<abstract>
This manual describes the policy requirements for the Debian
- GNU/Linux distribution. This includes the structure and
+ distribution. This includes the structure and
contents of the Debian archive and several design issues of
the operating system, as well as technical requirements that
each package must satisfy to be included in the distribution.
<p>
A copy of the GNU General Public License is available as
- <file>/usr/share/common-licenses/GPL</file> in the Debian GNU/Linux
+ <file>/usr/share/common-licenses/GPL</file> in the Debian
distribution or on the World Wide Web at
<url id="http://www.gnu.org/copyleft/gpl.html"
name="the GNU General Public Licence">. You can also
<heading>Scope</heading>
<p>
This manual describes the policy requirements for the Debian
- GNU/Linux distribution. This includes the structure and
+ distribution. This includes the structure and
contents of the Debian archive and several design issues of the
operating system, as well as technical requirements that
each package must satisfy to be included in the
The actual editing is done by a group of maintainers that have
no editorial powers. These are the current maintainers:
- <enumlist>
- <item>Julian Gilbey</item>
- <item>Branden Robinson</item>
- <item>Josip Rodin</item>
- <item>Manoj Srivastava</item>
- </enumlist>
+ <enumlist>
+ <item>Russ Allbery</item>
+ <item>Bill Allombert</item>
+ <item>Andrew McMillan</item>
+ <item>Manoj Srivastava</item>
+ <item>Colin Watson</item>
+ </enumlist>
</p>
<p>
<heading>The Debian Archive</heading>
<p>
- The Debian GNU/Linux system is maintained and distributed as a
+ The Debian system is maintained and distributed as a
collection of <em>packages</em>. Since there are so many of
them (currently well over 15000), they are split into
<em>sections</em> and given <em>priorities</em> to simplify
</p>
<p>
- The <em>main</em> archive area forms the <em>Debian GNU/Linux
- distribution</em>.
+ The <em>main</em> archive area forms the <em>Debian distribution</em>.
</p>
<p>
<sect1 id="main">
<heading>The main archive area</heading>
+ <p>
+ The <em>main</em> archive area comprises the Debian
+ distribution. Only the packages in this area are considered
+ part of the distribution. None of the packages in
+ the <em>main</em> archive area require software outside of
+ that area to function. Anyone may use, share, modify and
+ redistribute the packages in this archive area
+ freely<footnote>
+ See <url id="http://www.debian.org/intro/free"
+ name="What Does Free Mean?"> for
+ more about what we mean by free software.
+ </footnote>.
+ </p>
+
<p>
Every package in <em>main</em> must comply with the DFSG
(Debian Free Software Guidelines).
<sect1 id="contrib">
<heading>The contrib archive area</heading>
+ <p>
+ The <em>contrib</em> archive area contains supplemental
+ packages intended to work with the Debian distribution, but
+ which require software outside of the distribution to either
+ build or function.
+ </p>
+
<p>
Every package in <em>contrib</em> must comply with the DFSG.
</p>
</list>
</p>
-
<p>
Examples of packages which would be included in
<em>contrib</em> are:
<sect1 id="non-free">
<heading>The non-free archive area</heading>
+ <p>
+ The <em>non-free</em> archive area contains supplemental
+ packages intended to work with the Debian distribution that do
+ not comply with the DFSG or have other problems that make
+ their distribution problematic. They may not comply with all
+ of the policy requirements in this manual due to restrictions
+ on modifications or other limitations.
+ </p>
+
<p>
Packages must be placed in <em>non-free</em> if they are
not compliant with the DFSG or are encumbered by patents
<heading>Binary packages</heading>
<p>
- The Debian GNU/Linux distribution is based on the Debian
+ The Debian distribution is based on the Debian
package management system, called <prgn>dpkg</prgn>. Thus,
all packages in the Debian distribution must be provided
in the <tt>.deb</tt> file format.
</p>
+ <p>
+ A <tt>.deb</tt> package contains two sets of files: a set of files
+ to install on the system when the package is installed, and a set
+ of files that provide additional metadata about the package or
+ which are executed when the package is installed or removed. This
+ second set of files is called <em>control information files</em>.
+ Among those files are the package maintainer scripts
+ and <file>control</file>, the <qref id="binarycontrolfiles">binary
+ package control file</qref> that contains the control fields for
+ the package. Other control information files
+ include <qref id="sharedlibs-shlibdeps">the <file>shlibs</file>
+ file</qref> used to store shared library dependency information
+ and the <file>conffiles</file> file that lists the package's
+ configuration files (described in <ref id="config-files">).
+ </p>
+
+ <p>
+ There is unfortunately a collision of terminology here between
+ control information files and files in the Debian control file
+ format. Throughout this document, a <em>control file</em> refers
+ to a file in the Debian control file format. These files are
+ documented in <ref id="controlfields">. Only files referred to
+ specifically as <em>control information files</em> are the files
+ included in the control information file member of
+ the <file>.deb</file> file format used by binary packages. Most
+ control information files are not in the Debian control file
+ format.
+ </p>
+
<sect>
<heading>The package name</heading>
numbers based on some date formats (sometimes used for
development or "snapshot" releases) will not be ordered
correctly by the package management software. For
- example, <prng>dpkg</prng> will consider "96May01" to be
+ example, <prgn>dpkg</prgn> will consider "96May01" to be
greater than "96Dec24".
</p>
</sect>
- <sect>
+ <sect id="maintainer">
<heading>The maintainer of a package</heading>
<p>
- Every package must have a Debian maintainer (the
- maintainer may be one person or a group of people
- reachable from a common email address, such as a mailing
- list). The maintainer is responsible for ensuring that
- the package is placed in the appropriate distributions.
- </p>
-
- <p>
- The maintainer must be specified in the
- <tt>Maintainer</tt> control field with their correct name
- and a working email address. If one person maintains
- several packages, they should try to avoid having
- different forms of their name and email address in
+ Every package must have a maintainer, except for orphaned
+ packages as described below. The maintainer may be one person
+ or a group of people reachable from a common email address, such
+ as a mailing list. The maintainer is responsible for
+ maintaining the Debian packaging files, evaluating and
+ responding appropriately to reported bugs, uploading new
+ versions of the package (either directly or through a sponsor),
+ ensuring that the package is placed in the appropriate archive
+ area and included in Debian releases as appropriate for the
+ stability and utility of the package, and requesting removal of
+ the package from the Debian distribution if it is no longer
+ useful or maintainable.
+ </p>
+
+ <p>
+ The maintainer must be specified in the <tt>Maintainer</tt>
+ control field with their correct name and a working email
+ address. The email address given in the <tt>Maintainer</tt>
+ control field must accept mail from those role accounts in
+ Debian used to send automated mails regarding the package. This
+ includes non-spam mail from the bug-tracking system, all mail
+ from the Debian archive maintenance software, and other role
+ accounts or automated processes that are commonly agreed on by
+ the project.<footnote>
+ A sample implementation of such a whitelist written for the
+ Mailman mailing list management software is used for mailing
+ lists hosted by alioth.debian.org.
+ </footnote>
+ If one person or team maintains several packages, they should
+ use the same form of their name and email address in
the <tt>Maintainer</tt> fields of those packages.
</p>
</p>
<p>
- If the maintainer of a package quits from the Debian
- project, "Debian QA Group"
- <email>packages@qa.debian.org</email> takes over the
- maintainer-ship of the package until someone else
- volunteers for that task. These packages are called
- <em>orphaned packages</em>.<footnote>
- The detailed procedure for doing this gracefully can
- be found in the Debian Developer's Reference,
- see <ref id="related">.
+ If the maintainer of the package is a team of people with a
+ shared email address, the <tt>Uploaders</tt> control field must
+ be present and must contain at least one human with their
+ personal email address. See <ref id="f-Uploaders"> for the
+ syntax of that field.
+ </p>
+
+ <p>
+ An orphaned package is one with no current maintainer. Orphaned
+ packages should have their <tt>Maintainer</tt> control field set
+ to <tt>Debian QA Group <packages@qa.debian.org></tt>.
+ These packages are considered maintained by the Debian project
+ as a whole until someone else volunteers to take over
+ maintenance.<footnote>
+ The detailed procedure for gracefully orphaning a package can
+ be found in the Debian Developer's Reference
+ (see <ref id="related">).
</footnote>
</p>
</sect>
<heading>The description of a package</heading>
<p>
- Every Debian package must have an extended description
- stored in the appropriate field of the control record.
- The technical information about the format of the
+ Every Debian package must have a <tt>Description</tt> control
+ field which contains a synopsis and extended description of the
+ package. Technical information about the format of the
<tt>Description</tt> field is in <ref id="f-Description">.
</p>
</sect>
- <sect>
+ <sect id="dependencies">
<heading>Dependencies</heading>
<p>
</p>
<p>
- Sometimes, a package requires another package to be installed
- <em>and</em> configured before it can be installed. In this
- case, you must specify a <tt>Pre-Depends</tt> entry for
- the package.
+ Sometimes, unpacking one package requires that another package
+ be first unpacked <em>and</em> configured. In this case, the
+ depending package must specify this dependency in
+ the <tt>Pre-Depends</tt> control field.
</p>
<p>
<p>
The <tt>base system</tt> is a minimum subset of the Debian
- GNU/Linux system that is installed before everything else
+ system that is installed before everything else
on a new system. Only very few packages are allowed to form
part of the base system, in order to keep the required disk
usage very small.
must be available and usable on the system at all times, even
when packages are in an unconfigured (but unpacked) state.
Packages are tagged <tt>essential</tt> for a system using the
- <tt>Essential</tt> control file field. The format of the
+ <tt>Essential</tt> control field. The format of the
<tt>Essential</tt> control field is described in <ref
id="f-Essential">.
</p>
<p>
Packages which use the Debian Configuration Management
- Specification may contain an additional
- <prgn>config</prgn> script and a <tt>templates</tt>
- file in their control archive<footnote>
- The control.tar.gz inside the .deb.
- See <manref name="deb" section="5">.
- </footnote>.
- The <prgn>config</prgn> script might be run before the
- <prgn>preinst</prgn> script, and before the package is unpacked
- or any of its dependencies or pre-dependencies are satisfied.
- Therefore it must work using only the tools present in
- <em>essential</em> packages.<footnote>
+ Specification may contain the additional control information
+ files <file>config</file>
+ and <file>templates</file>. <file>config</file> is an
+ additional maintainer script used for package configuration,
+ and <file>templates</file> contains templates used for user
+ prompting. The <prgn>config</prgn> script might be run before
+ the <prgn>preinst</prgn> script and before the package is
+ unpacked or any of its dependencies or pre-dependencies are
+ satisfied. Therefore it must work using only the tools
+ present in <em>essential</em> packages.<footnote>
<package>Debconf</package> or another tool that
implements the Debian Configuration Management
Specification will also be installed, and any
The maintainer name and email address used in the changelog
should be the details of the person uploading <em>this</em>
version. They are <em>not</em> necessarily those of the
- usual package maintainer. The information here will be
- copied to the <tt>Changed-By</tt> field in the
- <tt>.changes</tt> file (see <ref id="f-Changed-By">),
- and then later used to send an acknowledgement when the
- upload has been installed.
+ usual package maintainer.<footnote>
+ If the developer uploading the package is not one of the usual
+ maintainers of the package (as listed in
+ the <qref id="f-Maintainer"><tt>Maintainer</tt></qref>
+ or <qref id="f-Uploaders"><tt>Uploaders</tt></qref> control
+ fields of the package), the first line of the changelog is
+ conventionally used to explain why a non-maintainer is
+ uploading the package. The Debian Developer's Reference
+ (see <ref id="related">) documents the conventions
+ used.</footnote>
+ The information here will be copied to the <tt>Changed-By</tt>
+ field in the <tt>.changes</tt> file
+ (see <ref id="f-Changed-By">), and then later used to send an
+ acknowledgement when the upload has been installed.
</p>
<p>
identical behavior.
</p>
+ <p>
+ The following targets are required and must be implemented
+ by <file>debian/rules</file>: <tt>clean</tt>, <tt>binary</tt>,
+ <tt>binary-arch</tt>, <tt>binary-indep</tt>, and <tt>build</tt>.
+ These are the targets called by <prgn>dpkg-buildpackage</prgn>.
+ </p>
+
<p>
Since an interactive <file>debian/rules</file> script makes it
- impossible to auto-compile that package and also makes it
- hard for other people to reproduce the same binary
- package, all <em>required targets</em> must be
- non-interactive. At a minimum, required targets are the
- ones called by <prgn>dpkg-buildpackage</prgn>, namely,
- <em>clean</em>, <em>binary</em>, <em>binary-arch</em>,
- <em>binary-indep</em>, and <em>build</em>. It also follows
- that any target that these targets depend on must also be
+ impossible to auto-compile that package and also makes it hard
+ for other people to reproduce the same binary package, all
+ required targets must be non-interactive. It also follows that
+ any target that these targets depend on must also be
non-interactive.
</p>
<p>
- The targets are as follows (required unless stated otherwise):
+ The targets are as follows:
<taglist>
- <tag><tt>build</tt></tag>
+ <tag><tt>build</tt> (required)</tag>
<item>
<p>
The <tt>build</tt> target should perform all the
</p>
</item>
- <tag><tt>binary</tt>, <tt>binary-arch</tt>,
- <tt>binary-indep</tt>
+ <tag><tt>binary</tt> (required), <tt>binary-arch</tt>
+ (required), <tt>binary-indep</tt> (required)
</tag>
<item>
<p>
</p>
</item>
- <tag><tt>clean</tt></tag>
+ <tag><tt>clean</tt> (required)</tag>
<item>
<p>
This must undo any effects that the <tt>build</tt>
<p>
The architectures we build on and build for are determined
- by <prgn>make</prgn> variables using the utility
- <qref id="pkg-dpkg-architecture"><prgn>dpkg-architecture</prgn></qref>.
- You can determine the
- Debian architecture and the GNU style architecture
- specification string for the build machine (the machine type
- we are building on) as well as for the host machine (the
- machine type we are building for). Here is a list of
- supported <prgn>make</prgn> variables:
+ by <prgn>make</prgn> variables using the
+ utility <qref id="pkg-dpkg-architecture"><prgn>dpkg-architecture</prgn></qref>.
+ You can determine the Debian architecture and the GNU style
+ architecture specification string for the build architecture as
+ well as for the host architecture. The build architecture is
+ the architecture on which <file>debian/rules</file> is run and
+ the package build is performed. The host architecture is the
+ architecture on which the resulting package will be installed
+ and run. These are normally the same, but may be different in
+ the case of cross-compilation (building packages for one
+ architecture on machines of a different architecture).
+ </p>
+
+ <p>
+ Here is a list of supported <prgn>make</prgn> variables:
<list compact="compact">
<item>
<tt>DEB_*_ARCH</tt> (the Debian architecture)
<tt>DEB_*_GNU_TYPE</tt>)
</list>
where <tt>*</tt> is either <tt>BUILD</tt> for specification of
- the build machine or <tt>HOST</tt> for specification of the
- host machine.
+ the build architecture or <tt>HOST</tt> for specification of the
+ host architecture.
</p>
<p>
<heading>Variable substitutions: <file>debian/substvars</file></heading>
<p>
- When <prgn>dpkg-gencontrol</prgn>,
- <prgn>dpkg-genchanges</prgn> and <prgn>dpkg-source</prgn>
- generate control files they perform variable substitutions
- on their output just before writing it. Variable
+ When <prgn>dpkg-gencontrol</prgn>
+ generates <qref id="binarycontrolfiles">binary package control
+ files</qref> (<file>DEBIAN/control</file>), it performs variable
+ substitutions on its output just before writing it. Variable
substitutions have the form <tt>${<var>variable</var>}</tt>.
The optional file <file>debian/substvars</file> contains
variable substitutions to be used; variables can also be set
directly from <file>debian/rules</file> using the <tt>-V</tt>
- option to the source packaging commands, and certain
- predefined variables are also available.
+ option to the source packaging commands, and certain predefined
+ variables are also available.
</p>
<p>
<heading>Optional upstream source location: <file>debian/watch</file></heading>
<p>
- This is an optional, recommended control file for the
- <tt>uscan</tt> utility which defines how to automatically
- scan ftp or http sites for newly available updates of the
- package. This is used by <url id="
- http://dehs.alioth.debian.org/"> and other Debian QA tools
- to help with quality control and maintenance of the
+ This is an optional, recommended configuration file for the
+ <tt>uscan</tt> utility which defines how to automatically scan
+ ftp or http sites for newly available updates of the
+ package. This is used
+ by <url id="http://dehs.alioth.debian.org/"> and other Debian QA
+ tools to help with quality control and maintenance of the
distribution as a whole.
</p>
<item><qref id="f-Source"><tt>Source</tt></qref> (mandatory)</item>
<item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
<item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
+ <item><qref id="f-DM-Upload-Allowed"><tt>DM-Upload-Allowed</tt></qref></item>
<item><qref id="f-Section"><tt>Section</tt></qref> (recommended)</item>
<item><qref id="f-Priority"><tt>Priority</tt></qref> (recommended)</item>
<item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
<item><qref id="f-Version"><tt>Version</tt></qref> (mandatory)</item>
<item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
<item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
+ <item><qref id="f-DM-Upload-Allowed"><tt>DM-Upload-Allowed</tt></qref></item>
<item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
<item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
<item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
putting the name in round brackets and moving it to the
end, and bringing the email address forward).
</p>
+
+ <p>
+ See <ref id="maintainer"> for additional requirements and
+ information about package maintainers.
+ </p>
</sect1>
<sect1 id="f-Uploaders">
<heading><tt>Uploaders</tt></heading>
<p>
- List of the names and email addresses of co-maintainers of
- the package, if any. If the package has other maintainers
- beside the one named in the
- <qref id="f-Maintainer">Maintainer field</qref>, their names
- and email addresses should be listed here. The format of each
- entry is the same as that of the Maintainer field, and
- multiple entries must be comma separated. This is an optional
- field.
+ List of the names and email addresses of co-maintainers of the
+ package, if any. If the package has other maintainers besides
+ the one named in the <qref id="f-Maintainer">Maintainer
+ field</qref>, their names and email addresses should be listed
+ here. The format of each entry is the same as that of the
+ Maintainer field, and multiple entries must be comma
+ separated.
+ </p>
+
+ <p>
+ This is normally an optional field, but if
+ the <tt>Maintainer</tt> control field names a group of people
+ and a shared email address, the <tt>Uploaders</tt> field must
+ be present and must contain at least one human with their
+ personal email address.
</p>
<p>
must match the list of files in the <tt>Files</tt> field.
</p>
</sect1>
+
+ <sect1 id="f-DM-Upload-Allowed">
+ <heading><tt>DM-Upload-Allowed</tt></heading>
+
+ <p>
+ The most recent version of a package uploaded to unstable or
+ experimental must include the field <tt>DM-Upload-Allowed:
+ yes</tt> in the source section of its source control file for
+ the Debian archive to accept uploads signed with a key in the
+ Debian Maintainer keyring. See the General
+ Resolution <url id="http://www.debian.org/vote/2007/vote_003"
+ name="Endorse the concept of Debian Maintainers"> for more
+ details.
+ </p>
+ </sect1>
</sect>
<sect>
</p>
<p>
- These scripts are the files <prgn>preinst</prgn>,
- <prgn>postinst</prgn>, <prgn>prerm</prgn> and
- <prgn>postrm</prgn> in the control area of the package.
- They must be proper executable files; if they are scripts
- (which is recommended), they must start with the usual
- <tt>#!</tt> convention. They should be readable and
+ These scripts are the control information
+ files <prgn>preinst</prgn>, <prgn>postinst</prgn>, <prgn>prerm</prgn>
+ and <prgn>postrm</prgn>. They must be proper executable files;
+ if they are scripts (which is recommended), they must start with
+ the usual <tt>#!</tt> convention. They should be readable and
executable by anyone, and must not be world-writable.
</p>
they exit with a zero status if everything went well.
</p>
- Additionally, packages interacting with users using
- <tt>debconf</tt> in the <prgn>postinst</prgn> script should
- install a <prgn>config</prgn> script in the control area,
- see <ref id="maintscriptprompt"> for details.
- </p>
+ <p>
+ Additionally, packages interacting with users
+ using <prgn>debconf</prgn> in the <prgn>postinst</prgn> script
+ should install a <prgn>config</prgn> script as a control
+ information file. See <ref id="maintscriptprompt"> for details.
+ </p>
<p>
When a package is upgraded a combination of the scripts from
<p>
Broadly speaking the <prgn>preinst</prgn> is called before
- (a particular version of) a package is installed, and the
+ (a particular version of) a package is unpacked, and the
<prgn>postinst</prgn> afterwards; the <prgn>prerm</prgn>
before (a version of) a package is removed and the
<prgn>postrm</prgn> afterwards.
</heading>
<p>
- <list compact="compact">
- <item>
- <var>new-preinst</var> <tt>install</tt>
- </item>
- <item>
- <var>new-preinst</var> <tt>install</tt> <var>old-version</var>
- </item>
- <item>
- <var>new-preinst</var> <tt>upgrade</tt> <var>old-version</var>
- </item>
- <item>
- <var>old-preinst</var> <tt>abort-upgrade</tt>
- <var>new-version</var>
- </item>
- </list>
+ What follows is a summary of all the ways in which maintainer
+ scripts may be called along with what facilities those scripts
+ may rely on being available at that time. Script names preceded
+ by <var>new-</var> are the scripts from the new version of a
+ package being installed, upgraded to, or downgraded to. Script
+ names preceded by <var>old-</var> are the scripts from the old
+ version of a package that is being upgraded from or downgraded
+ from.
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>postinst</var> <tt>configure</tt>
- <var>most-recently-configured-version</var>
- </item>
- <item>
- <var>old-postinst</var> <tt>abort-upgrade</tt>
- <var>new-version</var>
- </item>
- <item>
- <var>conflictor's-postinst</var> <tt>abort-remove</tt>
- <tt>in-favour</tt> <var>package</var>
- <var>new-version</var>
- </item>
+ The <prgn>preinst</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>new-preinst</var> <tt>install</tt></tag>
+ <tag><var>new-preinst</var> <tt>install</tt>
+ <var>old-version</var></tag>
+ <tag><var>new-preinst</var> <tt>upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>postinst</var> <tt>abort-remove</tt>
+ The package will not yet be unpacked, so
+ the <prgn>preinst</prgn> script cannot rely on any files
+ included in its package. Only essential packages and
+ pre-dependencies (<tt>Pre-Depends</tt>) may be assumed to be
+ available. Pre-dependencies will have been configured at
+ least once, but at the time the <prgn>preinst</prgn> is
+ called they may only be in an unpacked or "Half-Configured"
+ state if a previous version of the pre-dependency was
+ completely configured and has not been removed since then.
</item>
+
+ <tag><var>old-preinst</var> <tt>abort-upgrade</tt>
+ <var>new-version</var></tag>
<item>
- <var>deconfigured's-postinst</var>
- <tt>abort-deconfigure</tt> <tt>in-favour</tt>
- <var>failed-install-package</var> <var>version</var>
- [<tt>removing</tt> <var>conflicting-package</var>
- <var>version</var>]
+ Called during error handling of an upgrade that failed after
+ unpacking the new package because the <tt>postrm
+ upgrade</tt> action failed. The unpacked files may be
+ partly from the new version or partly missing, so the script
+ cannot rely on files included in the package. Package
+ dependencies may not be available. Pre-dependencies will be
+ at least unpacked following the same rules as above, except
+ they may be only "Half-Installed" if an upgrade of the
+ pre-dependency failed.<footnote>
+ This can happen if the new version of the package no
+ longer pre-depends on a package that had been partially
+ upgraded.
+ </footnote>
</item>
- </list>
+ </taglist>
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>prerm</var> <tt>remove</tt>
- </item>
- <item>
- <var>old-prerm</var> <tt>upgrade</tt>
- <var>new-version</var>
- </item>
- <item>
- <var>new-prerm</var> <tt>failed-upgrade</tt>
- <var>old-version</var>
- </item>
+ The <prgn>postinst</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>postinst</var> <tt>configure</tt>
+ <var>most-recently-configured-version</var></tag>
<item>
- <var>conflictor's-prerm</var> <tt>remove</tt>
- <tt>in-favour</tt> <var>package</var>
- <var>new-version</var>
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be unpacked. If there
+ are no circular dependencies involved, all package
+ dependencies will be configured. For behavior in the case
+ of circular dependencies, see the discussion
+ in <ref id="binarydeps">.
</item>
+
+ <tag><var>old-postinst</var> <tt>abort-upgrade</tt>
+ <var>new-version</var></tag>
+ <tag><var>conflictor's-postinst</var> <tt>abort-remove</tt>
+ <tt>in-favour</tt> <var>package</var>
+ <var>new-version</var></tag>
+ <tag><var>postinst</var> <tt>abort-remove</tt></tag>
+ <tag><var>deconfigured's-postinst</var>
+ <tt>abort-deconfigure</tt> <tt>in-favour</tt>
+ <var>failed-install-package</var> <var>version</var>
+ [<tt>removing</tt> <var>conflicting-package</var>
+ <var>version</var>]</tag>
<item>
- <var>deconfigured's-prerm</var> <tt>deconfigure</tt>
- <tt>in-favour</tt> <var>package-being-installed</var>
- <var>version</var> [<tt>removing</tt>
- <var>conflicting-package</var>
- <var>version</var>]
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be "Half-Installed" and
+ will have previously been configured and not removed.
+ However, dependencies may not be configured or even fully
+ unpacked in some error situations.<footnote>
+ For example, suppose packages foo and bar are installed
+ with foo depending on bar. If an upgrade of bar were
+ started and then aborted, and then an attempt to remove
+ foo failed because its <prgn>prerm</prgn> script failed,
+ foo's <tt>postinst abort-remove</tt> would be called with
+ bar only "Half-Installed".
+ </footnote>
+ The <prgn>postinst</prgn> should still attempt any actions
+ for which its dependencies are required, since they will
+ normally be available, but consider the correct error
+ handling approach if those actions fail. Aborting
+ the <prgn>postinst</prgn> action if commands or facilities
+ from the package dependencies are not available is often the
+ best approach.
</item>
- </list>
+ </taglist>
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>postrm</var> <tt>remove</tt>
- </item>
- <item>
- <var>postrm</var> <tt>purge</tt>
- </item>
- <item>
- <var>old-postrm</var> <tt>upgrade</tt>
- <var>new-version</var>
- </item>
+ The <prgn>prerm</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>prerm</var> <tt>remove</tt></tag>
+ <tag><var>old-prerm</var>
+ <tt>upgrade</tt><var>new-version</var></tag>
+ <tag><var>conflictor's-prerm</var> <tt>remove</tt>
+ <tt>in-favour</tt> <var>package</var>
+ <var>new-version</var></tag>
+ <tag><var>deconfigured's-prerm</var> <tt>deconfigure</tt>
+ <tt>in-favour</tt> <var>package-being-installed</var>
+ <var>version</var> [<tt>removing</tt>
+ <var>conflicting-package</var> <var>version</var>]</tag>
<item>
- <var>new-postrm</var> <tt>failed-upgrade</tt>
- <var>old-version</var>
+ The package whose <prgn>prerm</prgn> is being called will be
+ at least "Half-Installed". All package dependencies will at
+ least be "Half-Installed" and will have previously been
+ configured and not removed. If there was no error, all
+ dependencies will at least be unpacked, but these actions
+ may be called in various error states where dependencies are
+ only "Half-Installed" due to a partial upgrade.
</item>
+
+ <tag><var>new-prerm</var> <tt>failed-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-install</tt>
+ Called during error handling when <tt>prerm upgrade</tt>
+ fails. The new package will not yet be unpacked, and all
+ the same constraints as for <tt>preinst upgrade</tt> apply.
</item>
+ </taglist>
+ </p>
+
+ <p>
+ The <prgn>postrm</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>postrm</var> <tt>remove</tt></tag>
+ <tag><var>postrm</var> <tt>purge</tt></tag>
+ <tag><var>old-postrm</var> <tt>upgrade</tt>
+ <var>new-version</var></tag>
+ <tag><var>disappearer's-postrm</var> <tt>disappear</tt>
+ <var>overwriter</var> <var>overwriter-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-install</tt>
- <var>old-version</var>
+ The <prgn>postrm</prgn> script is called after the package's
+ files have been removed or replaced. The package
+ whose <prgn>postrm</prgn> is being called may have
+ previously been deconfigured and only be unpacked, at which
+ point subsequent package changes do not consider its
+ dependencies. Therefore, all <prgn>postrm</prgn> actions
+ may only rely on essential packages and must gracefully skip
+ any actions that require the package's dependencies if those
+ dependencies are unavailable.<footnote>
+ This is often done by checking whether the command or
+ facility the <prgn>postrm</prgn> intends to call is
+ available before calling it. For example:
+<example>
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+fi
+</example>
+ in <prgn>postrm</prgn> purges the <prgn>debconf</prgn>
+ configuration for the package
+ if <package>debconf</package> is installed.
+ </footnote>
</item>
+
+ <tag><var>new-postrm</var> <tt>failed-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-upgrade</tt>
- <var>old-version</var>
+ Called when the old <tt>postrm upgrade</tt> action fails.
+ The new package will be unpacked, but only essential
+ packages and pre-dependencies can be relied on.
+ Pre-dependencies will either be configured or will be
+ "Unpacked" or "Half-Configured" but previously had been
+ configured and was never removed.
</item>
+
+ <tag><var>new-postrm</var> <tt>abort-install</tt></tag>
+ <tag><var>new-postrm</var> <tt>abort-install</tt>
+ <var>old-version</var></tag>
+ <tag><var>new-postrm</var> <tt>abort-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>disappearer's-postrm</var> <tt>disappear</tt>
- <var>overwriter</var>
- <var>overwriter-version</var>
+ Called before unpacking the new package as part of the
+ error handling of <prgn>preinst</prgn> failures. May assume
+ the same state as <prgn>preinst</prgn> can assume.
</item>
- </list>
+ </taglist>
</p>
-
+ </sect>
<sect id="unpackphase">
<heading>Details of unpack phase of installation or upgrade</heading>
behavior which, though deterministic, is hard for the
system administrator to understand. It can easily
lead to "missing" programs if, for example, a package
- is installed which overwrites a file from another
+ is unpacked which overwrites a file from another
package, and is then removed again.<footnote>
Part of the problem is due to what is arguably a
bug in <prgn>dpkg</prgn>.
If there was a conflicting package we go and do the
removal actions (described below), starting with the
removal of the conflicting package's files (any that
- are also in the package being installed have already
+ are also in the package being unpacked have already
been removed from the conflicting package's file list,
and so do not get removed now).
</item>
In the <tt>Depends</tt>, <tt>Recommends</tt>,
<tt>Suggests</tt>, <tt>Pre-Depends</tt>,
<tt>Build-Depends</tt> and <tt>Build-Depends-Indep</tt>
- control file fields of the package, which declare
+ control fields of the package, which declare
dependencies on other packages, the package names listed may
also include lists of alternative package names, separated
by vertical bar (pipe) symbols <tt>|</tt>. In such a case,
<p>
This is done using the <tt>Depends</tt>, <tt>Pre-Depends</tt>,
<tt>Recommends</tt>, <tt>Suggests</tt>, <tt>Enhances</tt>,
- <tt>Breaks</tt> and <tt>Conflicts</tt> control file fields.
+ <tt>Breaks</tt> and <tt>Conflicts</tt> control fields.
<tt>Breaks</tt> is described in <ref id="breaks">, and
<tt>Conflicts</tt> is described in <ref id="conflicts">. The
rest are described below.
</p>
<p>
- For this reason packages in an installation run are usually
- all unpacked first and all configured later; this gives
- later versions of packages with dependencies on later
- versions of other packages the opportunity to have their
- dependencies satisfied.
+ Since <tt>Depends</tt> only places requirements on the order in
+ which packages are configured, packages in an installation run
+ are usually all unpacked first and all configured later.
+ <footnote>
+ This approach makes dependency resolution easier. If two
+ packages A and B are being upgraded, the installed package A
+ depends on exactly the installed package B, and the new
+ package A depends on exactly the new package B (a common
+ situation when upgrading shared libraries and their
+ corresponding development packages), satisfying the
+ dependencies at every stage of the upgrade would be
+ impossible. This relaxed restriction means that both new
+ packages can be unpacked together and then configured in their
+ dependency order.
+ </footnote>
</p>
- <p>
- In case of circular dependencies, since installation or
- removal order honoring the dependency order can't be
- established, dependency loops are broken at some point
- (based on rules below), and some packages may not be able to
- rely on their dependencies being present when being
- installed or removed, depending on which side of the break
- of the circular dependency loop they happen to be on. If one
- of the packages in the loop has no postinst script, then the
- cycle will be broken at that package, so as to ensure that
- all postinst scripts run with the dependencies properly
- configured if this is possible. Otherwise the breaking point
- is arbitrary.
- </p>
-
<p>
- The <tt>Depends</tt> field thus allows package maintainers
- to impose an order in which packages should be configured.
+ If there is a circular dependency among packages being installed
+ or removed, installation or removal order honoring the
+ dependency order is impossible, requiring the dependency loop be
+ broken at some point and the dependency requirements violated
+ for at least one package. Packages involved in circular
+ dependencies may not be able to rely on their dependencies being
+ configured before they themselves are configured, depending on
+ which side of the break of the circular dependency loop they
+ happen to be on. If one of the packages in the loop has
+ no <prgn>postinst</prgn> script, then the cycle will be broken
+ at that package; this ensures that all <prgn>postinst</prgn>
+ scripts are run with their dependencies properly configured if
+ this is possible. Otherwise the breaking point is arbitrary.
+ Packages should therefore avoid circular dependencies where
+ possible, particularly if they have <prgn>postinst</prgn>
+ scripts.
</p>
<p>
This declares an absolute dependency. A package will
not be configured unless all of the packages listed in
its <tt>Depends</tt> field have been correctly
- configured.
+ configured (unless there is a circular dependency as
+ described above).
</p>
<p>
<p>
The <tt>Depends</tt> field should also be used if the
- <prgn>postinst</prgn>, <prgn>prerm</prgn> or
- <prgn>postrm</prgn> scripts require the package to be
- present in order to run. Note, however, that the
- <prgn>postrm</prgn> cannot rely on any non-essential
- packages to be present during the <tt>purge</tt>
- phase.
+ <prgn>postinst</prgn> or <prgn>prerm</prgn> scripts
+ require the depended-on package to be unpacked or
+ configured in order to run. In the case of <tt>postinst
+ configure</tt>, the depended-on packages will be unpacked
+ and configured first. (If both packages are involved in a
+ dependency loop, this might not work as expected; see the
+ explanation a few paragraphs back.) In the case
+ of <prgn>prerm</prgn> or other <prgn>postinst</prgn>
+ actions, the package dependencies will normally be at
+ least unpacked, but they may be only "Half-Installed" if a
+ previous upgrade of the dependency failed.
+ </p>
+
+ <p>
+ Finally, the <tt>Depends</tt> field should be used if the
+ depended-on package is needed by the <prgn>postrm</prgn>
+ script to fully clean up after the package removal. There
+ is no guarantee that package dependencies will be
+ available when <prgn>postrm</prgn> is run, but the
+ depended-on package is more likely to be available if the
+ package declares a dependency (particularly in the case
+ of <tt>postrm remove</tt>). The <prgn>postrm</prgn>
+ script must gracefully skip actions that require a
+ dependency if that dependency isn't available.
+ </p>
</item>
<tag><tt>Recommends</tt></tag>
</p>
<p>
- When the package declaring a pre-dependency is about
- to be <em>configured</em>, the pre-dependency will be
- treated as a normal <tt>Depends</tt>, that is, it will
- be considered satisfied only if the depended-on
- package has been correctly configured.
+ When the package declaring a pre-dependency is about to
+ be <em>configured</em>, the pre-dependency will be treated
+ as a normal <tt>Depends</tt>. It will be considered
+ satisfied only if the depended-on package has been
+ correctly configured. However, unlike
+ with <tt>Depends</tt>, <tt>Pre-Depends</tt> does not
+ permit circular dependencies to be broken. If a circular
+ dependency is encountered while attempting to honor
+ <tt>Pre-Depends</tt>, the installation will be aborted.
+ </p>
+
+ <p>
+ <tt>Pre-Depends</tt> are also required if the
+ <prgn>preinst</prgn> script depends on the named package.
+ It is best to avoid this situation if possible.
</p>
<p>
</p>
<p>
- <tt>Pre-Depends</tt> are also required if the
- <prgn>preinst</prgn> script depends on the named
- package. It is best to avoid this situation if
- possible.
+ You should not specify a <tt>Pre-Depends</tt> entry for a
+ package before this has been discussed on the
+ <tt>debian-devel</tt> mailing list and a consensus about
+ doing that has been reached. See <ref id="dependencies">.
</p>
</item>
</taglist>
<p>
When one binary package declares that it breaks another,
<prgn>dpkg</prgn> will refuse to allow the package which
- declares <tt>Breaks</tt> be installed unless the broken
+ declares <tt>Breaks</tt> to be unpacked unless the broken
package is deconfigured first, and it will refuse to
allow the broken package to be reconfigured.
</p>
<heading>Conflicting binary packages - <tt>Conflicts</tt></heading>
<p>
- When one binary package declares a conflict with another
- using a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will
- refuse to allow them to be installed on the system at the
- same time. This is a stronger restriction than <tt>Breaks</tt>,
- which just prevents both packages from being configured at the
- same time. Conflicting packages cannot be unpacked on the
- system at the same time.
+ When one binary package declares a conflict with another using
+ a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will refuse to
+ allow them to be unpacked on the system at the same time. This
+ is a stronger restriction than <tt>Breaks</tt>, which prevents
+ the broken package from being configured while the breaking
+ package is in the "Unpacked" state but allows both packages to
+ be unpacked at the same time.
</p>
<p>
- If one package is to be installed, the other must be removed
- first. If the package being installed is marked as replacing
+ If one package is to be unpacked, the other must be removed
+ first. If the package being unpacked is marked as replacing
(see <ref id="replaces">, but note that <tt>Breaks</tt> should
normally be used in this case) the one on the system, or the one
on the system is marked as deselected, or both packages are
<item>when two packages provide the same file and will
continue to do so,</item>
<item>in conjunction with <tt>Provides</tt> when only one
- package providing a given virtual facility may be installed
+ package providing a given virtual facility may be unpacked
at a time (see <ref id="virtual">),</item>
<item>in other cases where one must prevent simultaneous
installation of two packages for reasons that are ongoing
<p>
A <em>virtual package</em> is one which appears in the
- <tt>Provides</tt> control file field of another package.
- The effect is as if the package(s) which provide a
- particular virtual package name had been listed by name
- everywhere the virtual package name appears. (See also <ref
- id="virtual_pkg">)
+ <tt>Provides</tt> control field of another package. The effect
+ is as if the package(s) which provide a particular virtual
+ package name had been listed by name everywhere the virtual
+ package name appears. (See also <ref id="virtual_pkg">)
</p>
<p>
<p>
Packages can declare in their control file that they should
- overwrite files in certain other packages, or completely
- replace other packages. The <tt>Replaces</tt> control file
- field has these two distinct purposes.
+ overwrite files in certain other packages, or completely replace
+ other packages. The <tt>Replaces</tt> control field has these
+ two distinct purposes.
</p>
<sect1><heading>Overwriting files in other packages</heading>
Conflicts: mail-transport-agent
Replaces: mail-transport-agent
</example>
- ensuring that only one MTA can be installed at any one
+ ensuring that only one MTA can be unpacked at any one
time. See <ref id="virtual"> for more information about this
example.
</sect1>
<p>
This is done using the <tt>Build-Depends</tt>,
<tt>Build-Depends-Indep</tt>, <tt>Build-Conflicts</tt> and
- <tt>Build-Conflicts-Indep</tt> control file fields.
+ <tt>Build-Conflicts-Indep</tt> control fields.
</p>
<p>
<p>
There is no Build-Depends-Arch; this role is essentially
met with Build-Depends. Anyone building the
- <tt>build-indep</tt> and binary-indep<tt></tt> targets is
+ <tt>build-indep</tt> and <tt>binary-indep</tt> targets is
assumed to be building the whole package, and therefore
installation of all build dependencies is required.
</p>
</p>
<p>
- Packages involving shared libraries should be split up into
- several binary packages. This section mostly deals with how
- this separation is to be accomplished; rules for files within
- the shared library packages are in <ref id="libraries"> instead.
+ This section deals only with public shared libraries: shared
+ libraries that are placed in directories searched by the dynamic
+ linker by default or which are intended to be linked against
+ normally and possibly used by other, independent packages. Shared
+ libraries that are internal to a particular package or that are
+ only loaded as dynamic modules are not covered by this section and
+ are not subject to its requirements.
</p>
- <sect id="sharedlibs-runtime">
- <heading>Run-time shared libraries</heading>
+ <p>
+ A shared library is identified by the <tt>SONAME</tt> attribute
+ stored in its dynamic section. When a binary is linked against a
+ shared library, the <tt>SONAME</tt> of the shared library is
+ recorded in the binary's <tt>NEEDED</tt> section so that the
+ dynamic linker knows that library must be loaded at runtime. The
+ shared library file's full name (which usually contains additional
+ version information not needed in the <tt>SONAME</tt>) is
+ therefore normally not referenced directly. Instead, the shared
+ library is loaded by its <tt>SONAME</tt>, which exists on the file
+ system as a symlink pointing to the full name of the shared
+ library. This symlink must be provided by the
+ package. <ref id="sharedlibs-runtime"> describes how to do this.
+ <footnote>
+ This is a convention of shared library versioning, but not a
+ requirement. Some libraries use the <tt>SONAME</tt> as the full
+ library file name instead and therefore do not need a symlink.
+ Most, however, encode additional information about
+ backwards-compatible revisions as a minor version number in the
+ file name. The <tt>SONAME</tt> itself only changes when
+ binaries linked with the earlier version of the shared library
+ may no longer work, but the filename may change with each
+ release of the library. See <ref id="sharedlibs-runtime"> for
+ more information.
+ </footnote>
+ </p>
<p>
- The run-time shared library needs to be placed in a package
- whose name changes whenever the shared object version
- changes.<footnote>
- <p>
- Since it is common place to install several versions of a
- package that just provides shared libraries, it is a
- good idea that the library package should not
- contain any extraneous non-versioned files, unless they
- happen to be in versioned directories.</p>
- </footnote>
- The most common mechanism is to place it in a package
- called
- <package><var>libraryname</var><var>soversion</var></package>,
- where <file><var>soversion</var></file> is the version number
- in the soname of the shared library<footnote>
- The soname is the shared object name: it's the thing
- that has to match exactly between building an executable
- and running it for the dynamic linker to be able run the
- program. For example, if the soname of the library is
- <file>libfoo.so.6</file>, the library package would be
- called <file>libfoo6</file>.
- </footnote>.
- Alternatively, if it would be confusing to directly append
- <var>soversion</var> to <var>libraryname</var> (e.g. because
- <var>libraryname</var> itself ends in a number), you may use
- <package><var>libraryname</var>-<var>soversion</var></package> and
- <package><var>libraryname</var>-<var>soversion</var>-dev</package>
- instead.
+ When linking a binary or another shared library against a shared
+ library, the <tt>SONAME</tt> for that shared library is not yet
+ known. Instead, the shared library is found by looking for a file
+ matching the library name with <tt>.so</tt> appended. This file
+ exists on the file system as a symlink pointing to the shared
+ library.
+ </p>
+
+ <p>
+ Shared libraries are normally split into several binary packages.
+ The <tt>SONAME</tt> symlink is installed by the runtime shared
+ library package, and the bare <tt>.so</tt> symlink is installed in
+ the development package since it's only used when linking binaries
+ or shared libraries. However, there are some exceptions for
+ unusual shared libraries or for shared libraries that are also
+ loaded as dynamic modules by other programs.
</p>
<p>
- If you have several shared libraries built from the same
- source tree you may lump them all together into a single
- shared library package, provided that you change all of
- their sonames at once (so that you don't get filename
- clashes if you try to install different versions of the
- combined shared libraries package).
+ This section is primarily concerned with how the separation of
+ shared libraries into multiple packages should be done and how
+ dependencies on and between shared library binary packages are
+ managed in Debian. <ref id="libraries"> should be read in
+ conjunction with this section and contains additional rules for
+ the files contained in the shared library packages.
</p>
+ <sect id="sharedlibs-runtime">
+ <heading>Run-time shared libraries</heading>
+
+ <p>
+ The run-time shared library must be placed in a package
+ whose name changes whenever the <tt>SONAME</tt> of the shared
+ library changes. This allows several versions of the shared
+ library to be installed at the same time, allowing installation
+ of the new version of the shared library without immediately
+ breaking binaries that depend on the old version. Normally, the
+ run-time shared library and its <tt>SONAME</tt> symlink should
+ be placed in a package named
+ <package><var>libraryname</var><var>soversion</var></package>,
+ where <var>soversion</var> is the version number in
+ the <tt>SONAME</tt> of the shared library.
+ See <ref id="shlibs"> for detailed information on how to
+ determine this version. Alternatively, if it would be confusing
+ to directly append <var>soversion</var>
+ to <var>libraryname</var> (if, for example, <var>libraryname</var>
+ itself ends in a number), you should use
+ <package><var>libraryname</var>-<var>soversion</var></package>
+ instead.
+ </p>
+
+ <p>
+ If you have several shared libraries built from the same source
+ tree, you may lump them all together into a single shared
+ library package provided that all of their <tt>SONAME</tt>s will
+ always change together. Be aware that this is not normally the
+ case, and if the <tt>SONAME</tt>s do not change together,
+ upgrading such a merged shared library package will be
+ unnecessarily difficult because of file conflicts with the old
+ version of the package. When in doubt, always split shared
+ library packages so that each binary package installs a single
+ shared library.
+ </p>
+
+ <p>
+ Every time the shared library ABI changes in a way that may
+ break binaries linked against older versions of the shared
+ library, the <tt>SONAME</tt> of the library and the
+ corresponding name for the binary package containing the runtime
+ shared library should change. Normally, this means
+ the <tt>SONAME</tt> should change any time an interface is
+ removed from the shared library or the signature of an interface
+ (the number of parameters or the types of parameters that it
+ takes, for example) is changed. This practice is vital to
+ allowing clean upgrades from older versions of the package and
+ clean transitions between the old ABI and new ABI without having
+ to upgrade every affected package simultaneously.
+ </p>
+
+ <p>
+ The <tt>SONAME</tt> and binary package name need not, and indeed
+ normally should not, change if new interfaces are added but none
+ are removed or changed, since this will not break binaries
+ linked against the old shared library. Correct versioning of
+ dependencies on the newer shared library by binaries that use
+ the new interfaces is handled via
+ the <qref id="sharedlibs-shlibdeps"><tt>shlibs</tt>
+ system</qref> or via symbols files (see
+ <manref name="deb-symbols" section="5">).
+ </p>
+
<p>
The package should install the shared libraries under
their normal names. For example, the <package>libgdbm3</package>
</p>
<p>
- The run-time library package should include the symbolic link that
- <prgn>ldconfig</prgn> would create for the shared libraries.
- For example, the <package>libgdbm3</package> package should include
- a symbolic link from <file>/usr/lib/libgdbm.so.3</file> to
+ The run-time library package should include the symbolic link for
+ the <tt>SONAME</tt> that <prgn>ldconfig</prgn> would create for
+ the shared libraries. For example,
+ the <package>libgdbm3</package> package should include a symbolic
+ link from <file>/usr/lib/libgdbm.so.3</file> to
<file>libgdbm.so.3.0.0</file>. This is needed so that the dynamic
linker (for example <prgn>ld.so</prgn> or
<prgn>ld-linux.so.*</prgn>) can find the library between the
library directories of the dynamic linker (which are currently
<file>/usr/lib</file> and <file>/lib</file>) or a directory that is
listed in <file>/etc/ld.so.conf</file><footnote>
- These are currently
- <list compact="compact">
- <item>/usr/local/lib</item>
- <item>/usr/lib/libc5-compat</item>
- <item>/lib/libc5-compat</item>
- </list>
+ These are currently <file>/usr/local/lib</file> plus
+ directories under <file>/lib</file> and <file>/usr/lib</file>
+ matching the multiarch triplet for the system architecture.
</footnote>
must use <prgn>ldconfig</prgn> to update the shared library
system.
<footnote>
<p>
During install or upgrade, the preinst is called before
- the new files are installed, so calling "ldconfig" is
+ the new files are unpacked, so calling "ldconfig" is
pointless. The preinst of an existing package can also be
called if an upgrade fails. However, this happens during
the critical time when a shared libs may exist on-disk
<ref id="conflicts">) to ensure that the user only installs one
development version at a time (as different development versions are
likely to have the same header files in them, which would cause a
- filename clash if both were installed).
+ filename clash if both were unpacked).
</p>
<p>
(<prgn>ld</prgn>) when compiling packages, as it will only look for
<file>libgdbm.so</file> when compiling dynamically.
</p>
+
+ <p>
+ If the package provides Ada Library Information
+ (<file>*.ali</file>) files for use with GNAT, these files must be
+ installed read-only (mode 0444) so that GNAT will not attempt to
+ recompile them. This overrides the normal file mode requirements
+ given in <ref id="permissions-owners">.
+ </p>
</sect>
<sect id="sharedlibs-intradeps">
<p>
When packages are being built,
any <file>debian/shlibs</file> files are copied into the
- control file area of the temporary build directory and
- given the name <file>shlibs</file>. These files give
- details of any shared libraries included in the same
- package.<footnote>
+ control information file area of the temporary build
+ directory and given the name <file>shlibs</file>. These
+ files give details of any shared libraries included in the
+ same package.<footnote>
An example may help here. Let us say that the source
package <tt>foo</tt> generates two binary
packages, <tt>libfoo2</tt> and <tt>foo-runtime</tt>.
It is usual to call this file <file>debian/shlibs</file> (but if
you have multiple binary packages, you might want to call it
<file>debian/shlibs.<var>package</var></file> instead). Then
- let <file>debian/rules</file> install it in the control area:
+ let <file>debian/rules</file> install it in the control
+ information file area:
<example compact="compact">
install -m644 debian/shlibs debian/tmp/DEBIAN
</example>
install -m644 debian/shlibs.<var>package</var> debian/<var>package</var>/DEBIAN/shlibs
</example>
An alternative way of doing this is to create the
- <file>shlibs</file> file in the control area directly from
- <file>debian/rules</file> without using a <file>debian/shlibs</file>
- file at all,<footnote>
+ <file>shlibs</file> file in the control information file area
+ directly from <file>debian/rules</file> without using
+ a <file>debian/shlibs</file> file at all,<footnote>
This is what <prgn>dh_makeshlibs</prgn> in
the <package>debhelper</package> suite does. If your package
also has a udeb that provides a shared
<file>/lib/<var>triplet</var></file> and
<file>/usr/lib/<var>triplet</var></file>, where
<tt><var>triplet</var></tt> is the value returned by
- <tt>dpkg-architecture -qDEB_HOST_GNU_TYPE</tt> for the
+ <tt>dpkg-architecture -qDEB_HOST_MULTIARCH</tt> for the
architecture of the package. Packages may <em>not</em>
install files to any <var>triplet</var> path other
than the one matching the architecture of that package;
for instance, an <tt>Architecture: amd64</tt> package
containing 32-bit x86 libraries may not install these
- libraries to <file>/usr/lib/i486-linux-gnu</file>.
+ libraries to <file>/usr/lib/i386-linux-gnu</file>.
<footnote>
This is necessary in order to reserve the directories for
use in cross-installation of library packages from other
to get access to kernel information.</footnote>
</p>
</item>
+ <item>
+ <p>
+ On GNU/Hurd systems, the following additional
+ directories are allowed in the root
+ filesystem: <file>/hurd</file>
+ and <file>/servers</file>.<footnote>
+ These directories are used to store translators and as
+ a set of standard names for mount points,
+ respectively.
+ </footnote>
+ </p>
+ </item>
</enumlist>
-
</p>
+
<p>
The version of this document referred here can be
found in the <tt>debian-policy</tt> package or on <url
</example>
must be supported and must set the value of <tt>c</tt> to
<tt>delta</tt>.
- </item>
+ </item>
+ <item>The XSI extension to <prgn>kill</prgn> allowing <tt>kill
+ -<var>signal</var></tt>, where <var>signal</var> is either
+ the name of a signal or one of the numeric signals listed in
+ the XSI extension (0, 1, 2, 3, 6, 9, 14, and 15), must be
+ supported if <prgn>kill</prgn> is implemented as a shell
+ built-in.
+ </item>
+ <item>The XSI extension to <prgn>trap</prgn> allowing numeric
+ signals must be supported. In addition to the signal
+ numbers listed in the extension, which are the same as for
+ <prgn>kill</prgn> above, 13 (SIGPIPE) must be allowed.
+ </item>
</list>
If a shell script requires non-SUSv3 features from the shell
interpreter other than those listed above, the appropriate shell
<sect1>
<heading>Sharing configuration files</heading>
- <p>
- Packages which specify the same file as a
- <tt>conffile</tt> must be tagged as <em>conflicting</em>
- with each other. (This is an instance of the general rule
- about not sharing files. Note that neither alternatives
- nor diversions are likely to be appropriate in this case;
- in particular, <prgn>dpkg</prgn> does not handle diverted
- <tt>conffile</tt>s well.)
- </p>
-
- <p>
- The maintainer scripts must not alter a <tt>conffile</tt>
- of <em>any</em> package, including the one the scripts
- belong to.
- </p>
-
<p>
If two or more packages use the same configuration file
and it is reasonable for both to be installed at the same
and which manages the shared configuration files. (The
<tt>sgml-base</tt> package is a good example.)
</p>
+
+ <p>
+ If the configuration file cannot be shared as described above,
+ the packages must be marked as conflicting with each other.
+ Two packages that specify the same file as
+ a <tt>conffile</tt> must conflict. This is an instance of the
+ general rule about not sharing files. Neither alternatives
+ nor diversions are likely to be appropriate in this case; in
+ particular, <prgn>dpkg</prgn> does not handle diverted
+ <tt>conffile</tt>s well.
+ </p>
+
+ <p>
+ When two packages both declare the same <tt>conffile</tt>, they
+ may see left-over configuration files from each other even
+ though they conflict with each other. If a user removes
+ (without purging) one of the packages and installs the other,
+ the new package will take over the <tt>conffile</tt> from the
+ old package. If the file was modified by the user, it will be
+ treated the same as any other locally
+ modified <tt>conffile</tt> during an upgrade.
+ </p>
+
+ <p>
+ The maintainer scripts must not alter a <tt>conffile</tt>
+ of <em>any</em> package, including the one the scripts
+ belong to.
+ </p>
</sect1>
<sect1>
</p>
<p>
- Log files must be rotated occasionally so that they don't
- grow indefinitely; the best way to do this is to drop a log
- rotation configuration file into the directory
- <file>/etc/logrotate.d</file> and use the facilities provided by
- logrotate.<footnote>
+ Log files must be rotated occasionally so that they don't grow
+ indefinitely. The best way to do this is to install a log
+ rotation configuration file in the
+ directory <file>/etc/logrotate.d</file>, normally
+ named <file>/etc/logrotate.d/<var>package</var></file>, and use
+ the facilities provided by <prgn>logrotate</prgn>.
+ <footnote>
<p>
The traditional approach to log files has been to set up
<em>ad hoc</em> log rotation schemes using simple shell
section="8">):
<example compact="compact">
/var/log/foo/*.log {
-rotate 12
-weekly
-compress
-postrotate
-/etc/init.d/foo force-reload
-endscript
+ rotate 12
+ weekly
+ compress
+ missingok
+ postrotate
+ start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
+ endscript
}
</example>
This rotates all files under <file>/var/log/foo</file>, saves 12
- compressed generations, and forces the daemon to reload its
- configuration information after the log rotation.
+ compressed generations, and tells the daemon to reopen its log
+ files after the log rotation. It skips this log rotation
+ (via <tt>missingok</tt>) if no such log file is present, which
+ avoids errors if the package is removed but not purged.
</p>
<p>
</p>
</sect>
- <sect>
+ <sect id="permissions-owners">
<heading>Permissions and owners</heading>
<p>
</footnote>
</p>
+ <p>
+ Control information files should be owned by <tt>root:root</tt>
+ and either mode 644 (for most files) or mode 755 (for
+ executables such as <qref id="maintscripts">maintainer
+ scripts</qref>).
+ </p>
<p>
Setuid and setgid executables should be mode 4755 or 2755
<p>
These two files are managed through the <prgn>dpkg</prgn>
- "alternatives" mechanism. Thus every package providing an
- editor or pager must call the
- <prgn>update-alternatives</prgn> script to register these
- programs.
+ "alternatives" mechanism. Every package providing an editor or
+ pager must call the <prgn>update-alternatives</prgn> script to
+ register as an alternative for <file>/usr/bin/editor</file>
+ or <file>/usr/bin/pager</file> as appropriate. The alternative
+ should have a slave alternative
+ for <file>/usr/share/man/man1/editor.1.gz</file>
+ or <file>/usr/share/man/man1/pager.1.gz</file> pointing to the
+ corresponding manual page.
</p>
<p>
this so programs should not fail if <prgn>newaliases</prgn>
cannot be found. Note that because of this, all MTA
packages must have <tt>Provides</tt>, <tt>Conflicts</tt> and
- <tt>Replaces: mail-transport-agent</tt> control file
- fields.
+ <tt>Replaces: mail-transport-agent</tt> control fields.
</p>
<p>
<p>
Packages that provide an X server that, directly or
indirectly, communicates with real input and display
- hardware should declare in their control data that they
- provide the virtual package <tt>xserver</tt>.<footnote>
+ hardware should declare in their <tt>Provides</tt> control
+ field that they provide the virtual
+ package <tt>xserver</tt>.<footnote>
This implements current practice, and provides an
actual policy for usage of the <tt>xserver</tt>
virtual package which appears in the virtual packages
<p>
Packages that provide a terminal emulator for the X Window
- System which meet the criteria listed below should declare
- in their control data that they provide the virtual
- package <tt>x-terminal-emulator</tt>. They should also
- register themselves as an alternative for
+ System which meet the criteria listed below should declare in
+ their <tt>Provides</tt> control field that they provide the
+ virtual package <tt>x-terminal-emulator</tt>. They should
+ also register themselves as an alternative for
<file>/usr/bin/x-terminal-emulator</file>, with a priority of
- 20.
+ 20. That alternative should have a slave alternative
+ for <file>/usr/share/man/man1/x-terminal-emulator.1.gz</file>
+ pointing to the corresponding manual page.
</p>
<p>
<p>
Packages that provide a window manager should declare in
- their control data that they provide the virtual package
- <tt>x-window-manager</tt>. They should also register
- themselves as an alternative for
+ their <tt>Provides</tt> control field that they provide the
+ virtual package <tt>x-window-manager</tt>. They should also
+ register themselves as an alternative for
<file>/usr/bin/x-window-manager</file>, with a priority
calculated as follows:
<list compact="compact">
<item>
If the window manager complies with <url
- id="http://www.freedesktop.org/Standards/wm-spec"
+ id="http://www.freedesktop.org/wiki/Specifications/wm-spec"
name="The Window Manager Specification Project">,
- written by the <url id="http://www.freedesktop.org/"
+ written by the <url id="http://www.freedesktop.org/wiki/"
name="Free Desktop Group">, add 40 points.
</item>
configuration, add 10 points; otherwise add none.
</item>
</list>
+ That alternative should have a slave alternative
+ for <file>/usr/share/man/man1/x-window-manager.1.gz</file>
+ pointing to the corresponding manual page.
</p>
</sect1>
<item>
Font packages must declare a dependency on
- <tt>xfonts-utils</tt> in their control
- data.
+ <tt>xfonts-utils</tt> in their <tt>Depends</tt>
+ or <tt>Pre-Depends</tt> control field.
</item>
<item>
maintainer of the package is allowed to write this bug report
themselves, if they so desire). Do not close the bug report
until a proper man page is available.<footnote>
- It is not very hard to write a man page. See the
+ It is not very hard to write a man page. See the
<url id="http://www.schweikhardt.net/man_page_howto.html"
name="Man-Page-HOWTO">,
- <manref name="man" section="7">, the examples
- created by <prgn>debmake</prgn> or <prgn>dh_make</prgn>,
-
the helper program <prgn>help2man</prgn>, or the
- directory <file>/usr/share/doc/man-db/examples</file>.
+ <manref name="man" section="7">, the examples created
+ by <prgn>dh_make</prgn>, the helper
+ program <prgn>help2man</prgn>, or the
+ directory <file>/usr/share/doc/man-db/examples</file>.
</footnote>
</p>
<p>
Packages in the <em>contrib</em> or <em>non-free</em> archive
areas should state in the copyright file that the package is not
- part of the Debian GNU/Linux distribution and briefly explain
- why.
+ part of the Debian distribution and briefly explain why.
</p>
<p>
<prgn>dpkg</prgn> is a suite of programs for creating binary
package files and installing and removing them on Unix
systems.<footnote>
- <prgn>dpkg</prgn> is targeted primarily at Debian
- GNU/Linux, but may work on or be ported to other
- systems.
+ <prgn>dpkg</prgn> is targeted primarily at Debian, but may
+ work on or be ported to other systems.
</footnote>
</p>
</p>
<p>
- The Debian version of the FSF's GNU hello program is provided
- as an example for people wishing to create Debian
- packages. The Debian <prgn>debmake</prgn> package is
- recommended as a very helpful tool in creating and maintaining
- Debian packages. However, while the tools and examples are
- helpful, they do not replace the need to read and follow the
- Policy and Programmer's Manual.</p>
+ The Debian version of the FSF's GNU hello program is provided as
+ an example for people wishing to create Debian packages. However,
+ while the examples are helpful, they do not replace the need to
+ read and follow the Policy and Programmer's Manual.</p>
</appendix>
<appendix id="pkg-binarypkg">
<p>
The <prgn>DEBIAN</prgn> directory will not appear in the
file system archive of the package, and so won't be installed
- by <prgn>dpkg</prgn> when the package is installed.
+ by <prgn>dpkg</prgn> when the package is unpacked.
</p>
<p>
<p>
It is possible to put other files in the package control
- area, but this is not generally a good idea (though they
- will largely be ignored).
+ information file area, but this is not generally a good idea
+ (though they will largely be ignored).
</p>
<p>
- Here is a brief list of the control info files supported by
- <prgn>dpkg</prgn> and a summary of what they're used for.
+ Here is a brief list of the control information files supported
+
by <prgn>dpkg</prgn> and a summary of what they're used for.
</p>
<p>
<tag><tt>Package_Revision</tt></tag>
<item>
The Debian revision part of the package version was
- at one point in a separate control file field. This
+ at one point in a separate control field. This
field went through several names.
</item>
</heading>
<p>
- A package may contain a control area file called
+ A package may contain a control information file called
<tt>conffiles</tt>. This file should be a list of filenames
of configuration files needing automatic handling, separated
by newlines. The filenames should be absolute pathnames,
projects / debian / debian-policy.git / blobdiff