There is one type
10297 of situation, though, where calls to
10298 <command>dpkg-statoverride</command> would be needed in the
10299 maintainer scripts, and that involves packages which use
10300 dynamically allocated user or group ids. In such a situation,
10301 something like the following idiom can be very helpful in the
10302 package's <command>postinst</command>, where
10303 <literal>sysuser</literal> is a dynamically allocated id:
10304 </para>
10305 <programlisting>
10306 for i in /usr/bin/foo /usr/sbin/bar; do
10307 # only do something when no setting exists
10308 if ! dpkg-statoverride --list $i >/dev/null 2>&1; then
10309 #include: debconf processing, question about foo and bar
10310 if [ "$RET" = "true" ] ; then
10311 dpkg-statoverride --update --add sysuser root 4755 $i
10312 fi
10313 fi
10314 done</programlisting>
10315 <para>
10316 The corresponding code to remove the override when the package
10317 is purged would be:
10318 </para>
10319 <programlisting>
10320 for i in /usr/bin/foo /usr/sbin/bar; do
10321 if dpkg-statoverride --list $i >/dev/null 2>&1; then
10322 dpkg-statoverride --remove $i
10323 fi
10324 done</programlisting>
10325 </section>
10326 </section>
10328 <section id="s-filenames">
10329 <title>File names</title>
10331 <para>
10332 The name of the files installed by binary packages in the system
10333 PATH (namely <literal>/bin</literal>, <literal>/sbin</literal>,
10334 <literal>/usr/bin</literal>, <literal>/usr/sbin</literal> and
10335 <literal>/usr/games</literal>) must be encoded in ASCII.
10336 </para>
10337 <para>
10338 The name of the files and directories installed by binary packages
10339 outside the system PATH must be encoded in UTF-8 and should be
10340 restricted to ASCII when it is possible to do so.
10341 </para>
10342 </section>
10343 </chapter>
10345 <chapter id="ch-customized-programs">
10346 <title>Customized programs</title>
10348 <section id="s-arch-spec">
10349 <title>Architecture specification strings</title>
10351 <para>
10352 If a program needs to specify an <emphasis>architecture
10353 specification string</emphasis> in some place, it should select
10354 one of the strings provided by <literal>dpkg-architecture
10355 -L</literal>. The strings are in the format
10356 <literal><replaceable>os</replaceable>-<replaceable>arch</replaceable></literal>,
10357 though the OS part is sometimes elided, as when the OS is Linux.
10358 </para>
10359 <para>
10360 Note that we don't want to use
10361 <literal><replaceable>arch</replaceable>-debian-linux</literal> to
10362 apply to the rule
10363 <literal><replaceable>architecture</replaceable>-<replaceable>vendor</replaceable>-<replaceable>os</replaceable></literal>
10364 since this would make our programs incompatible with other Linux
10365 distributions. We also don't use something like
10366 <literal><replaceable>arch</replaceable>-unknown-linux</literal>,
10367 since the <literal>unknown</literal> does not look very good.
10368 </para>
10370 <section id="s-arch-wildcard-spec">
10371 <title>Architecture wildcards</title>
10373 <para>
10374 A package may specify an architecture wildcard. Architecture
10375 wildcards are in the format <literal>any</literal> (which
10376 matches every architecture),
10377 <literal><replaceable>os</replaceable></literal>-any, or
10378 any-<literal><replaceable>cpu</replaceable></literal>.
10379 <footnote><para> Internally, the package system normalizes the
10380 GNU triplets and the Debian arches into Debian arch triplets
10381 (which are kind of inverted GNU triplets), with the first
10382 component of the triplet representing the libc and ABI in use,
10383 and then does matching against those triplets. However, such
10384 triplets are an internal implementation detail that should not
10385 be used by packages directly. The libc and ABI portion is
10386 handled internally by the package system based on the
10387 <replaceable>os</replaceable> and
10388 <replaceable>cpu</replaceable>. </para>
10389 </footnote>
10390 </para>
10391 </section>
10392 </section>
10394 <section id="s11.2">
10395 <title>Daemons</title>
10397 <para>
10398 The configuration files <filename>/etc/services</filename>,
10399 <filename>/etc/protocols</filename>, and
10400 <filename>/etc/rpc</filename> are managed by the
10401 <command>netbase</command> package and must not be modified by
10402 other packages.
10403 </para>
10404 <para>
10405 If a package requires a new entry in one of these files, the
10406 maintainer should get in contact with the
10407 <command>netbase</command> maintainer, who will add the entries
10408 and release a new version of the <command>netbase</command>
10409 package.
10410 </para>
10411 <para>
10412 The configuration file <filename>/etc/inetd.conf</filename> must
10413 not be modified by the package's scripts except via the
10414 <command>update-inetd</command> script or the
10415 <filename>DebianNet.pm</filename> Perl module. See their
10416 documentation for details on how to add entries.
10417 </para>
10418 <para>
10419 If a package wants to install an example entry into
10420 <filename>/etc/inetd.conf</filename>, the entry must be preceded
10421 with exactly one hash character (<literal>#</literal>). Such
10422 lines are treated as "commented out by user" by the
10423 <command>update-inetd</command> script and are not changed or
10424 activated during package updates.
10425 </para>
10426 </section>
10428 <section id="s11.3">
10429 <title>Using pseudo-ttys and modifying wtmp, utmp and lastlog</title>
10431 <para>
10432 Some programs need to create pseudo-ttys. This should be done
10433 using Unix98 ptys if the C library supports it. The resulting
10434 program must not be installed setuid root, unless that is required
10435 for other functionality.
10436 </para>
10437 <para>
10438 The files <filename>/var/run/utmp</filename>,
10439 <filename>/var/log/wtmp</filename> and
10440 <filename>/var/log/lastlog</filename> must be installed writable
10441 by group <literal>utmp</literal>. Programs which need to modify
10442 those files must be installed setgid <literal>utmp</literal>.
10443 </para>
10444 </section>
10446 <section id="s11.4">
10447 <title>Editors and pagers</title>
10449 <para>
10450 Some programs have the ability to launch an editor or pager
10451 program to edit or display a text document. Since there are lots
10452 of different editors and pagers available in the Debian
10453 distribution, the system administrator and each user should have
10454 the possibility to choose their preferred editor and pager.
10455 </para>
10456 <para>
10457 In addition, every program should choose a good default
10458 editor/pager if none is selected by the user or system
10459 administrator.
10460 </para>
10461 <para>
10462 Thus, every program that launches an editor or pager must use the
10463 EDITOR or PAGER environment variable to determine the editor or
10464 pager the user wishes to use. If these variables are not set, the
10465 programs <filename>/usr/bin/editor</filename> and
10466 <filename>/usr/bin/pager</filename> should be used, respectively.
10467 </para>
10468 <para>
10469 These two files are managed through the <command>dpkg</command>
10470 "alternatives" mechanism. Every package providing an editor or
10471 pager must call the <command>update-alternatives</command> script
10472 to register as an alternative for
10473 <filename>/usr/bin/editor</filename> or
10474 <filename>/usr/bin/pager</filename> as appropriate. The
10475 alternative should have a slave alternative for
10476 <filename>/usr/share/man/man1/editor.1.gz</filename> or
10477 <filename>/usr/share/man/man1/pager.1.gz</filename> pointing to
10478 the corresponding manual page.
10479 </para>
10480 <para>
10481 If it is very hard to adapt a program to make use of the EDITOR or
10482 PAGER variables, that program may be configured to use
10483 <filename>/usr/bin/sensible-editor</filename> and
10484 <filename>/usr/bin/sensible-pager</filename> as the editor or
10485 pager program respectively. These are two scripts provided in the
10486 <systemitem role="package">sensible-utils</systemitem> package
10487 that check the EDITOR and PAGER variables and launch the
10488 appropriate program, and fall back to
10489 <filename>/usr/bin/editor</filename> and
10490 <filename>/usr/bin/pager</filename> if the variable is not set.
10491 </para>
10492 <para>
10493 A program may also use the VISUAL environment variable to
10494 determine the user's choice of editor. If it exists, it should
10495 take precedence over EDITOR. This is in fact what
10496 <filename>/usr/bin/sensible-editor</filename> does.
10497 </para>
10498 <para>
10499 It is not required for a package to depend on
10500 <literal>editor</literal> and <literal>pager</literal>, nor is it
10501 required for a package to provide such virtual
10502 packages.<footnote><para> The Debian base system already provides
10503 an editor and a pager program. </para> </footnote>
10504 </para>
10505 </section>
10507 <section id="s-web-appl">
10508 <title>Web servers and applications</title>
10510 <para>
10511 This section describes the locations and URLs that should be used
10512 by all web servers and web applications in the Debian system.
10513 </para>
10514 <orderedlist numeration="arabic">
10515 <listitem>
10516 <para>
10517 Cgi-bin executable files are installed in the directory
10518 </para>
10519 <screen>/usr/lib/cgi-bin</screen>
10520 <para>
10521 or a subdirectory of that directory, and the script
10522 </para>
10523 <screen>/usr/lib/cgi-bin/.../<replaceable>cgi-bin-name</replaceable></screen>
10524 <para>
10525 should be referred to as
10526 </para>
10527 <screen>http://localhost/cgi-bin/.../<replaceable>cgi-bin-name</replaceable></screen>
10528 </listitem>
10529 <listitem>
10530 <para>
10531 (Deleted)
10532 </para>
10533 </listitem>
10534 <listitem>
10535 <para>
10536 Access to images
10537 </para>
10538 <para>
10539 It is recommended that images for a package be stored in
10540 <literal>/usr/share/images/<replaceable>package</replaceable></literal>
10541 and may be referred to through an alias
10542 <literal>/images/</literal> as
10543 </para>
10544 <screen>
10545 http://localhost/images/<replaceable>package</replaceable>/<replaceable>filename</replaceable></screen>
10546 </listitem>
10547 <listitem>
10548 <para>
10549 Web Document Root
10550 </para>
10551 <para>
10552 Web Applications should try to avoid storing files in the Web
10553 Document Root. Instead they should use the
10554 /usr/share/doc/<replaceable>package</replaceable> directory
10555 for documents and register the Web Application via the
10556 <systemitem role="package">doc-base</systemitem> package. If
10557 access to the web document root is unavoidable then use
10558 </para>
10559 <screen>/var/www/html</screen>
10560 <para>
10561 as the Document Root. This might be just a symbolic link to
10562 the location where the system administrator has put the real
10563 document root.
10564 </para>
10565 </listitem>
10566 <listitem>
10567 <para>
10568 Providing httpd and/or httpd-cgi
10569 </para>
10570 <para>
10571 All web servers should provide the virtual package
10572 <literal>httpd</literal>. If a web server has CGI support it
10573 should provide <literal>httpd-cgi</literal> additionally.
10574 </para>
10575 <para>
10576 All web applications which do not contain CGI scripts should
10577 depend on <literal>httpd</literal>, all those web applications
10578 which <literal>do</literal> contain CGI scripts, should depend
10579 on <literal>httpd-cgi</literal>.
10580 </para>
10581 </listitem>
10582 </orderedlist>
10583 </section>
10585 <section id="s-mail-transport-agents">
10586 <title>Mail transport, delivery and user agents</title>
10588 <para>
10589 Debian packages which process electronic mail, whether mail user
10590 agents (MUAs) or mail transport agents (MTAs), must ensure that
10591 they are compatible with the configuration decisions below.
10592 Failure to do this may result in lost mail, broken
10593 <literal>From:</literal> lines, and other serious brain damage!
10594 </para>
10595 <para>
10596 The mail spool is <filename>/var/mail</filename> and the interface
10597 to send a mail message is <filename>/usr/sbin/sendmail</filename>
10598 (as per the FHS). On older systems, the mail spool may be
10599 physically located in <filename>/var/spool/mail</filename>, but
10600 all access to the mail spool should be via the
10601 <filename>/var/mail</filename> symlink. The mail spool is part of
10602 the base system and not part of the MTA package.
10603 </para>
10604 <para>
10605 All Debian MUAs, MTAs, MDAs and other mailbox accessing programs
10606 (such as IMAP daemons) must lock the mailbox in an NFS-safe way.
10607 This means that <literal>fcntl()</literal> locking must be
10608 combined with dot locking. To avoid deadlocks, a program should
10609 use <literal>fcntl()</literal> first and dot locking after this,
10610 or alternatively implement the two locking methods in a non
10611 blocking way.
10612 <footnote>
10613 <para>
10614 If it is not possible to establish both locks, the system
10615 shouldn't wait for the second lock to be established, but
10616 remove the first lock, wait a (random) time, and start over
10617 locking again.
10618 </para>
10619 </footnote>
10620 Using the functions <literal>maillock</literal> and
10621 <literal>mailunlock</literal> provided by the
10622 <literal>liblockfile*</literal> packages is the recommended way to
10623 accomplish this.
10624 </para>
10625 <para>
10626 Mailboxes are generally either mode 600 and owned by
10627 <replaceable>user</replaceable> or mode 660 and owned by
10628 <literal><replaceable>user</replaceable>:mail</literal>.
10629 <footnote>
10630 <para>
10631 There are two traditional permission schemes for mail spools:
10632 mode 600 with all mail delivery done by processes running as
10633 the destination user, or mode 660 and owned by group mail with
10634 mail delivery done by a process running as a system user in
10635 group mail. Historically, Debian required mode 660 mail
10636 spools to enable the latter model, but that model has become
10637 increasingly uncommon and the principle of least privilege
10638 indicates that mail systems that use the first model should
10639 use permissions of 600. If delivery to programs is permitted,
10640 it's easier to keep the mail system secure if the delivery
10641 agent runs as the destination user. Debian Policy therefore
10642 permits either scheme.
10643 </para>
10644 </footnote>
10645 The local system administrator may choose a different permission
10646 scheme; packages should not make assumptions about the permission
10647 and ownership of mailboxes unless required (such as when creating
10648 a new mailbox). A MUA may remove a mailbox (unless it has
10649 nonstandard permissions) in which case the MTA or another MUA must
10650 recreate it if needed.
10651 </para>
10652 <para>
10653 The mail spool is 2775 <literal>root:mail</literal>, and MUAs
10654 should be setgid mail to do the locking mentioned above (and must
10655 obviously avoid accessing other users' mailboxes using this
10656 privilege).
10657 </para>
10658 <para>
10659 <filename>/etc/aliases</filename> is the source file for the
10660 system mail aliases (e.g., postmaster, usenet, etc.), it is the
10661 one which the sysadmin and <command>postinst</command> scripts may
10662 edit. After <filename>/etc/aliases</filename> is edited the
10663 program or human editing it must call
10664 <command>newaliases</command>. All MTA packages must come with a
10665 <command>newaliases</command> program, even if it does nothing,
10666 but older MTA packages did not do this so programs should not fail
10667 if <command>newaliases</command> cannot be found. Note that
10668 because of this, all MTA packages must have
10669 <literal>Provides</literal>, <literal>Conflicts</literal> and
10670 <literal>Replaces: mail-transport-agent</literal> control fields.
10671 </para>
10672 <para>
10673 The convention of writing <literal>forward to
10674 <replaceable>address</replaceable></literal> in the mailbox itself
10675 is not supported. Use a <literal>.forward</literal> file instead.
10676 </para>
10677 <para>
10678 The <command>rmail</command> program used by UUCP for incoming
10679 mail should be <filename>/usr/sbin/rmail</filename>. Likewise,
10680 <command>rsmtp</command>, for receiving batch-SMTP-over-UUCP,
10681 should be <filename>/usr/sbin/rsmtp</filename> if it is supported.
10682 </para>
10683 <para>
10684 If your package needs to know what hostname to use on (for
10685 example) outgoing news and mail messages which are generated
10686 locally, you should use the file
10687 <filename>/etc/mailname</filename>. It will contain the portion
10688 after the username and <literal>@</literal> (at) sign for email
10689 addresses of users on the machine (followed by a newline).
10690 </para>
10691 <para>
10692 Such a package should check for the existence of this file when it
10693 is being configured. If it exists, it should be used without
10694 comment, although an MTA's configuration script may wish to prompt
10695 the user even if it finds that this file exists. If the file does
10696 not exist, the package should prompt the user for the value
10697 (preferably using <command>debconf</command>) and store it in
10698 <filename>/etc/mailname</filename> as well as using it in the
10699 package's configuration. The prompt should make it clear that the
10700 name will not just be used by that package. For example, in this
10701 situation the <literal>inn</literal> package could say something
10702 like:
10703 </para>
10704 <screen>
10705 Please enter the "mail name" of your system. This is the hostname portion
10706 of the address to be shown on outgoing news and mail messages. The
10707 default is <replaceable>syshostname</replaceable>, your system's host name.
10709 Mail name ["<replaceable>syshostname</replaceable>"]:</screen>
10710 <para>
10711 where <replaceable>syshostname</replaceable> is the output of
10712 <literal>hostname --fqdn</literal>.
10713 </para>
10714 </section>
10716 <section id="s11.7">
10717 <title>News system configuration</title>
10719 <para>
10720 All the configuration files related to the NNTP (news) servers and
10721 clients should be located under <filename>/etc/news</filename>.
10722 </para>
10723 <para>
10724 There are some configuration issues that apply to a number of news
10725 clients and server packages on the machine. These are:
10726 </para>
10727 <variablelist>
10728 <varlistentry>
10729 <term><filename>/etc/news/organization</filename></term>
10730 <listitem>
10731 <para>
10732 A string which should appear as the organization header for
10733 all messages posted by NNTP clients on the machine
10734 </para>
10735 </listitem>
10736 </varlistentry>
10737 <varlistentry>
10738 <term><filename>/etc/news/server</filename></term>
10739 <listitem>
10740 <para>
10741 Contains the FQDN of the upstream NNTP server, or localhost
10742 if the local machine is an NNTP server.
10743 </para>
10744 </listitem>
10745 </varlistentry>
10746 </variablelist>
10747 <para>
10748 Other global files may be added as required for cross-package news
10749 configuration.
10750 </para>
10751 </section>
10753 <section id="s11.8">
10754 <title>Programs for the X Window System</title>
10756 <section id="s11.8.1">
10757 <title>Providing X support and package priorities</title>
10759 <para>
10760 Programs that can be configured with support for the X Window
10761 System must be configured to do so and must declare any package
10762 dependencies necessary to satisfy their runtime requirements
10763 when using the X Window System. If such a package is of higher
10764 priority than the X packages on which it depends, it is required
10765 that either the X-specific components be split into a separate
10766 package, or that an alternative version of the package, which
10767 includes X support, be provided, or that the package's priority
10768 be lowered.
10769 </para>
10770 </section>
10772 <section id="s11.8.2">
10773 <title>Packages providing an X server</title>
10775 <para>
10776 Packages that provide an X server that, directly or indirectly,
10777 communicates with real input and display hardware should declare
10778 in their <literal>Provides</literal> control field that they
10779 provide the virtual package
10780 <literal>xserver</literal>.
10781 <footnote>
10782 <para>
10783 This implements current practice, and provides an actual
10784 policy for usage of the <literal>xserver</literal> virtual
10785 package which appears in the virtual packages list. In a
10786 nutshell, X servers that interface directly with the display
10787 and input hardware or via another subsystem (e.g., GGI)
10788 should provide <literal>xserver</literal>. Things like
10789 <literal>Xvfb</literal>, <literal>Xnest</literal>, and
10790 <literal>Xprt</literal> should not.
10791 </para>
10792 </footnote>
10793 </para>
10794 </section>
10796 <section id="s11.8.3">
10797 <title>Packages providing a terminal emulator</title>
10799 <para>
10800 Packages that provide a terminal emulator for the X Window
10801 System which meet the criteria listed below should declare in
10802 their <literal>Provides</literal> control field that they
10803 provide the virtual package
10804 <literal>x-terminal-emulator</literal>. They should also
10805 register themselves as an alternative for
10806 <filename>/usr/bin/x-terminal-emulator</filename>, with a
10807 priority of 20. That alternative should have a slave
10808 alternative for
10809 <filename>/usr/share/man/man1/x-terminal-emulator.1.gz</filename>
10810 pointing to the corresponding manual page.
10811 </para>
10812 <para>
10813 To be an <literal>x-terminal-emulator</literal>, a program must:
10814 </para>
10815 <itemizedlist>
10816 <listitem>
10817 <para>
10818 Be able to emulate a DEC VT100 terminal, or a compatible
10819 terminal.
10820 </para>
10821 </listitem>
10822 <listitem>
10823 <para>
10824 Support the command-line option <literal>-e
10825 <replaceable>command</replaceable></literal>, which creates
10826 a new terminal window
10827 <footnote>
10828 <para>
10829 "New terminal window" does not necessarily mean a new
10830 top-level X window directly parented by the window
10831 manager; it could, if the terminal emulator application
10832 were so coded, be a new "view" in a multiple-document
10833 interface (MDI).
10834 </para>
10835 </footnote>
10836 and runs the specified <replaceable>command</replaceable>,
10837 interpreting the entirety of the rest of the command line as
10838 a command to pass straight to exec, in the manner that
10839 <literal>xterm</literal> does.
10840 </para>
10841 </listitem>
10842 <listitem>
10843 <para>
10844 Support the command-line option <literal>-T
10845 <replaceable>title</replaceable></literal>, which creates a
10846 new terminal window with the window title
10847 <replaceable>title</replaceable>.
10848 </para>
10849 </listitem>
10850 </itemizedlist>
10851 </section>
10853 <section id="s11.8.4">
10854 <title>Packages providing a window manager</title>
10856 <para>
10857 Packages that provide a window manager should declare in their
10858 <literal>Provides</literal> control field that they provide the
10859 virtual package <literal>x-window-manager</literal>. They
10860 should also register themselves as an alternative for
10861 <filename>/usr/bin/x-window-manager</filename>, with a priority
10862 calculated as follows:
10863 </para>
10864 <itemizedlist>
10865 <listitem>
10866 <para>
10867 Start with a priority of 20.
10868 </para>
10869 </listitem>
10870 <listitem>
10871 <para>
10872 If the window manager supports the Debian menu system, add
10873 20 points if this support is available in the package's
10874 default configuration (i.e., no configuration files
10875 belonging to the system or user have to be edited to
10876 activate the feature); if configuration files must be
10877 modified, add only 10 points.
10878 </para>
10879 </listitem>
10880 <listitem>
10881 <para>
10882 If the window manager complies with <ulink
10883 url="https://www.freedesktop.org/wiki/Specifications/wm-spec">The
10884 Window Manager Specification Project</ulink>, written by the
10885 <ulink url="https://www.freedesktop.org/wiki/">Free Desktop
10886 Group</ulink>, add 40 points.
10887 </para>
10888 </listitem>
10889 <listitem>
10890 <para>
10891 If the window manager permits the X session to be restarted
10892 using a <emphasis>different</emphasis> window manager
10893 (without killing the X server) in its default configuration,
10894 add 10 points; otherwise add none.
10895 </para>
10896 </listitem>
10897 </itemizedlist>
10898 <para>
10899 That alternative should have a slave alternative for
10900 <filename>/usr/share/man/man1/x-window-manager.1.gz</filename>
10901 pointing to the corresponding manual page.
10902 </para>
10903 </section>
10905 <section id="s11.8.5">
10906 <title>Packages providing fonts</title>
10908 <para>
10909 Packages that provide fonts for the X Window
10910 System
10911 <footnote>
10912 <para>
10913 For the purposes of Debian Policy, a "font for the X Window
10914 System" is one which is accessed via X protocol requests.
10915 Fonts for the Linux console, for PostScript renderer, or any
10916 other purpose, do not fit this definition. Any tool which
10917 makes such fonts available to the X Window System, however,
10918 must abide by this font policy.
10919 </para>
10920 </footnote>
10921 must do a number of things to ensure that they are both
10922 available without modification of the X or font server
10923 configuration, and that they do not corrupt files used by other
10924 font packages to register information about themselves.
10925 </para>
10926 <orderedlist numeration="arabic">
10927 <listitem>
10928 <para>
10929 Fonts of any type supported by the X Window System must be
10930 in a separate binary package from any executables,
10931 libraries, or documentation (except that specific to the
10932 fonts shipped, such as their license information). If one
10933 or more of the fonts so packaged are necessary for proper
10934 operation of the package with which they are associated the
10935 font package may be Recommended; if the fonts merely provide
10936 an enhancement, a Suggests relationship may be used.
10937 Packages must not Depend on font packages.
10938 <footnote>
10939 <para>
10940 This is because the X server may retrieve fonts from the
10941 local file system or over the network from an X font
10942 server; the Debian package system is empowered to deal
10943 only with the local file system.
10944 </para>
10945 </footnote>
10946 </para>
10947 </listitem>
10948 <listitem>
10949 <para>
10950 BDF fonts must be converted to PCF fonts with the
10951 <command>bdftopcf</command> utility (available in the
10952 <literal>xfonts-utils</literal> package,
10953 <command>gzip</command>ped, and placed in a directory that
10954 corresponds to their resolution:
10955 </para>
10956 <itemizedlist>
10957 <listitem>
10958 <para>
10959 100 dpi fonts must be placed in
10960 <filename>/usr/share/fonts/X11/100dpi/</filename>.
10961 </para>
10962 </listitem>
10963 <listitem>
10964 <para>
10965 75 dpi fonts must be placed in
10966 <filename>/usr/share/fonts/X11/75dpi/</filename>.
10967 </para>
10968 </listitem>
10969 <listitem>
10970 <para>
10971 Character-cell fonts, cursor fonts, and other
10972 low-resolution fonts must be placed in
10973 <filename>/usr/share/fonts/X11/misc/</filename>.
10974 </para>
10975 </listitem>
10976 </itemizedlist>
10977 </listitem>
10978 <listitem>
10979 <para>
10980 Type 1 fonts must be placed in
10981 <filename>/usr/share/fonts/X11/Type1/</filename>. If font
10982 metric files are available, they must be placed here as
10983 well.
10984 </para>
10985 </listitem>
10986 <listitem>
10987 <para>
10988 Subdirectories of <filename>/usr/share/fonts/X11/</filename>
10989 other than those listed above must be neither created nor
10990 used. (The <filename>PEX</filename>,
10991 <filename>CID</filename>, <filename>Speedo</filename>, and
10992 <filename>cyrillic</filename> directories are excepted for
10993 historical reasons, but installation of files into these
10994 directories remains discouraged.)
10995 </para>
10996 </listitem>
10997 <listitem>
10998 <para>
10999 Font packages may, instead of placing files directly in the
11000 X font directories listed above, provide symbolic links in
11001 that font directory pointing to the files' actual location
11002 in the filesystem. Such a location must comply with the
11003 FHS.
11004 </para>
11005 </listitem>
11006 <listitem>
11007 <para>
11008 Font packages should not contain both 75dpi and 100dpi
11009 versions of a font. If both are available, they should be
11010 provided in separate binary packages with
11011 <literal>-75dpi</literal> or <literal>-100dpi</literal>
11012 appended to the names of the packages containing the
11013 corresponding fonts.
11014 </para>
11015 </listitem>
11016 <listitem>
11017 <para>
11018 Fonts destined for the <filename>misc</filename>
11019 subdirectory should not be included in the same package as
11020 75dpi or 100dpi fonts; instead, they should be provided in a
11021 separate package with <literal>-misc</literal> appended to
11022 its name.
11023 </para>
11024 </listitem>
11025 <listitem>
11026 <para>
11027 Font packages must not provide the files
11028 <filename>fonts.dir</filename>,
11029 <filename>fonts.alias</filename>, or
11030 <filename>fonts.scale</filename> in a font directory:
11031 </para>
11032 <itemizedlist>
11033 <listitem>
11034 <para>
11035 <filename>fonts.dir</filename> files must not be
11036 provided at all.
11037 </para>
11038 </listitem>
11039 <listitem>
11040 <para>
11041 <filename>fonts.alias</filename> and
11042 <filename>fonts.scale</filename> files, if needed,
11043 should be provided in the directory
11044 <filename>/etc/X11/fonts/<replaceable>fontdir</replaceable>/<replaceable>package</replaceable>.<replaceable>extension</replaceable></filename>,
11045 where <replaceable>fontdir</replaceable> is the name of
11046 the subdirectory of
11047 <filename>/usr/share/fonts/X11/</filename> where the
11048 package's corresponding fonts are stored (e.g.,
11049 <literal>75dpi</literal> or <literal>misc</literal>),
11050 <replaceable>package</replaceable> is the name of the
11051 package that provides these fonts, and
11052 <replaceable>extension</replaceable> is either
11053 <literal>scale</literal> or <literal>alias</literal>,
11054 whichever corresponds to the file contents.
11055 </para>
11056 </listitem>
11057 </itemizedlist>
11058 </listitem>
11059 <listitem>
11060 <para>
11061 Font packages must declare a dependency on
11062 <literal>xfonts-utils</literal> in their
11063 <literal>Depends</literal> or <literal>Pre-Depends</literal>
11064 control field.
11065 </para>
11066 </listitem>
11067 <listitem>
11068 <para>
11069 Font packages that provide one or more
11070 <filename>fonts.scale</filename> files as described above
11071 must invoke <command>update-fonts-scale</command> on each
11072 directory into which they installed fonts
11073 <emphasis>before</emphasis> invoking
11074 <command>update-fonts-dir</command> on that directory. This
11075 invocation must occur in both the
11076 <command>postinst</command> (for all arguments) and
11077 <command>postrm</command> (for all arguments except
11078 <literal>upgrade</literal>) scripts.
11079 </para>
11080 </listitem>
11081 <listitem>
11082 <para>
11083 Font packages that provide one or more
11084 <filename>fonts.alias</filename> files as described above
11085 must invoke <command>update-fonts-alias</command> on each
11086 directory into which they installed fonts. This invocation
11087 must occur in both the <command>postinst</command> (for all
11088 arguments) and <command>postrm</command> (for all arguments
11089 except <literal>upgrade</literal>) scripts.
11090 </para>
11091 </listitem>
11092 <listitem>
11093 <para>
11094 Font packages must invoke
11095 <command>update-fonts-dir</command> on each directory into
11096 which they installed fonts. This invocation must occur in
11097 both the <command>postinst</command> (for all arguments) and
11098 <command>postrm</command> (for all arguments except
11099 <literal>upgrade</literal>) scripts.
11100 </para>
11101 </listitem>
11102 <listitem>
11103 <para>
11104 Font packages must not provide alias names for the fonts
11105 they include which collide with alias names already in use
11106 by fonts already packaged.
11107 </para>
11108 </listitem>
11109 <listitem>
11110 <para>
11111 Font packages must not provide fonts with the same XLFD
11112 registry name as another font already packaged.
11113 </para>
11114 </listitem>
11115 </orderedlist>
11116 </section>
11118 <section id="s-appdefaults">
11119 <title>Application defaults files</title>
11121 <para>
11122 Application defaults files must be installed in the directory
11123 <filename>/etc/X11/app-defaults/</filename> (use of a localized
11124 subdirectory of <filename>/etc/X11/</filename> as described in
11125 the <emphasis>X Toolkit Intrinsics - C Language
11126 Interface</emphasis> manual is also permitted). They must be
11127 registered as <literal>conffile</literal>s or handled as
11128 configuration files.
11129 </para>
11130 <para>
11131 Customization of programs' X resources may also be supported
11132 with the provision of a file with the same name as that of the
11133 package placed in the <filename>/etc/X11/Xresources/</filename>
11134 directory, which must be registered as a
11135 <literal>conffile</literal> or handled as a configuration
11136 file.
11137 <footnote>
11138 <para>
11139 Note that this mechanism is not the same as using
11140 app-defaults; app-defaults are tied to the client binary on
11141 the local file system, whereas X resources are stored in the
11142 X server and affect all connecting clients.
11143 </para>
11144 </footnote>
11145 </para>
11146 </section>
11148 <section id="s11.8.7">
11149 <title>Installation directory issues</title>
11151 <para>
11152 Historically, packages using the X Window System used a separate
11153 set of installation directories from other packages. This
11154 practice has been discontinued and packages using the X Window
11155 System should now generally be installed in the same directories
11156 as any other package. Specifically, packages must not install
11157 files under the <filename>/usr/X11R6/</filename> directory and
11158 the <filename>/usr/X11R6/</filename> directory hierarchy should
11159 be regarded as obsolete.
11160 </para>
11161 <para>
11162 Include files previously installed under
11163 <filename>/usr/X11R6/include/X11/</filename> should be installed
11164 into <filename>/usr/include/X11/</filename>. For files
11165 previously installed into subdirectories of
11166 <filename>/usr/X11R6/lib/X11/</filename>, package maintainers
11167 should determine if subdirectories of
11168 <filename>/usr/lib/</filename> and
11169 <filename>/usr/share/</filename> can be used. If not, a
11170 subdirectory of <filename>/usr/lib/X11/</filename> should be
11171 used.
11172 </para>
11173 <para>
11174 Configuration files for window, display, or session managers or
11175 other applications that are tightly integrated with the X Window
11176 System may be placed in a subdirectory of
11177 <filename>/etc/X11/</filename> corresponding to the package
11178 name. Other X Window System applications should use the
11179 <filename>/etc/</filename> directory unless otherwise mandated
11180 by policy (such as for <xref linkend="s-appdefaults"/>).
11181 </para>
11182 </section>
11183 </section>
11185 <section id="s-perl">
11186 <title>Perl programs and modules</title>
11188 <para>
11189 Perl programs and modules should follow the current Perl policy.
11190 </para>
11191 <para>
11192 The Perl policy can be found in the <literal>perl-policy</literal>
11193 files in the <literal>debian-policy</literal> package. It is also
11194 available from the Debian web mirrors at <ulink
11195 url="https://www.debian.org/doc/packaging-manuals/perl-policy/">https://www.debian.org/doc/packaging-manuals/perl-policy/</ulink>.
11196 </para>
11197 </section>
11199 <section id="s-emacs">
11200 <title>Emacs lisp programs</title>
11202 <para>
11203 Please refer to the "Debian Emacs Policy" for details of how to
11204 package emacs lisp programs.
11205 </para>
11206 <para>
11207 The Emacs policy is available in
11208 <filename>debian-emacs-policy.gz</filename> of the <systemitem
11209 role="package">emacsen-common</systemitem> package. It is also
11210 available from the Debian web mirrors at <ulink
11211 url="https://www.debian.org/doc/packaging-manuals/debian-emacs-policy">https://www.debian.org/doc/packaging-manuals/debian-emacs-policy</ulink>.
11212 </para>
11213 </section>
11215 <section id="s11.11">
11216 <title>Games</title>
11218 <para>
11219 The permissions on <filename>/var/games</filename> are mode 755,
11220 owner <literal>root</literal> and group <literal>root</literal>.
11221 </para>
11222 <para>
11223 Each game decides on its own security policy.
11224 </para>
11225 <para>
11226 Games which require protected, privileged access to high-score
11227 files, saved games, etc., may be made
11228 set-<emphasis>group</emphasis>-id (mode 2755) and owned by
11229 <literal>root:games</literal>, and use files and directories with
11230 appropriate permissions (770 <literal>root:games</literal>, for
11231 example). They must not be made set-<emphasis>user</emphasis>-id,
11232 as this causes security problems. (If an attacker can subvert any
11233 set-user-id game they can overwrite the executable of any other,
11234 causing other players of these games to run a Trojan horse
11235 program. With a set-group-id game the attacker only gets access
11236 to less important game data, and if they can get at the other
11237 players' accounts at all it will take considerably more effort.)
11238 </para>
11239 <para>
11240 Some packages, for example some fortune cookie programs, are
11241 configured by the upstream authors to install with their data
11242 files or other static information made unreadable so that they can
11243 only be accessed through set-id programs provided. You should not
11244 do this in a Debian package: anyone can download the
11245 <filename>.deb</filename> file and read the data from it, so there
11246 is no point making the files unreadable. Not making the files
11247 unreadable also means that you don't have to make so many programs
11248 set-id, which reduces the risk of a security hole.
11249 </para>
11250 <para>
11251 As described in the FHS, binaries of games should be installed in
11252 the directory <filename>/usr/games</filename>. This also applies
11253 to games that use the X Window System. Manual pages for games (X
11254 and non-X games) should be installed in
11255 <filename>/usr/share/man/man6</filename>.
11256 </para>
11257 </section>
11258 </chapter>
11260 <chapter id="ch-docs">
11261 <title>Documentation</title>
11263 <section id="s12.1">
11264 <title>Manual pages</title>
11266 <para>
11267 You should install manual pages in <command>nroff</command> source
11268 form, in appropriate places under
11269 <filename>/usr/share/man</filename>. You should only use sections
11270 1 to 9 (see the FHS for more details). You must not install a
11271 pre-formatted "cat page".
11272 </para>
11273 <para>
11274 Each program, utility, and function should have an associated
11275 manual page included in the same package. It is suggested that
11276 all configuration files also have a manual page included as well.
11277 Manual pages for protocols and other auxiliary things are
11278 optional.
11279 </para>
11280 <para>
11281 If no manual page is available, this is considered as a bug and
11282 should be reported to the Debian Bug Tracking System (the
11283 maintainer of the package is allowed to write this bug report
11284 themselves, if they so desire). Do not close the bug report until
11285 a proper man page is available.
11286 <footnote>
11287 <para>
11288 It is not very hard to write a man page. See the <ulink
11289 url="http://www.schweikhardt.net/man_page_howto.html">Man-Page-HOWTO</ulink>,
11290 <citerefentry><refentrytitle>man</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
11291 the examples created by <command>dh_make</command>, the helper
11292 program <command>help2man</command>, or the directory
11293 <filename>/usr/share/doc/man-db/examples</filename>.
11294 </para>
11295 </footnote>
11296 </para>
11297 <para>
11298 You may forward a complaint about a missing man page to the
11299 upstream authors, and mark the bug as forwarded in the Debian bug
11300 tracking system. Even though the GNU Project do not in general
11301 consider the lack of a man page to be a bug, we do; if they tell
11302 you that they don't consider it a bug you should leave the bug in
11303 our bug tracking system open anyway.
11304 </para>
11305 <para>
11306 Manual pages should be installed compressed using <literal>gzip
11307 -9</literal>.
11308 </para>
11309 <para>
11310 If one man page needs to be accessible via several names it is
11311 better to use a symbolic link than the <filename>.so</filename>
11312 feature, but there is no need to fiddle with the relevant parts of
11313 the upstream source to change from <filename>.so</filename> to
11314 symlinks: don't do it unless it's easy. You should not create
11315 hard links in the manual page directories, nor put absolute
11316 filenames in <filename>.so</filename> directives. The filename in
11317 a <filename>.so</filename> in a man page should be relative to the
11318 base of the man page tree (usually
11319 <filename>/usr/share/man</filename>). If you do not create any
11320 links (whether symlinks, hard links, or <literal>.so</literal>
11321 directives) in the file system to the alternate names of the man
11322 page, then you should not rely on <command>man</command> finding
11323 your man page under those names based solely on the information in
11324 the man page's header.
11325 <footnote>
11326 <para>
11327 Supporting this in <command>man</command> often requires
11328 unreasonable processing time to find a manual page or to
11329 report that none exists, and moves knowledge into man's
11330 database that would be better left in the file system. This
11331 support is therefore deprecated and will cease to be present
11332 in the future.
11333 </para>
11334 </footnote>
11335 </para>
11336 <para>
11337 Manual pages in locale-specific subdirectories of
11338 <filename>/usr/share/man</filename> should use either UTF-8 or the
11339 usual legacy encoding for that language (normally the one
11340 corresponding to the shortest relevant locale name in
11341 <filename>/usr/share/i18n/SUPPORTED</filename>). For example,
11342 pages under <filename>/usr/share/man/fr</filename> should use
11343 either UTF-8 or ISO-8859-1.
11344 <footnote>
11345 <para>
11346 <command>man</command> will automatically detect whether UTF-8
11347 is in use. In future, all manual pages will be required to
11348 use UTF-8.
11349 </para>
11350 </footnote>
11351 </para>
11352 <para>
11353 A country name (the <literal>DE</literal> in
11354 <literal>de_DE</literal>) should not be included in the
11355 subdirectory name unless it indicates a significant difference in
11356 the language, as this excludes speakers of the language in other
11357 countries.
11358 <footnote>
11359 <para>
11360 At the time of writing, Chinese and Portuguese are the main
11361 languages with such differences, so
11362 <filename>pt_BR</filename>, <filename>zh_CN</filename>, and
11363 <filename>zh_TW</filename> are all allowed.
11364 </para>
11365 </footnote>
11366 </para>
11367 <para>
11368 If a localized version of a manual page is provided, it should
11369 either be up-to-date or it should be obvious to the reader that it
11370 is outdated and the original manual page should be used instead.
11371 This can be done either by a note at the beginning of the manual
11372 page or by showing the missing or changed portions in the original
11373 language instead of the target language.
11374 </para>
11375 </section>
11377 <section id="s12.2">
11378 <title>Info documents</title>
11380 <para>
11381 Info documents should be installed in
11382 <filename>/usr/share/info</filename>. They should be compressed
11383 with <literal>gzip -9</literal>.
11384 </para>
11385 <para>
11386 The <command>install-info</command> program maintains a directory
11387 of installed info documents in
11388 <filename>/usr/share/info/dir</filename> for the use of info
11389 readers. This file must not be included in packages other than
11390 <systemitem role="package">install-info</systemitem>.
11391 </para>
11392 <para>
11393 <command>install-info</command> is automatically invoked when
11394 appropriate using dpkg triggers. Packages other than <systemitem
11395 role="package">install-info</systemitem> <emphasis>should
11396 not</emphasis> invoke <command>install-info</command> directly and
11397 <emphasis>should not</emphasis> depend on, recommend, or suggest
11398 <systemitem role="package">install-info</systemitem> for this
11399 purpose.
11400 </para>
11401 <para>
11402 Info readers requiring the
11403 <filename>/usr/share/info/dir</filename> file should depend on
11404 <systemitem role="package">install-info</systemitem>.
11405 </para>
11406 <para>
11407 Info documents should contain section and directory entry
11408 information in the document for the use of
11409 <command>install-info</command>. The section should be specified
11410 via a line starting with <literal>INFO-DIR-SECTION</literal>
11411 followed by a space and the section of this info page. The
11412 directory entry or entries should be included between a
11413 <literal>START-INFO-DIR-ENTRY</literal> line and an
11414 <literal>END-INFO-DIR-ENTRY</literal> line. For example:
11415 </para>
11416 <programlisting>
11417 INFO-DIR-SECTION Individual utilities
11418 START-INFO-DIR-ENTRY
11419 * example: (example). An example info directory entry.
11420 END-INFO-DIR-ENTRY</programlisting>
11421 <para>
11422 To determine which section to use, you should look at
11423 <filename>/usr/share/info/dir</filename> on your system and choose
11424 the most relevant (or create a new section if none of the current
11425 sections are relevant).
11426 <footnote>
11427 <para>
11428 Normally, info documents are generated from Texinfo source.
11429 To include this information in the generated info document, if
11430 it is absent, add commands like:
11431 </para>
11432 <programlisting>
11433 @dircategory Individual utilities
11434 @direntry
11435 * example: (example). An example info directory entry.
11436 @end direntry</programlisting>
11437 <para>
11438 to the Texinfo source of the document and ensure that the info
11439 documents are rebuilt from source during the package build.
11440 </para>
11441 </footnote>
11442 </para>
11443 </section>
11445 <section id="s-docs-additional">
11446 <title>Additional documentation</title>
11448 <para>
11449 Any additional documentation that comes with the package may be
11450 installed at the discretion of the package maintainer. It is
11451 often a good idea to include text information files
11452 (<filename>README</filename>s, FAQs, and so forth) that come with
11453 the source package in the binary package. However, you don't need
11454 to install the instructions for building and installing the
11455 package, of course!
11456 </para>
11457 <para>
11458 Plain text documentation should be compressed with <literal>gzip
11459 -9</literal> unless it is small.
11460 </para>
11461 <para>
11462 If a package comes with large amounts of documentation that many
11463 users of the package will not require, you should create a
11464 separate binary package to contain it so that it does not take up
11465 disk space on the machines of users who do not need or want it
11466 installed. As a special case of this rule, shared library
11467 documentation of any appreciable size should always be packaged
11468 with the library development package (<xref
11469 linkend="s-sharedlibs-dev"/>) or in a separate documentation
11470 package, since shared libraries are frequently installed as
11471 dependencies of other packages by users who have little interest
11472 in documentation of the library itself. The documentation package
11473 for the package <replaceable>package</replaceable> is
11474 conventionally named <replaceable>package</replaceable>-doc (or
11475 <replaceable>package</replaceable>-doc-<replaceable>language-code</replaceable>
11476 if there are separate documentation packages for multiple
11477 languages).
11478 </para>
11479 <para>
11480 If <replaceable>package</replaceable> is a build tool, development
11481 tool, command-line tool, or library development package,
11482 <replaceable>package</replaceable> (or
11483 <replaceable>package</replaceable>-dev in the case of a library
11484 development package) already provides documentation in man, info,
11485 or plain text format, and <replaceable>package</replaceable>-doc
11486 provides HTML or other formats, <replaceable>package</replaceable>
11487 should declare at most a <literal>Suggests</literal> on
11488 <replaceable>package</replaceable>-doc. Otherwise,
11489 <replaceable>package</replaceable> should declare at most a
11490 <literal>Recommends</literal> on
11491 <replaceable>package</replaceable>-doc.
11492 </para>
11493 <para>
11494 Additional documentation included in the package should be
11495 installed under
11496 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>.
11497 If the documentation is packaged separately, as
11498 <replaceable>package</replaceable>-doc for example, it may be
11499 installed under either that path or into the documentation
11500 directory for the separate documentation package
11501 (<filename>/usr/share/doc/<replaceable>package</replaceable>-doc</filename>
11502 in this example). However, installing the documentation into the
11503 documentation directory of the main package is preferred since it
11504 is independent of the packaging method and will be easier for
11505 users to find.
11506 </para>
11507 <para>
11508 Any separate package providing documentation must still install
11509 standard documentation files in its own
11510 <filename>/usr/share/doc</filename> directory as specified in the
11511 rest of this policy. See, for example, <xref
11512 linkend="s-copyrightfile"/> and <xref linkend="s-changelogs"/>.
11513 </para>
11514 <para>
11515 Packages must not require the existence of any files in
11516 <filename>/usr/share/doc/</filename> in order to function.
11517 <footnote>
11518 <para>
11519 The system administrator should be able to delete files in
11520 <filename>/usr/share/doc/</filename> without causing any
11521 programs to break.
11522 </para>
11523 </footnote>
11524 Any files that are used or read by programs but are also useful as
11525 stand alone documentation should be installed elsewhere, such as
11526 under
11527 <filename>/usr/share/<replaceable>package</replaceable>/</filename>,
11528 and then included via symbolic links in
11529 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>.
11530 </para>
11531 <para>
11532 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>
11533 may be a symbolic link to another directory in
11534 <filename>/usr/share/doc</filename> only if the two packages both
11535 come from the same source and the first package Depends on the
11536 second.
11537 <footnote>
11538 <para>
11539 Please note that this does not override the section on
11540 changelog files below, so the file
11541 <filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.Debian.gz</filename>
11542 must refer to the changelog for the current version of
11543 <replaceable>package</replaceable> in question. In practice,
11544 this means that the sources of the target and the destination
11545 of the symlink must be the same (same source package and
11546 version).
11547 </para>
11548 </footnote>
11549 </para>
11550 </section>
11552 <section id="s12.4">
11553 <title>Preferred documentation formats</title>
11555 <para>
11556 The unification of Debian documentation is being carried out via
11557 HTML.
11558 </para>
11559 <para>
11560 If the package comes with extensive documentation in a markup
11561 format that can be converted to various other formats you should
11562 if possible ship HTML versions in a binary
11563 package.
11564 <footnote>
11565 <para>
11566 Rationale: The important thing here is that HTML documentation
11567 should be available from <emphasis>some</emphasis> binary
11568 package.
11569 </para>
11570 </footnote>
11571 The documentation must be installed as specified in <xref
11572 linkend="s-docs-additional"/>.
11573 </para>
11574 <para>
11575 Other formats such as PostScript may be provided at the package
11576 maintainer's discretion.
11577 </para>
11578 </section>
11580 <section id="s-copyrightfile">
11581 <title>Copyright information</title>
11583 <para>
11584 Every package must be accompanied by a verbatim copy of its
11585 copyright information and distribution license in the file
11586 <filename>/usr/share/doc/<replaceable>package</replaceable>/copyright</filename>.
11587 This file must neither be compressed nor be a symbolic link.
11588 </para>
11589 <para>
11590 In addition, the copyright file must say where the upstream
11591 sources (if any) were obtained, and should include a name or
11592 contact address for the upstream authors. This can be the
11593 name of an individual or an organization, an email address, a
11594 web forum or bugtracker, or any other means to unambiguously
11595 identify who to contact to participate in the development of
11596 the upstream source code.
11597 </para>
11598 <para>
11599 Packages in the <emphasis>contrib</emphasis> or
11600 <emphasis>non-free</emphasis> archive areas should state in the
11601 copyright file that the package is not part of the Debian
11602 distribution and briefly explain why.
11603 </para>
11604 <para>
11605 A copy of the file which will be installed in
11606 <filename>/usr/share/doc/<replaceable>package</replaceable>/copyright</filename>
11607 should be in <filename>debian/copyright</filename> in the source
11608 package.
11609 </para>
11610 <para>
11611 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>
11612 may be a symbolic link to another directory in
11613 <filename>/usr/share/doc</filename> only if the two packages both
11614 come from the same source and the first package Depends on the
11615 second. These rules are important because
11616 <filename>copyright</filename> files must be extractable by
11617 mechanical means.
11618 </para>
11619 <para>
11620 Packages distributed under the Apache license (version 2.0), the
11621 Artistic license, the GNU GPL (versions 1, 2, or 3), the GNU LGPL
11622 (versions 2, 2.1, or 3), the GNU FDL (versions 1.2 or 1.3), and
11623 the Mozilla Public License (version 1.1 or 2.0) should refer to
11624 the corresponding files under
11625 <filename>/usr/share/common-licenses</filename>,
11626 <footnote>
11627 <para>
11628 In particular,
11629 <filename>/usr/share/common-licenses/Apache-2.0</filename>,
11630 <filename>/usr/share/common-licenses/Artistic</filename>,
11631 <filename>/usr/share/common-licenses/GPL-1</filename>,
11632 <filename>/usr/share/common-licenses/GPL-2</filename>,
11633 <filename>/usr/share/common-licenses/GPL-3</filename>,
11634 <filename>/usr/share/common-licenses/LGPL-2</filename>,
11635 <filename>/usr/share/common-licenses/LGPL-2.1</filename>,
11636 <filename>/usr/share/common-licenses/LGPL-3</filename>,
11637 <filename>/usr/share/common-licenses/GFDL-1.2</filename>,
11638 <filename>/usr/share/common-licenses/GFDL-1.3</filename>,
11639 <filename>/usr/share/common-licenses/MPL-1.1</filename>, and
11640 <filename>/usr/share/common-licenses/MPL-2.0</filename>
11641 respectively. The University of California BSD license is
11642 also included in <systemitem
11643 role="package">base-files</systemitem> as
11644 <filename>/usr/share/common-licenses/BSD</filename>, but given
11645 the brevity of this license, its specificity to code whose
11646 copyright is held by the Regents of the University of
11647 California, and the frequency of minor wording changes, its
11648 text should be included in the copyright file rather than
11649 referencing this file.
11650 </para>
11651 </footnote>
11652 rather than quoting them in the copyright file.
11653 </para>
11654 <para>
11655 You should not use the copyright file as a general
11656 <filename>README</filename> file. If your package has such a file
11657 it should be installed in
11658 <filename>/usr/share/doc/<replaceable>package</replaceable>/README</filename>
11659 or <filename>README.Debian</filename> or some other appropriate
11660 place.
11661 </para>
11662 <para>
11663 All copyright files must be encoded in UTF-8.
11664 </para>
11666 <section id="s-copyrightformat">
11667 <title>Machine-readable copyright information</title>
11669 <para>
11670 A specification for a standard, machine-readable format for
11671 <filename>debian/copyright</filename> files is maintained as
11672 part of the <systemitem
11673 role="package">debian-policy</systemitem> package. This
11674 document may be found in the
11675 <filename>copyright-format</filename> files in the <systemitem
11676 role="package">debian-policy</systemitem> package. It is also
11677 available from the Debian web mirrors at <ulink
11678 url="https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/">https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/</ulink>.
11679 </para>
11680 <para>
11681 Use of this format is optional.
11682 </para>
11683 </section>
11684 </section>
11686 <section id="s12.6">
11687 <title>Examples</title>
11689 <para>
11690 Any examples (configurations, source files, whatever), should be
11691 installed in a directory
11692 <filename>/usr/share/doc/<replaceable>package</replaceable>/examples</filename>.
11693 These files should not be referenced by any program: they're there
11694 for the benefit of the system administrator and users as
11695 documentation only. Architecture-specific example files should be
11696 installed in a directory
11697 <filename>/usr/lib/<replaceable>package</replaceable>/examples</filename>
11698 with symbolic links to them from
11699 <filename>/usr/share/doc/<replaceable>package</replaceable>/examples</filename>,
11700 or the latter directory itself may be a symbolic link to the
11701 former.
11702 </para>
11703 <para>
11704 If the purpose of a package is to provide examples, then the
11705 example files may be installed into
11706 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>.
11707 </para>
11708 </section>
11710 <section id="s-changelogs">
11711 <title>Changelog files</title>
11713 <para>
11714 Packages that are not Debian-native must contain a compressed copy
11715 of the <filename>debian/changelog</filename> file from the Debian
11716 source tree in
11717 <filename>/usr/share/doc/<replaceable>package</replaceable></filename>
11718 with the name <filename>changelog.Debian.gz</filename>.
11719 </para>
11720 <para>
11721 If an upstream changelog is available, it should be accessible as
11722 <filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.gz</filename>
11723 in plain text. If the upstream changelog is distributed in HTML,
11724 it should be made available in that form as
11725 <filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.html.gz</filename>
11726 and a plain text <filename>changelog.gz</filename> should be
11727 generated from it using, for example, <literal>lynx -dump
11728 -nolist</literal>. If the upstream changelog files do not already
11729 conform to this naming convention, then this may be achieved
11730 either by renaming the files, or by adding a symbolic link, at the
11731 maintainer's discretion.
11732 <footnote>
11733 <para>
11734 Rationale: People should not have to look in places for
11735 upstream changelogs merely because they are given different
11736 names or are distributed in HTML format.
11737 </para>
11738 </footnote>
11739 </para>
11740 <para>
11741 All of these files should be installed compressed using
11742 <literal>gzip -9</literal>, as they will become large with time
11743 even if they start out small.
11744 </para>
11745 <para>
11746 If the package has only one changelog which is used both as the
11747 Debian changelog and the upstream one because there is no separate
11748 upstream maintainer then that changelog should usually be
11749 installed as
11750 <filename>/usr/share/doc/<replaceable>package</replaceable>/changelog.gz</filename>;
11751 if there is a separate upstream maintainer, but no upstream
11752 changelog, then the Debian changelog should still be called
11753 <filename>changelog.Debian.gz</filename>.
11754 </para>
11755 <para>
11756 For details about the format and contents of the Debian changelog
11757 file, please see <xref linkend="s-dpkgchangelog"/>.
11758 </para>
11759 </section>
11760 </chapter>
11762 <appendix id="ap-pkg-scope">
11763 <title>Introduction and scope of these appendices</title>
11765 <para>
11766 These appendices, except the final three, are taken essentially
11767 verbatim from the now-deprecated Packaging Manual, version
11768 3.2.1.0. They are the chapters which are likely to be of use to
11769 package maintainers and which have not already been included in
11770 the policy document itself. Most of these sections are very
11771 likely not relevant to policy; they should be treated as
11772 documentation for the packaging system. Please note that these
11773 appendices are included for convenience, and for historical
11774 reasons: they used to be part of policy package, and they have
11775 not yet been incorporated into dpkg documentation. However,
11776 they still have value, and hence they are presented here.
11777 </para>
11778 <para>
11779 They have not yet been checked to ensure that they are compatible
11780 with the contents of policy, and if there are any contradictions,
11781 the version in the main policy document takes precedence. The
11782 remaining chapters of the old Packaging Manual have also not been
11783 read in detail to ensure that there are not parts which have been
11784 left out. Both of these will be done in due course.
11785 </para>
11786 <para>
11787 Certain parts of the Packaging manual were integrated into the
11788 Policy Manual proper, and removed from the appendices. Links have
11789 been placed from the old locations to the new ones.
11790 </para>
11791 <para>
11792 <command>dpkg</command> is a suite of programs for creating binary
11793 package files and installing and removing them on Unix
11794 systems.
11795 <footnote>
11796 <para>
11797 <command>dpkg</command> is targeted primarily at Debian, but may
11798 work on or be ported to other systems.
11799 </para>
11800 </footnote>
11801 </para>
11802 <para>
11803 The binary packages are designed for the management of installed
11804 executable programs (usually compiled binaries) and their associated
11805 data, though source code examples and documentation are provided as
11806 part of some packages.
11807 </para>
11808 <para>
11809 This manual describes the technical aspects of creating Debian
11810 binary packages (<filename>.deb</filename> files). It documents the
11811 behavior of the package management programs <command>dpkg</command>,
11812 <command>dselect</command> et al. and the way they interact with
11813 packages.
11814 </para>
11815 <para>
11816 This manual does not go into detail about the options and usage of
11817 the package building and installation tools. It should therefore be
11818 read in conjunction with those programs' man pages.
11819 </para>
11820 <para>
11821 The utility programs which are provided with <command>dpkg</command>
11822 not described in detail here, are documented in their man pages.
11823 </para>
11824 <para>
11825 It is assumed that the reader is reasonably familiar with the
11826 <command>dpkg</command> System Administrators' manual.
11827 Unfortunately this manual does not yet exist.
11828 </para>
11829 <para>
11830 The Debian version of the FSF's GNU hello program is provided as an
11831 example for people wishing to create Debian packages. However,
11832 while the examples are helpful, they do not replace the need to read
11833 and follow the Policy and Programmer's Manual.
11834 </para>
11835 </appendix>
11837 <appendix id="ap-pkg-binarypkg">
11838 <title>Binary packages (from old Packaging Manual)</title>
11840 <para>
11841 See
11842 <citerefentry><refentrytitle>deb</refentrytitle><manvolnum>5</manvolnum></citerefentry>
11843 and <xref linkend="s-pkg-controlarea"/>.
11844 </para>
11846 <section id="s-pkg-bincreating">
11847 <title>Creating package files - <command>dpkg-deb</command></title>
11849 <para>
11850 All manipulation of binary package files is done by
11851 <command>dpkg-deb</command>; it's the only program that has
11852 knowledge of the format. (<command>dpkg-deb</command> may be
11853 invoked by calling <command>dpkg</command>, as
11854 <command>dpkg</command> will spot that the options requested are
11855 appropriate to <command>dpkg-deb</command> and invoke that instead
11856 with the same arguments.)
11857 </para>
11858 <para>
11859 In order to create a binary package, you must make a directory
11860 tree which contains all the files and directories you want to have
11861 in the file system data part of the package. In Debian-format
11862 source packages, this directory is usually either
11863 <filename>debian/tmp</filename> or
11864 <filename>debian/<replaceable>pkg</replaceable></filename>,
11865 relative to the top of the package's source tree.
11866 </para>
11867 <para>
11868 They should have the locations (relative to the root of the
11869 directory tree you're constructing) ownerships and permissions
11870 which you want them to have on the system when they are installed.
11871 </para>
11872 <para>
11873 With current versions of <command>dpkg</command> the uid/username
11874 and gid/groupname mappings for the users and groups being used
11875 should be the same on the system where the package is built and
11876 the one where it is installed.
11877 </para>
11878 <para>
11879 You need to add one special directory to the root of the miniature
11880 file system tree you're creating: <command>DEBIAN</command>. It
11881 should contain the control information files, notably the binary
11882 package control file (see <xref linkend="s-pkg-controlfile"/>).
11883 </para>
11884 <para>
11885 The <command>DEBIAN</command> directory will not appear in the
11886 file system archive of the package, and so won't be installed by
11887 <command>dpkg</command> when the package is unpacked.
11888 </para>
11889 <para>
11890 When you've prepared the package, you should invoke:
11891 </para>
11892 <screen>dpkg --build <replaceable>directory</replaceable></screen>
11893 <para>
11894 This will build the package in
11895 <filename><replaceable>directory</replaceable>.deb</filename>.
11896 (<command>dpkg</command> knows that <literal>--build</literal> is
11897 a <command>dpkg-deb</command> option, so it invokes
11898 <command>dpkg-deb</command> with the same arguments to build the
11899 package.)
11900 </para>
11901 <para>
11902 See the man page
11903 <citerefentry><refentrytitle>dpkg-deb</refentrytitle><manvolnum>8</manvolnum></citerefentry>
11904 for details of how to examine the contents of this newly-created
11905 file. You may find the output of following commands enlightening:
11906 </para>
11907 <screen>
11908 dpkg-deb --info <replaceable>filename</replaceable>.deb
11909 dpkg-deb --contents <replaceable>filename</replaceable>.deb
11910 dpkg --contents <replaceable>filename</replaceable>.deb</screen>
11911 <para>
11912 To view the copyright file for a package you could use this command:
11913 </para>
11914 <screen>
11915 dpkg --fsys-tarfile <replaceable>filename</replaceable>.deb | tar xOf - --wildcards \*/copyright | pager</screen>
11916 </section>
11918 <section id="s-pkg-controlarea">
11919 <title>Package control information files</title>
11921 <para>
11922 The control information portion of a binary package is a
11923 collection of files with names known to <command>dpkg</command>.
11924 It will treat the contents of these files specially - some of them
11925 contain information used by <command>dpkg</command> when
11926 installing or removing the package; others are scripts which the
11927 package maintainer wants <command>dpkg</command> to run.
11928 </para>
11929 <para>
11930 It is possible to put other files in the package control
11931 information file area, but this is not generally a good idea
11932 (though they will largely be ignored).
11933 </para>
11934 <para>
11935 Here is a brief list of the control information files supported by
11936 <command>dpkg</command> and a summary of what they're used for.
11937 </para>
11938 <variablelist>
11939 <varlistentry>
11940 <term><literal>control</literal></term>
11941 <listitem>
11942 <para>
11943 This is the key description file used by
11944 <command>dpkg</command>. It specifies the package's name
11945 and version, gives its description for the user, states its
11946 relationships with other packages, and so forth. See <xref
11947 linkend="s-sourcecontrolfiles"/> and <xref
11948 linkend="s-binarycontrolfiles"/>.
11949 </para>
11950 <para>
11951 It is usually generated automatically from information in
11952 the source package by the <command>dpkg-gencontrol</command>
11953 program, and with assistance from
11954 <command>dpkg-shlibdeps</command>. See <xref
11955 linkend="s-pkg-sourcetools"/>.
11956 </para>
11957 </listitem>
11958 </varlistentry>
11959 <varlistentry>
11960 <term>
11961 <literal>postinst</literal>, <literal>preinst</literal>,
11962 <literal>postrm</literal>, <literal>prerm</literal>
11963 </term>
11964 <listitem>
11965 <para>
11966 These are executable files (usually scripts) which
11967 <command>dpkg</command> runs during installation, upgrade
11968 and removal of packages. They allow the package to deal
11969 with matters which are particular to that package or require
11970 more complicated processing than that provided by
11971 <command>dpkg</command>. Details of when and how they are
11972 called are in <xref linkend="ch-maintainerscripts"/>.
11973 </para>
11974 <para>
11975 It is very important to make these scripts idempotent. See
11976 <xref linkend="s-idempotency"/>.
11977 </para>
11978 <para>
11979 The maintainer scripts are not guaranteed to run with a
11980 controlling terminal and may not be able to interact with
11981 the user. See <xref linkend="s-controllingterminal"/>.
11982 </para>
11983 </listitem>
11984 </varlistentry>
11985 <varlistentry>
11986 <term><literal>conffiles</literal></term>
11987 <listitem>
11988 <para>
11989 This file contains a list of configuration files which are
11990 to be handled automatically by <command>dpkg</command> (see
11991 <xref linkend="ap-pkg-conffiles"/>). Note that not
11992 necessarily every configuration file should be listed here.
11993 </para>
11994 </listitem>
11995 </varlistentry>
11996 <varlistentry>
11997 <term><literal>shlibs</literal></term>
11998 <listitem>
11999 <para>
12000 This file contains a list of the shared libraries supplied
12001 by the package, with dependency details for each. This is
12002 used by <command>dpkg-shlibdeps</command> when it determines
12003 what dependencies are required in a package control file.
12004 The <literal>shlibs</literal> file format is described on
12005 <xref linkend="s-shlibs"/>.
12006 </para>
12007 </listitem>
12008 </varlistentry>
12009 </variablelist>
12010 </section>
12012 <section id="s-pkg-controlfile">
12013 <title>
12014 The main control information file: <literal>control</literal>
12015 </title>
12016 <para>
12017 The most important control information file used by
12018 <command>dpkg</command> when it installs a package is
12019 <literal>control</literal>. It contains all the package's "vital
12020 statistics".
12021 </para>
12022 <para>
12023 The binary package control files of packages built from Debian
12024 sources are made by a special tool,
12025 <command>dpkg-gencontrol</command>, which reads
12026 <filename>debian/control</filename> and
12027 <filename>debian/changelog</filename> to find the information it
12028 needs. See <xref linkend="ap-pkg-sourcepkg"/> for more details.
12029 </para>
12030 <para>
12031 The fields in binary package control files are listed in <xref
12032 linkend="s-binarycontrolfiles"/>.
12033 </para>
12034 <para>
12035 A description of the syntax of control files and the purpose of
12036 the fields is available in <xref linkend="ch-controlfields"/>.
12037 </para>
12038 </section>
12040 <section id="s-sB.4">
12041 <title>Time Stamps</title>
12043 <para>
12044 See <xref linkend="s-timestamps"/>.
12045 </para>
12046 </section>
12047 </appendix>
12049 <appendix id="ap-pkg-sourcepkg">
12050 <title>Source packages (from old Packaging Manual)</title>
12052 <para>
12053 The Debian binary packages in the distribution are generated from
12054 Debian sources, which are in a special format to assist the easy and
12055 automatic building of binaries.
12056 </para>
12057 <section id="s-pkg-sourcetools">
12058 <title>Tools for processing source packages</title>
12060 <para>
12061 Various tools are provided for manipulating source packages; they
12062 pack and unpack sources and help build of binary packages and help
12063 manage the distribution of new versions.
12064 </para>
12065 <para>
12066 They are introduced and typical uses described here; see
12067 <citerefentry><refentrytitle>dpkg-source</refentrytitle><manvolnum>1</manvolnum></citerefentry>
12068 for full documentation about their arguments and operation.
12069 </para>
12070 <para>
12071 For examples of how to construct a Debian source package, and how
12072 to use those utilities that are used by Debian source packages,
12073 please see the <command>hello</command> example package.
12074 </para>
12076 <section id="s-pkg-dpkg-source">
12077 <title>
12078 <command>dpkg-source</command> - packs and unpacks Debian source
12079 packages
12080 </title>
12082 <para>
12083 This program is frequently used by hand, and is also called from
12084 package-independent automated building scripts such as
12085 <command>dpkg-buildpackage</command>.
12086 </para>
12087 <para>
12088 To unpack a package it is typically invoked with
12089 </para>
12090 <screen>
12091 dpkg-source -x <replaceable>.../path/to/filename</replaceable>.dsc</screen>
12092 <para>
12093 with the
12094 <filename><replaceable>filename</replaceable>.tar.gz</filename>
12095 and
12096 <filename><replaceable>filename</replaceable>.diff.gz</filename>
12097 (if applicable) in the same directory. It unpacks into
12098 <filename><replaceable>package</replaceable>-<replaceable>version</replaceable></filename>,
12099 and if applicable
12100 <filename><replaceable>package</replaceable>-<replaceable>version</replaceable>.orig</filename>,
12101 in the current directory.
12102 </para>
12103 <para>
12104 To create a packed source archive it is typically invoked:
12105 </para>
12106 <screen>
12107 dpkg-source -b <replaceable>package</replaceable>-<replaceable>version</replaceable></screen>
12108 <para>
12109 This will create the <filename>.dsc</filename>,
12110 <filename>.tar.gz</filename> and <filename>.diff.gz</filename>
12111 (if appropriate) in the current directory.
12112 <command>dpkg-source</command> does not clean the source tree
12113 first - this must be done separately if it is required.
12114 </para>
12115 <para>
12116 See also <xref linkend="s-pkg-sourcearchives"/>.
12117 </para>
12118 </section>
12120 <section id="s-pkg-dpkg-buildpackage">
12121 <title>
12122 <command>dpkg-buildpackage</command> - overall package-building
12123 control script
12124 </title>
12126 <para>
12127 See
12128 <citerefentry><refentrytitle>dpkg-buildpackage</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
12129 </para>
12130 </section>
12132 <section id="s-pkg-dpkg-gencontrol">
12133 <title>
12134 <command>dpkg-gencontrol</command> - generates binary package
12135 control files
12136 </title>
12138 <para>
12139 This program is usually called from
12140 <filename>debian/rules</filename> (see <xref
12141 linkend="s-pkg-sourcetree"/>) in the top level of the source
12142 tree.
12143 </para>
12144 <para>
12145 This is usually done just before the files and directories in
12146 the temporary directory tree where the package is being built
12147 have their permissions and ownerships set and the package is
12148 constructed using <command>dpkg-deb/</command>.
12149 <footnote>
12150 <para>
12151 This is so that the control file which is produced has the
12152 right permissions
12153 </para>
12154 </footnote>
12155 </para>
12156 <para>
12157 <command>dpkg-gencontrol</command> must be called after all the
12158 files which are to go into the package have been placed in the
12159 temporary build directory, so that its calculation of the
12160 installed size of a package is correct.
12161 </para>
12162 <para>
12163 It is also necessary for <command>dpkg-gencontrol</command> to
12164 be run after <command>dpkg-shlibdeps</command> so that the
12165 variable substitutions created by
12166 <command>dpkg-shlibdeps</command> in
12167 <filename>debian/substvars</filename> are available.
12168 </para>
12169 <para>
12170 For a package which generates only one binary package, and which
12171 builds it in <filename>debian/tmp</filename> relative to the top
12172 of the source package, it is usually sufficient to call
12173 <command>dpkg-gencontrol</command>.
12174 </para>
12175 <para>
12176 Sources which build several binaries will typically need
12177 something like:
12178 </para>
12179 <screen>
12180 dpkg-gencontrol -Pdebian/<replaceable>pkg</replaceable> -p<replaceable>package</replaceable></screen>
12181 <para>
12182 The <literal>-P</literal> tells
12183 <command>dpkg-gencontrol</command> that the package is being
12184 built in a non-default directory, and the <literal>-p</literal>
12185 tells it which package's control file should be generated.
12186 </para>
12187 <para>
12188 <command>dpkg-gencontrol</command> also adds information to the
12189 list of files in <filename>debian/files</filename>, for the
12190 benefit of (for example) a future invocation of
12191 <command>dpkg-genchanges</command>.
12192 </para>
12193 </section>
12195 <section id="s-pkg-dpkg-shlibdeps">
12196 <title>
12197 <command>dpkg-shlibdeps</command> - calculates shared library
12198 dependencies
12199 </title>
12201 <para>
12202 See
12203 <citerefentry><refentrytitle>dpkg-shlibdeps</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
12204 </para>
12205 </section>
12207 <section id="s-pkg-dpkg-distaddfile">
12208 <title>
12209 <command>dpkg-distaddfile</command> - adds a file to
12210 <filename>debian/files</filename>
12211 </title>
12213 <para>
12214 Some packages' uploads need to include files other than the
12215 source and binary package files.
12216 </para>
12217 <para>
12218 <command>dpkg-distaddfile</command> adds a file to the
12219 <filename>debian/files</filename> file so that it will be
12220 included in the <filename>.changes</filename> file when
12221 <command>dpkg-genchanges</command> is run.
12222 </para>
12223 <para>
12224 It is usually invoked from the <literal>binary</literal> target
12225 of <filename>debian/rules</filename>:
12226 </para>
12227 <screen>
12228 dpkg-distaddfile <replaceable>filename</replaceable> <replaceable>section</replaceable> <replaceable>priority</replaceable></screen>
12229 <para>
12230 The <replaceable>filename</replaceable> is relative to the
12231 directory where <command>dpkg-genchanges</command> will expect
12232 to find it - this is usually the directory above the top level
12233 of the source tree. The <filename>debian/rules</filename>
12234 target should put the file there just before or just after
12235 calling <command>dpkg-distaddfile</command>.
12236 </para>
12237 <para>
12238 The <replaceable>section</replaceable> and
12239 <replaceable>priority</replaceable> are passed unchanged into
12240 the resulting <filename>.changes</filename> file.
12241 </para>
12242 </section>
12244 <section id="s-pkg-dpkg-genchanges">
12245 <title>
12246 <command>dpkg-genchanges</command> - generates a
12247 <filename>.changes</filename> upload control file
12248 </title>
12249 <para>
12250 See
12251 <citerefentry><refentrytitle>dpkg-genchanges</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
12252 </para>
12253 </section>
12255 <section id="s-pkg-dpkg-parsechangelog">
12256 <title>
12257 <command>dpkg-parsechangelog</command> - produces parsed
12258 representation of a changelog
12259 </title>
12261 <para>
12262 See
12263 <citerefentry><refentrytitle>dpkg-parsechangelog</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
12264 </para>
12265 </section>
12267 <section id="s-pkg-dpkg-architecture">
12268 <title>
12269 <command>dpkg-architecture</command> - information about the
12270 build and host system
12271 </title>
12273 <para>
12274 See
12275 <citerefentry><refentrytitle>dpkg-architecture</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
12276 </para>
12277 </section>
12278 </section>
12280 <section id="s-pkg-sourcetree">
12281 <title>The Debian package source tree</title>
12283 <para>
12284 The source archive scheme described later is intended to allow a
12285 Debian package source tree with some associated control
12286 information to be reproduced and transported easily. The Debian
12287 package source tree is a version of the original program with
12288 certain files added for the benefit of the packaging process, and
12289 with any other changes required made to the rest of the source
12290 code and installation scripts.
12291 </para>
12292 <para>
12293 The extra files created for Debian are in the subdirectory
12294 <filename>debian</filename> of the top level of the Debian package
12295 source tree. They are described below.
12296 </para>
12298 <section id="s-pkg-debianrules">
12299 <title>
12300 <filename>debian/rules</filename> - the main building script
12301 </title>
12303 <para>
12304 See <xref linkend="s-debianrules"/>.
12305 </para>
12306 </section>
12308 <section id="s-pkg-srcsubstvars">
12309 <title>
12310 <filename>debian/substvars</filename> and variable substitutions
12311 </title>
12313 <para>
12314 See <xref linkend="s-substvars"/>.
12315 </para>
12316 </section>
12318 <section id="s-sC.2.3">
12319 <title><filename>debian/files</filename></title>
12321 <para>
12322 See <xref linkend="s-debianfiles"/>.
12323 </para>
12324 </section>
12326 <section id="s-sC.2.4">
12327 <title><filename>debian/tmp</filename></title>
12329 <para>
12330 This is the default temporary location for the construction of
12331 binary packages by the <literal>binary</literal> target. The
12332 directory <filename>tmp</filename> serves as the root of the
12333 file system tree as it is being constructed (for example, by
12334 using the package's upstream makefiles install targets and
12335 redirecting the output there), and it also contains the
12336 <literal>DEBIAN</literal> subdirectory. See <xref
12337 linkend="s-pkg-bincreating"/>.
12338 </para>
12339 <para>
12340 This is only a default and can be easily overridden. Most
12341 packaging tools no longer use <filename>debian/tmp</filename>,
12342 instead preferring
12343 <filename>debian/<replaceable>pkg</replaceable></filename> for
12344 the common case of a source package building only one binary
12345 package. Such tools usually only use
12346 <filename>debian/tmp</filename> as a temporary staging area for
12347 built files and do not construct packages from it.
12348 </para>
12349 <para>
12350 If several binary packages are generated from the same source
12351 tree, it is usual to use a separate
12352 <filename>debian/<replaceable>pkg</replaceable></filename>
12353 directory for each binary package as the temporary construction
12354 locations.
12355 </para>
12356 <para>
12357 Whatever temporary directories are created and used by the
12358 <literal>binary</literal> target must of course be removed by the
12359 <literal>clean</literal> target.
12360 </para>
12361 </section>
12362 </section>
12364 <section id="s-pkg-sourcearchives">
12365 <title>Source packages as archives</title>
12367 <para>
12368 As it exists on the FTP site, a Debian source package consists of
12369 three related files. You must have the right versions of all
12370 three to be able to use them.
12371 </para>
12372 <variablelist>
12373 <varlistentry>
12374 <term>Debian source control file - <literal>.dsc</literal></term>
12375 <listitem>
12376 <para>
12377 This file is a control file used by
12378 <command>dpkg-source</command> to extract a source package.
12379 See <xref linkend="s-debiansourcecontrolfiles"/>.
12380 </para>
12381 </listitem>
12382 </varlistentry>
12383 <varlistentry>
12384 <term>
12385 Original source archive -
12386 <filename><replaceable>package</replaceable>_<replaceable>upstream-version</replaceable>.orig.tar.gz</filename>
12387 </term>
12388 <listitem>
12389 <para>
12390 This is a compressed (with <literal>gzip -9</literal>)
12391 <command>tar</command> file containing the source code from
12392 the upstream authors of the program.
12393 </para>
12394 </listitem>
12395 </varlistentry>
12396 <varlistentry>
12397 <term>
12398 Debian package diff -
12399 <filename><replaceable>package</replaceable>_<replaceable>upstream_version-revision</replaceable>.diff.gz</filename>
12400 </term>
12401 <listitem>
12402 <para>
12403 This is a unified context diff (<literal>diff -u</literal>)
12404 giving the changes which are required to turn the original
12405 source into the Debian source. These changes may only
12406 include editing and creating plain files. The permissions
12407 of files, the targets of symbolic links and the
12408 characteristics of special files or pipes may not be changed
12409 and no files may be removed or renamed.
12410 </para>
12411 <para>
12412 All the directories in the diff must exist, except the
12413 <filename>debian</filename> subdirectory of the top of the
12414 source tree, which will be created by
12415 <command>dpkg-source</command> if necessary when unpacking.
12416 </para>
12417 <para>
12418 The <command>dpkg-source</command> program will
12419 automatically make the <filename>debian/rules</filename>
12420 file executable (see below).
12421 </para>
12422 </listitem>
12423 </varlistentry>
12424 </variablelist>
12425 <para>
12426 If there is no original source code - for example, if the package
12427 is specially prepared for Debian or the Debian maintainer is the
12428 same as the upstream maintainer - the format is slightly
12429 different: then there is no diff, and the tarfile is named
12430 <filename><replaceable>package</replaceable>_<replaceable>version</replaceable>.tar.gz</filename>,
12431 and preferably contains a directory named
12432 <filename><replaceable>package</replaceable>-<replaceable>version</replaceable></filename>.
12433 </para>
12434 </section>
12436 <section id="s-sC.4">
12437 <title>
12438 Unpacking a Debian source package without
12439 <command>dpkg-source</command>
12440 </title>
12442 <para>
12443 <literal>dpkg-source -x</literal> is the recommended way to unpack
12444 a Debian source package. However, if it is not available it is
12445 possible to unpack a Debian source archive as follows:
12446 </para>
12447 <orderedlist numeration="arabic">
12448 <listitem>
12449 <para>
12450 Untar the tarfile, which will create a
12451 <filename>.orig</filename> directory.
12452 </para>
12453 </listitem>
12454 <listitem>
12455 <para>
12456 Rename the <filename>.orig</filename> directory to
12457 <filename><replaceable>package</replaceable>-<replaceable>version</replaceable></filename>.
12458 </para>
12459 </listitem>
12460 <listitem>
12461 <para>
12462 Create the subdirectory <filename>debian</filename> at the top
12463 of the source tree.
12464 </para>
12465 </listitem>
12466 <listitem>
12467 <para>
12468 Apply the diff using <literal>patch -p0</literal>.
12469 </para>
12470 </listitem>
12471 <listitem>
12472 <para>
12473 Untar the tarfile again if you want a copy of the original
12474 source code alongside the Debian version.
12475 </para>
12476 </listitem>
12477 </orderedlist>
12478 <para>
12479 It is not possible to generate a valid Debian source archive
12480 without using <command>dpkg-source</command>. In particular,
12481 attempting to use <command>diff</command> directly to generate the
12482 <filename>.diff.gz</filename> file will not work.
12483 </para>
12485 <section id="s-sC.4.1">
12486 <title>Restrictions on objects in source packages</title>
12488 <para>
12489 The source package may not contain any hard links,
12490 <footnote>
12491 <para>
12492 This is not currently detected when building
12493 source packages, but only when extracting them.
12494 </para>
12495 </footnote>
12496 <footnote>
12497 <para>
12498 Hard links may be permitted at some point in the future, but
12499 would require a fair amount of work.
12500 </para>
12501 </footnote>
12502 device special files, sockets or setuid or setgid files.
12503 <footnote>
12504 <para>
12505 Setgid directories are allowed.
12506 </para>
12507 </footnote>
12508 </para>
12509 <para>
12510 The source packaging tools manage the changes between the
12511 original and Debian source using <command>diff</command> and
12512 <command>patch</command>. Turning the original source tree as
12513 included in the <filename>.orig.tar.gz</filename> into the
12514 Debian package source must not involve any changes which cannot
12515 be handled by these tools. Problematic changes which cause
12516 <command>dpkg-source</command> to halt with an error when
12517 building the source package are:
12518 </para>
12519 <itemizedlist>
12520 <listitem>
12521 <para>
12522 Adding or removing symbolic links, sockets or pipes.
12523 </para>
12524 </listitem>
12525 <listitem>
12526 <para>
12527 Changing the targets of symbolic links.
12528 </para>
12529 </listitem>
12530 <listitem>
12531 <para>
12532 Creating directories, other than <filename>debian</filename>.
12533 </para>
12534 </listitem>
12535 <listitem>
12536 <para>
12537 Changes to the contents of binary files.
12538 </para>
12539 </listitem>
12540 </itemizedlist>
12541 <para>
12542 Changes which cause <command>dpkg-source</command> to print a
12543 warning but continue anyway are:
12544 </para>
12545 <itemizedlist>
12546 <listitem>
12547 <para>
12548 Removing files, directories or symlinks.
12549 <footnote>
12550 <para>
12551 Renaming a file is not treated specially - it is seen as
12552 the removal of the old file (which generates a warning,
12553 but is otherwise ignored), and the creation of the new
12554 one.
12555 </para>
12556 </footnote>
12557 </para>
12558 </listitem>
12559 <listitem>
12560 <para>
12561 Changed text files which are missing the usual final newline
12562 (either in the original or the modified source tree).
12563 </para>
12564 </listitem>
12565 </itemizedlist>
12566 <para>
12567 Changes which are not represented, but which are not detected by
12568 <command>dpkg-source</command>, are:
12569 </para>
12570 <itemizedlist>
12571 <listitem>
12572 <para>
12573 Changing the permissions of files (other than
12574 <filename>debian/rules</filename>) and directories.
12575 </para>
12576 </listitem>
12577 </itemizedlist>
12578 <para>
12579 The <filename>debian</filename> directory and
12580 <filename>debian/rules</filename> are handled specially by
12581 <command>dpkg-source</command> - before applying the changes it
12582 will create the <filename>debian</filename> directory, and
12583 afterwards it will make <filename>debian/rules</filename>
12584 world-executable.
12585 </para>
12586 </section>
12587 </section>
12588 </appendix>
12590 <appendix id="ap-pkg-controlfields">
12591 <title>Control files and their fields (from old Packaging Manual)</title>
12593 <para>
12594 Many of the tools in the <command>dpkg</command> suite manipulate
12595 data in a common format, known as control files. Binary and source
12596 packages have control data as do the <filename>.changes</filename>
12597 files which control the installation of uploaded files, and
12598 <command>dpkg</command>'s internal databases are in a similar
12599 format.
12600 </para>
12602 <section id="s-sD.1">
12603 <title>Syntax of control files</title>
12605 <para>
12606 See <xref linkend="s-controlsyntax"/>.
12607 </para>
12608 <para>
12609 It is important to note that there are several fields which are
12610 optional as far as <command>dpkg</command> and the related tools
12611 are concerned, but which must appear in every Debian package, or
12612 whose omission may cause problems.
12613 </para>
12614 </section>
12616 <section id="s-sD.2">
12617 <title>List of fields</title>
12619 <para>
12620 See <xref linkend="s-controlfieldslist"/>.
12621 </para>
12622 <para>
12623 This section now contains only the fields that didn't belong to
12624 the Policy manual.
12625 </para>
12627 <section id="s-pkg-f-Filename">
12628 <title>
12629 <literal>Filename</literal> and <literal>MSDOS-Filename</literal>
12630 </title>
12632 <para>
12633 These fields in <literal>Packages</literal> files give the
12634 filename(s) of (the parts of) a package in the distribution
12635 directories, relative to the root of the Debian hierarchy. If
12636 the package has been split into several parts the parts are all
12637 listed in order, separated by spaces.
12638 </para>
12639 </section>
12641 <section id="s-pkg-f-Size">
12642 <title><literal>Size</literal> and <literal>MD5sum</literal></title>
12644 <para>
12645 These fields in <filename>Packages</filename> files give the
12646 size (in bytes, expressed in decimal) and MD5 checksum of the
12647 file(s) which make(s) up a binary package in the distribution.
12648 If the package is split into several parts the values for the
12649 parts are listed in order, separated by spaces.
12650 </para>
12651 </section>
12653 <section id="s-pkg-f-Status">
12654 <title><literal>Status</literal></title>
12656 <para>
12657 This field in <command>dpkg</command>'s status file records
12658 whether the user wants a package installed, removed or left
12659 alone, whether it is broken (requiring re-installation) or not
12660 and what its current state on the system is. Each of these
12661 pieces of information is a single word.
12662 </para>
12663 </section>
12665 <section id="s-pkg-f-Config-Version">
12666 <title><literal>Config-Version</literal></title>
12668 <para>
12669 If a package is not installed or not configured, this field in
12670 <command>dpkg</command>'s status file records the last version
12671 of the package which was successfully configured.
12672 </para>
12673 </section>
12675 <section id="s-pkg-f-Conffiles">
12676 <title><literal>Conffiles</literal></title>
12678 <para>
12679 This field in <command>dpkg</command>'s status file contains
12680 information about the automatically-managed configuration files
12681 held by a package. This field should <emphasis>not</emphasis>
12682 appear anywhere in a package!
12683 </para>
12684 </section>
12686 <section id="s-sD.2.6">
12687 <title>Obsolete fields</title>
12689 <para>
12690 These are still recognized by <command>dpkg</command> but should
12691 not appear anywhere any more.
12692 </para>
12693 <variablelist>
12694 <varlistentry>
12695 <term><literal>Revision</literal></term>
12696 <term><literal>Package-Revision</literal></term>
12697 <term><literal>Package_Revision</literal></term>
12698 <listitem>
12699 <para>
12700 The Debian revision part of the package version was at one
12701 point in a separate control field. This field went
12702 through several names.
12703 </para>
12704 </listitem>
12705 </varlistentry>
12706 <varlistentry>
12707 <term><literal>Recommended</literal></term>
12708 <listitem>
12709 <para>
12710 Old name for <literal>Recommends</literal>.
12711 </para>
12712 </listitem>
12713 </varlistentry>
12714 <varlistentry>
12715 <term><literal>Optional</literal></term>
12716 <listitem>
12717 <para>
12718 Old name for <literal>Suggests</literal>.
12719 </para>
12720 </listitem>
12721 </varlistentry>
12722 <varlistentry>
12723 <term><literal>Class</literal></term>
12724 <listitem>
12725 <para>
12726 Old name for <literal>Priority</literal>.
12727 </para>
12728 </listitem>
12729 </varlistentry>
12730 </variablelist>
12731 </section>
12732 </section>
12733 </appendix>
12735 <appendix id="ap-pkg-conffiles">
12736 <title>Configuration file handling (from old Packaging Manual)</title>
12738 <para>
12739 <command>dpkg</command> can do a certain amount of automatic
12740 handling of package configuration files.
12741 </para>
12742 <para>
12743 Whether this mechanism is appropriate depends on a number of
12744 factors, but basically there are two approaches to any particular
12745 configuration file.
12746 </para>
12747 <para>
12748 The easy method is to ship a best-effort configuration in the
12749 package, and use <command>dpkg</command>'s conffile mechanism to
12750 handle updates. If the user is unlikely to want to edit the file,
12751 but you need them to be able to without losing their changes, and a
12752 new package with a changed version of the file is only released
12753 infrequently, this is a good approach.
12754 </para>
12755 <para>
12756 The hard method is to build the configuration file from scratch in
12757 the <command>postinst</command> script, and to take the
12758 responsibility for fixing any mistakes made in earlier versions of
12759 the package automatically. This will be appropriate if the file is
12760 likely to need to be different on each system.
12761 </para>
12763 <section id="s-sE.1">
12764 <title>
12765 Automatic handling of configuration files by
12766 <command>dpkg</command>
12767 </title>
12769 <para>
12770 A package may contain a control information file called
12771 <literal>conffiles</literal>. This file should be a list of
12772 filenames of configuration files needing automatic handling,
12773 separated by newlines. The filenames should be absolute
12774 pathnames, and the files referred to should actually exist in the
12775 package.
12776 </para>
12777 <para>
12778 When a package is upgraded <command>dpkg</command> will process
12779 the configuration files during the configuration stage, shortly
12780 before it runs the package's <command>postinst</command> script,
12781 </para>
12782 <para>
12783 For each file it checks to see whether the version of the file
12784 included in the package is the same as the one that was included
12785 in the last version of the package (the one that is being upgraded
12786 from); it also compares the version currently installed on the
12787 system with the one shipped with the last version.
12788 </para>
12789 <para>
12790 If neither the user nor the package maintainer has changed the
12791 file, it is left alone. If one or the other has changed their
12792 version, then the changed version is preferred - i.e., if the user
12793 edits their file, but the package maintainer doesn't ship a
12794 different version, the user's changes will stay, silently, but if
12795 the maintainer ships a new version and the user hasn't edited it
12796 the new version will be installed (with an informative message).
12797 If both have changed their version the user is prompted about the
12798 problem and must resolve the differences themselves.
12799 </para>
12800 <para>
12801 The comparisons are done by calculating the MD5 message digests of
12802 the files, and storing the MD5 of the file as it was included in
12803 the most recent version of the package.
12804 </para>
12805 <para>
12806 When a package is installed for the first time
12807 <command>dpkg</command> will install the file that comes with it,
12808 unless that would mean overwriting a file already on the file
12809 system.
12810 </para>
12811 <para>
12812 However, note that <command>dpkg</command> will
12813 <emphasis>not</emphasis> replace a conffile that was removed by
12814 the user (or by a script). This is necessary because with some
12815 programs a missing file produces an effect hard or impossible to
12816 achieve in another way, so that a missing file needs to be kept
12817 that way if the user did it.
12818 </para>
12819 <para>
12820 Note that a package should <emphasis>not</emphasis> modify a
12821 <command>dpkg</command>-handled conffile in its maintainer
12822 scripts. Doing this will lead to <command>dpkg</command> giving
12823 the user confusing and possibly dangerous options for conffile
12824 update when the package is upgraded.
12825 </para>
12826 </section>
12828 <section id="s-sE.2">
12829 <title>Fully-featured maintainer script configuration handling</title>
12831 <para>
12832 For files which contain site-specific information such as the
12833 hostname and networking details and so forth, it is better to
12834 create the file in the package's <command>postinst</command>
12835 script.
12836 </para>
12837 <para>
12838 This will typically involve examining the state of the rest of the
12839 system to determine values and other information, and may involve
12840 prompting the user for some information which can't be obtained
12841 some other way.
12842 </para>
12843 <para>
12844 When using this method there are a couple of important issues
12845 which should be considered:
12846 </para>
12847 <para>
12848 If you discover a bug in the program which generates the
12849 configuration file, or if the format of the file changes from one
12850 version to the next, you will have to arrange for the postinst
12851 script to do something sensible - usually this will mean editing
12852 the installed configuration file to remove the problem or change
12853 the syntax. You will have to do this very carefully, since the
12854 user may have changed the file, perhaps to fix the very problem
12855 that your script is trying to deal with - you will have to detect
12856 these situations and deal with them correctly.
12857 </para>
12858 <para>
12859 If you do go down this route it's probably a good idea to make the
12860 program that generates the configuration file(s) a separate
12861 program in <filename>/usr/sbin</filename>, by convention called
12862 <filename><replaceable>package</replaceable>config</filename> and
12863 then run that if appropriate from the post-installation script.
12864 The <literal><replaceable>package</replaceable>config</literal>
12865 program should not unquestioningly overwrite an existing
12866 configuration - if its mode of operation is geared towards setting
12867 up a package for the first time (rather than any arbitrary
12868 reconfiguration later) you should have it check whether the
12869 configuration already exists, and require a
12870 <literal>--force</literal> flag to overwrite it.
12871 </para>
12872 </section>
12873 </appendix>
12875 <appendix id="ap-pkg-alternatives">
12876 <title>
12877 Alternative versions of an interface -
12878 <command>update-alternatives</command> (from old Packaging Manual)
12879 </title>
12881 <para>
12882 When several packages all provide different versions of the same
12883 program or file it is useful to have the system select a default,
12884 but to allow the system administrator to change it and have their
12885 decisions respected.
12886 </para>
12887 <para>
12888 For example, there are several versions of the <command>vi</command>
12889 editor, and there is no reason to prevent all of them from being
12890 installed at once, each under their own name
12891 (<command>nvi</command>, <command>vim</command> or whatever).
12892 Nevertheless it is desirable to have the name <literal>vi</literal>
12893 refer to something, at least by default.
12894 </para>
12895 <para>
12896 If all the packages involved cooperate, this can be done with
12897 <command>update-alternatives</command>.
12898 </para>
12899 <para>
12900 Each package provides its own version under its own name, and calls
12901 <command>update-alternatives</command> in its postinst to register
12902 its version (and again in its prerm to deregister it).
12903 </para>
12904 <para>
12905 See the man page
12906 <citerefentry><refentrytitle>update-alternatives</refentrytitle><manvolnum>8</manvolnum></citerefentry>
12907 for details.
12908 </para>
12909 <para>
12910 If <command>update-alternatives</command> does not seem appropriate
12911 you may wish to consider using diversions instead.
12912 </para>
12913 </appendix>
12915 <appendix id="ap-pkg-diversions">
12916 <title>
12917 Diversions - overriding a package's version of a file (from old
12918 Packaging Manual)
12919 </title>
12921 <para>
12922 It is possible to have <command>dpkg</command> not overwrite a file
12923 when it reinstalls the package it belongs to, and to have it put the
12924 file from the package somewhere else instead.
12925 </para>
12926 <para>
12927 This can be used locally to override a package's version of a file,
12928 or by one package to override another's version (or provide a
12929 wrapper for it).
12930 </para>
12931 <para>
12932 Before deciding to use a diversion, read <xref
12933 linkend="ap-pkg-alternatives"/> to see if you really want a
12934 diversion rather than several alternative versions of a program.
12935 </para>
12936 <para>
12937 There is a diversion list, which is read by <command>dpkg</command>,
12938 and updated by a special program <command>dpkg-divert</command>.
12939 Please see
12940 <citerefentry><refentrytitle>dpkg-divert</refentrytitle><manvolnum>8</manvolnum></citerefentry>
12941 for full details of its operation.
12942 </para>
12943 <para>
12944 When a package wishes to divert a file from another, it should call
12945 <command>dpkg-divert</command> in its preinst to add the diversion
12946 and rename the existing file. For example, supposing that a
12947 <command>smailwrapper</command> package wishes to install a wrapper
12948 around <filename>/usr/sbin/smail</filename>:
12949 </para>
12950 <screen>
12951 dpkg-divert --package smailwrapper --add --rename \
12952 --divert /usr/sbin/smail.real /usr/sbin/smail</screen>
12953 <para>
12954 The <literal>--package smailwrapper</literal> ensures that
12955 <command>smailwrapper</command>'s copy of
12956 <filename>/usr/sbin/smail</filename> can bypass the diversion and
12957 get installed as the true version. It's safe to add the diversion
12958 unconditionally on upgrades since it will be left unchanged if it
12959 already exists, but <command>dpkg-divert</command> will display a
12960 message. To suppress that message, make the command conditional on
12961 the version from which the package is being upgraded:
12962 </para>
12963 <programlisting>
12964 if [ upgrade != "$1" ] || dpkg --compare-versions "$2" lt 1.0-2; then
12965 dpkg-divert --package smailwrapper --add --rename \
12966 --divert /usr/sbin/smail.real /usr/sbin/smail
12967 fi</programlisting>
12968 <para>
12969 where <literal>1.0-2</literal> is the version at which the diversion
12970 was first added to the package. Running the command during
12971 abort-upgrade is pointless but harmless.
12972 </para>
12973 <para>
12974 The postrm has to do the reverse:
12975 </para>
12976 <programlisting>
12977 if [ remove = "$1" -o abort-install = "$1" -o disappear = "$1" ]; then
12978 dpkg-divert --package smailwrapper --remove --rename \
12979 --divert /usr/sbin/smail.real /usr/sbin/smail
12980 fi</programlisting>
12981 <para>
12982 If the diversion was added at a particular version, the postrm
12983 should also handle the failure case of upgrading from an older
12984 version (unless the older version is so old that direct upgrades are
12985 no longer supported):
12986 </para>
12987 <programlisting>
12988 if [ abort-upgrade = "$1" ] && dpkg --compare-versions "$2" lt 1.0-2; then
12989 dpkg-divert --package smailwrapper --remove --rename \
12990 --divert /usr/sbin/smail.real /usr/sbin/smail
12991 fi</programlisting>
12992 <para>
12993 where <literal>1.0-2</literal> is the version at which the diversion
12994 was first added to the package. The postrm should not remove the
12995 diversion on upgrades both because there's no reason to remove the
12996 diversion only to immediately re-add it and since the postrm of the
12997 old package is run after unpacking so the removal of the diversion
12998 will fail.
12999 </para>
13000 <para>
13001 Do not attempt to divert a file which is vitally important for the
13002 system's operation - when using <command>dpkg-divert</command> there
13003 is a time, after it has been diverted but before
13004 <command>dpkg</command> has installed the new version, when the file
13005 does not exist.
13006 </para>
13007 <para>
13008 Do not attempt to divert a conffile, as <command>dpkg</command> does
13009 not handle it well.
13010 </para>
13011 </appendix>
13013 <appendix id="ap-flowcharts">
13014 <title>
13015 Maintainer script flowcharts
13016 </title>
13018 <!--
13019 These maintainer script flowcharts presently reside in an
13020 appendix. It might be more useful if they were interleaved
13021 with the description in 6.6 and 6.8, but I'm not yet sure how
13022 to do that in such a way that they will look good in all our
13023 output formats.
13025 Sean Whitton <spwhitton@spwhitton.name>
13026 -->
13028 <para>
13029 The flowcharts<footnote><para>These flowcharts were originally
13030 created by Margarita Manterola for the Debian Women project
13031 wiki.</para></footnote> included in this appendix use the
13032 following conventions:
13033 </para>
13035 <itemizedlist>
13036 <listitem>
13037 <para>
13038 maintainer scripts and their arguments are within boxes;
13039 </para>
13040 </listitem>
13041 <listitem>
13042 <para>
13043 actions carried out external to the scripts are in italics; and
13044 </para>
13045 </listitem>
13046 <listitem>
13047 <para>
13048 the <command>dpkg</command> status of the package at the
13049 end of the run are in bold type.
13050 </para>
13051 </listitem>
13052 </itemizedlist>
13054 <figure id="f-maintscript-install" float="0">
13055 <title>Installing a package that was not previously installed</title>
13056 <mediaobject>
13057 <imageobject role="fo">
13058 <imagedata fileref="images/install.svg"/>
13059 </imageobject>
13060 <imageobject role="html">
13061 <imagedata fileref="images/install.png"/>
13062 </imageobject>
13063 <textobject role="text">
13064 <phrase>
13065 Figure omitted in plain text version of Policy Manual.
13066 </phrase>
13067 </textobject>
13068 </mediaobject>
13069 </figure>
13071 <figure id="f-maintscript-install-conffiles" float="0">
13072 <title>
13073 Installing a package that was previously removed, but not purged
13074 </title>
13075 <mediaobject>
13076 <imageobject role="fo">
13077 <imagedata fileref="images/install-conffiles.svg"/>
13078 </imageobject>
13079 <imageobject role="html">
13080 <imagedata fileref="images/install-conffiles.png" format="PNG"/>
13081 </imageobject>
13082 <textobject role="text">
13083 <phrase>
13084 Figure omitted in plain text version of Policy Manual.
13085 </phrase>
13086 </textobject>
13087 </mediaobject>
13088 </figure>
13090 <figure id="f-maintscript-upgrade" float="0">
13091 <title>Upgrading a package</title>
13092 <mediaobject>
13093 <imageobject role="fo">
13094 <imagedata fileref="images/upgrade.svg"/>
13095 </imageobject>
13096 <imageobject role="html">
13097 <imagedata fileref="images/upgrade.png" format="PNG"/>
13098 </imageobject>
13099 <textobject role="text">
13100 <phrase>
13101 Figure omitted in plain text version of Policy Manual.
13102 </phrase>
13103 </textobject>
13104 </mediaobject>
13105 </figure>
13107 <figure id="f-maintscript-remove" float="0">
13108 <title>Removing a package</title>
13109 <mediaobject>
13110 <imageobject role="fo">
13111 <imagedata fileref="images/remove.svg"/>
13112 </imageobject>
13113 <imageobject role="html">
13114 <imagedata fileref="images/remove.png" format="PNG"/>
13115 </imageobject>
13116 <textobject role="text">
13117 <phrase>
13118 Figure omitted in plain text version of Policy Manual.
13119 </phrase>
13120 </textobject>
13121 </mediaobject>
13122 </figure>
13124 <figure id="f-maintscript-purge" float="0">
13125 <title>Purging a package previously removed</title>
13126 <mediaobject>
13127 <imageobject role="fo">
13128 <imagedata fileref="images/purge.svg"/>
13129 </imageobject>
13130 <imageobject role="html">
13131 <imagedata fileref="images/purge.png" format="PNG"/>
13132 </imageobject>
13133 <textobject role="text">
13134 <phrase>
13135 Figure omitted in plain text version of Policy Manual.
13136 </phrase>
13137 </textobject>
13138 </mediaobject>
13139 </figure>
13141 <figure id="f-maintscript-remove-purge" float="0">
13142 <title>Removing and purging a package</title>
13143 <mediaobject>
13144 <imageobject role="fo">
13145 <imagedata fileref="images/remove-purge.svg"/>
13146 </imageobject>
13147 <imageobject role="html">
13148 <imagedata fileref="images/remove-purge.png" format="PNG"/>
13149 </imageobject>
13150 <textobject role="text">
13151 <phrase>
13152 Figure omitted in plain text version of Policy Manual.
13153 </phrase>
13154 </textobject>
13155 </mediaobject>
13156 </figure>
13158 </appendix>
13160 <appendix id="ap-process">
13161 <title>
13162 Debian Policy changes process
13163 </title>
13165 <section id="process-introduction">
13166 <title>Introduction</title>
13167 <para>
13168 To introduce a change in the current Debian Policy, the change
13169 proposal has to go through a certain process.
13170 <footnote>
13171 <para>
13172 This process was originally developed by Margarita
13173 Manterola, Clint Adams, Russ Allbery and Manoj Srivastava.
13174 </para>
13175 </footnote>
13176 </para>
13177 </section>
13179 <section id="process-change-goals">
13180 <title>Change Goals</title>
13181 <itemizedlist spacing="compact">
13182 <listitem>
13183 <para>
13184 The change should be technically correct, and consistent with
13185 the rest of the policy document. This means no legislating the
13186 value of π. This also means that the proposed solution be
13187 known to work; iterative design processes do not belong in
13188 policy.
13189 </para>
13190 </listitem>
13191 <listitem>
13192 <para>
13193 The change should not be too disruptive; if very many packages
13194 become instantly buggy, then instead there should be a
13195 transition plan. Exceptions should be rare (only if the
13196 current state is really untenable), and probably blessed by
13197 the TC.
13198 </para>
13199 </listitem>
13200 <listitem>
13201 <para>
13202 The change has to be reviewed in depth, in the open, where any
13203 one may contribute; a publicly accessible, archived, open
13204 mailing list.
13205 </para>
13206 </listitem>
13207 <listitem>
13208 <para>
13209 Proposal should be addressed in a timely fashion.
13210 </para>
13211 </listitem>
13212 <listitem>
13213 <para>
13214 Any domain experts should be consulted, since not every policy
13215 mailing list subscriber is an expert on everything, including
13216 policy maintainers.
13217 </para>
13218 </listitem>
13219 <listitem>
13220 <para>
13221 The goal is rough consensus on the change, which should not be
13222 hard if the matter is technical. Technical issues where there
13223 is no agreement should be referred to the TC; non-technical
13224 issues should be referred to the whole developer body, and
13225 perhaps general resolutions lie down that path.
13226 </para>
13227 </listitem>
13228 <listitem>
13229 <para>
13230 Package maintainers whose packages may be impacted should have
13231 access to policy change proposals, even if they do not
13232 subscribe to policy mailing lists (policy gazette?).
13233 </para>
13234 </listitem>
13235 </itemizedlist>
13236 </section>
13238 <section id="process-current">
13239 <title>Current Process</title>
13240 <para>
13241 Each suggested change goes through different states. These
13242 states are denoted through either usertags of the
13243 <email>debian-policy@packages.debian.org</email> user or, for
13244 <literal>patch</literal>, <literal>pending</literal>, and
13245 <literal>wontfix</literal>, regular tags.
13246 </para>
13247 <para>
13248 <ulink url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done">Current
13249 list of bugs</ulink>
13250 </para>
13251 <para>
13252 The Policy delegates are responsible for managing the tags on bugs
13253 and will update tags as new bugs are submitted or as activity
13254 happens on bugs. All Debian Developers should feel free to add the
13255 seconded tag as described below. Other tags should be changed with
13256 the coordination of the Policy Team.
13257 </para>
13258 <section id="state-a-issue-raised">
13259 <title>State A: Issue raised</title>
13260 <para>
13261 Detect need, like gaps/flaws in current policy, or a new rule
13262 should be added. Any user or developer may start this step.
13263 There is a decision point here; not all issues are in scope of
13264 policy.
13265 </para>
13266 <para>
13267 <ulink
13268 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&tag=issue">TAG:
13269 <literal>issue</literal></ulink>
13270 </para>
13271 <para>
13272 What needs to happen next: If this is in scope for Policy,
13273 discuss the issue and possible solutions, moving to the
13274 discussion tag, or if the matter is sufficiently clear, go
13275 directly to a proposal for how to address it, moving to the
13276 proposal tag. If this is not in scope for Policy, close the bug.
13277 </para>
13278 </section>
13279 <section id="state-b-discussion">
13280 <title>State B: Discussion</title>
13281 <para>
13282 Discuss remedy. Alternate proposals. Discussion guided by
13283 delegates. There should be a clear time limit to this stage, but
13284 as yet we have not set one.
13285 </para>
13286 <para>
13287 <ulink
13288 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=discussion">TAG:
13289 <literal>discussion</literal></ulink>
13290 </para>
13291 <para>
13292 What needs to happen next: Reach a conclusion and consensus in
13293 the discussion and make a final proposal for what should be
13294 changed (if anything), moving to the proposal tag.
13295 </para>
13296 </section>
13297 <section id="state-c-proposal">
13298 <title>State C: Proposal</title>
13299 <para>
13300 A final proposal has emerged from the discussion, and there is a
13301 rough consensus on how to proceed to resolve the issue.
13302 </para>
13303 <para>
13304 <ulink
13305 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=proposal">TAG:
13306 <literal>proposal</literal></ulink>
13307 </para>
13308 <para>
13309 What needs to happen next: Provided that the rough consensus
13310 persists, develop a patch against the current Policy document
13311 with specific wording of the change. Often this is done in
13312 conjunction with the proposal, in which case one may skip this
13313 step and move directly to patch tag.
13314 </para>
13315 </section>
13316 <section id="state-d-wording-proposed">
13317 <title>State D: Wording proposed</title>
13318 <para>
13319 A patch against the Policy document reflecting the consensus has
13320 been created and is waiting for formal seconds. The standard
13321 patch tag is used for this state, since it's essentially
13322 equivalent to the standard meaning of that tag.
13323 </para>
13324 <para>
13325 <ulink
13326 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=patch">TAG:
13327 <literal>patch</literal></ulink>
13328 </para>
13329 <para>
13330 What needs to happen next: The proposal needs to be reviewed and
13331 seconded. Any Debian developer who agrees with the change and
13332 the conclusion of rough consensus from the discussion should say
13333 so in the bug log by seconding the proposal.
13334 </para>
13335 </section>
13336 <section id="state-e-seconded">
13337 <title>State E: Seconded</title>
13338 <para>
13339 The proposal is signed off on by N Debian Developers. To start
13340 with, we're going with N=3, meaning that if three Debian
13341 Developers agree, not just with the proposal but with the
13342 conclusion that it reflects consensus and addresses the original
13343 issue -- it is considered eligible for inclusion in the next
13344 version of Policy. Since Policy is partly a technical project
13345 governance method, one must be a Debian Developer to formally
13346 second, although review and discussion is welcome from anyone.
13347 Once this tag has been applied, the bug is waiting for a Policy
13348 team member to apply the patch to the package repository.
13349 </para>
13350 <para>
13351 <ulink
13352 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=seconded">TAG:
13353 <literal>seconded</literal></ulink>
13354 </para>
13355 <para>
13356 What needs to happen next: A Policy maintainer does the final
13357 review and confirmation, and then applies the patch for the next
13358 Policy release.
13359 </para>
13360 <para>
13361 This tag is not used very much because normally a Policy
13362 maintainer applies the patch and moves the proposal to the next
13363 state once enough seconds are reached.
13364 </para>
13365 </section>
13366 <section id="state-f-accepted">
13367 <title>State F: Accepted</title>
13368 <para>
13369 Change accepted, will be in next upload. The standard pending
13370 tag is used for this state since it matches the regular meaning
13371 of pending.
13372 </para>
13373 <para>
13374 <ulink
13375 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=pending">TAG:
13376 <literal>pending</literal></ulink>
13377 </para>
13378 <para>
13379 What needs to happen next: The bug is now in the waiting queue
13380 for the next Policy release, and there's nothing left to do
13381 except for upload a new version of Policy.
13382 </para>
13383 </section>
13384 <section id="state-g-reject">
13385 <title>State G: Reject</title>
13386 <para>
13387 Rejected proposals. The standard wontfix is used for this state.
13388 Normally, bugs in this state will not remain open; instead, a
13389 Policy team member will close them with an explanation. The
13390 submitter may then appeal to the tech-ctte if they so desire.
13391 Alternately, issues appealed to the tech-ctte may remain open
13392 with this tag while that appeal proceeds.
13393 </para>
13394 <para>
13395 <ulink
13396 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=rejected">TAG:
13397 <literal>wontfix</literal></ulink>
13398 </para>
13399 <para>
13400 We may use one of the following tags here, but to date we have
13401 only used dubious and ctte. It's not clear whether we need more
13402 tags for this stage.
13403 </para>
13404 <variablelist spacing="compact">
13405 <varlistentry>
13406 <term>
13407 <emphasis role="strong">dubious</emphasis>
13408 </term>
13409 <listitem>
13410 <para>
13411 Not a policy matter
13412 </para>
13413 </listitem>
13414 </varlistentry>
13415 <varlistentry>
13416 <term>
13417 <emphasis role="strong">ctte</emphasis>
13418 </term>
13419 <listitem>
13420 <para>
13421 Referred to the Technical Committee (tech-ctte)
13422 </para>
13423 </listitem>
13424 </varlistentry>
13425 <varlistentry>
13426 <term>
13427 <emphasis role="strong">devel</emphasis>
13428 </term>
13429 <listitem>
13430 <para>
13431 Referred to the developer body
13432 </para>
13433 </listitem>
13434 </varlistentry>
13435 <varlistentry>
13436 <term>
13437 <emphasis role="strong">delegate</emphasis>
13438 </term>
13439 <listitem>
13440 <para>
13441 Rejected by a Policy delegate
13442 </para>
13443 </listitem>
13444 </varlistentry>
13445 <varlistentry>
13446 <term>
13447 <emphasis role="strong">obsolete</emphasis>
13448 </term>
13449 <listitem>
13450 <para>
13451 The proposal timed out without a conclusion
13452 </para>
13453 </listitem>
13454 </varlistentry>
13455 </variablelist>
13456 <para>
13457 What needs to happen next: The bug should be closed once a final
13458 resolution is reached, or retagged to an appropriate state if
13459 that final resolution reverses the decision to reject the
13460 proposal.
13461 </para>
13462 </section>
13463 </section>
13465 <section id="process-other-tags">
13466 <title>Other Tags</title>
13467 <para>
13468 All Policy bugs are additionally categorized by class of bug.
13469 </para>
13470 <para>
13471 The normative tag is used for bugs that make normative changes to
13472 Policy, meaning that the dictates of Policy will change in some
13473 fashion as part of the resolution of the bug if the proposal is
13474 accepted. The full process is followed for such bugs.
13475 </para>
13476 <para>
13477 <ulink
13478 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=normative">TAG:
13479 <literal>normative</literal></ulink>
13480 </para>
13481 <para>
13482 The informative tag is used for bugs about wording issues, typos,
13483 informative footnotes, or other changes that do not affect the
13484 formal dictates of Policy, just the presentation. The same tags
13485 are used for these bugs for convenience, but the Policy
13486 maintainers may make informative changes without following the
13487 full process. Informative bugs fall under their discretion.
13488 </para>
13489 <para>
13490 <ulink
13491 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=informative">TAG:
13492 <literal>informative</literal></ulink>
13493 </para>
13494 <para>
13495 The packaging tag is used for bugs about the packaging and build
13496 process of the debian-policy Debian package. These bugs do not
13497 follow the normal process and will not have the other tags except
13498 for pending and wontfix (used with their normal meanings).
13499 </para>
13500 <para>
13501 <ulink
13502 url="https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=debian-policy&pend-exc=done&tag=packaging">TAG:
13503 <literal>packaging</literal></ulink>
13504 </para>
13505 </section>
13507 </appendix>
13509 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
13510 href="upgrading-checklist.xml" />
13512 </book>