X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;ds=sidebyside;f=policy.sgml;h=4855506e6105556bc6db756e712ed4f849dcbc68;hb=3c725b9d2af39ac3a7e24b7d9eb374a48c5b6893;hp=6cb5b0de28ee9e05eab509d3396aaca0cd03ccff;hpb=28ec95b89d5f29d1aaa54b990a0dc9d10301ef1a;p=debian%2Fdebian-policy.git diff --git a/policy.sgml b/policy.sgml index 6cb5b0d..4855506 100644 --- a/policy.sgml +++ b/policy.sgml @@ -158,6 +158,14 @@ distributed in some other way or is intended for local use only.
+ +
+ udebs (stripped-down binary packages used by the Debian Installer) do
+ not comply with all of the requirements discussed here. See the
+
Essential is defined as the minimal set of functionality that
must be available and usable on the system at all times, even
- when packages are in an unconfigured (but unpacked) state.
+ when packages are in the "Unpacked" state.
Packages are tagged essential for a system using the
Essential control field. The format of the
Essential control field is described in dpkg to stave off boredom on
- the part of a user installing many packages. This means,
- amongst other things, using the --quiet option on
-
@@ -1353,7 +1361,7 @@ zope.
installed together. If
The following targets are required and must be implemented
by
- A package may also provide one or both of the targets - build-arch and build-indep. - The build-arch target, if provided, should + The build-arch target must perform all the configuration and compilation required for producing all architecture-dependant binary packages (those packages for which the body of the Architecture field in debian/control is not all). Similarly, the build-indep - target, if provided, should perform all the configuration + target must perform all the configuration and compilation required for producing all architecture-independent binary packages (those packages for which the body of the Architecture field in debian/control is all). -
- -
- If build-arch or build-indep targets are
- provided in the rules file, the build target
+ The build target
should either depend on those targets or take the same
actions as invoking those targets would perform.
- If one or both of the targets build-arch and
- build-indep are not provided, then invoking
-
The build-arch and build-indep targets must not do anything that might require root privilege. @@ -2171,7 +2162,7 @@ zope.
The architectures we build on and build for are determined
by
@@ -2667,7 +2657,6 @@ Package: libc6
The special value byhand for the section in a .changes file indicates that the file in question - is not an ordinary package file and must by installed by + is not an ordinary package file and must be installed by hand by the distribution maintainers. If the section is byhand the priority should be -.
@@ -3759,28 +3750,19 @@ Checksums-Sha256:
- In the
- Indicates that Debian Maintainers may upload this package to
- the Debian archive. The only valid value is yes. If
- the field DM-Upload-Allowed: yes is present in the
- source section of the source control file of the most recent
- version of a package in unstable or experimental, the Debian
- archive will accept uploads of this package signed with a key
- in the Debian Maintainer keyring. See the General
- Resolution
+ Multiline field listing all the packages that can be built from
+ the source package, considering every architecture. The first line
+ of the field value is empty. Each one of the next lines describes
+ one binary package, by listing its name, type, section and priority
+ separated by spaces. Fifth and subsequent space-separated items
+ may be present and parsers must allow them. See the
+
+ Simple field containing a word indicating the type of package: + deb for binary packages and udeb for micro binary + packages. Other types not defined here may be indicated. In + source package control files, the Package-Type field + should be omitted instead of giving it a value of deb, as + this value is assumed for paragraphs lacking this field. +
++ Folded field containing a single git commit hash, presented in + full, followed optionally by whitespace and other data to be + defined in future extensions. +
+ +
+ Declares that the source package corresponds exactly to a
+ referenced commit in a Git repository available at the canonical
+ location called dgit-repos, used by
+ The following fields have been obsoleted and may be found in packages + conforming with previous versions of the Policy. +
+ +
+ Indicates that Debian Maintainers may upload this package to
+ the Debian archive. The only valid value is yes. This
+ field was used to regulate uploads by Debian Maintainers, See the
+ General Resolution
The new package's status is now sane, and recorded as - "unpacked". + "Unpacked".
@@ -4565,7 +4616,7 @@ fi
No attempt is made to unwind after errors during configuration. If the configuration fails, the package is in - a "Failed Config" state, and an error message is generated. + a "Half-Configured" state, and an error message is generated.
@@ -4685,8 +4736,8 @@ fi dependencies on other packages, the package names listed may also include lists of alternative package names, separated by vertical bar (pipe) symbols |. In such a case, - if any one of the alternative packages is installed, that - part of the dependency is considered to be satisfied. + that part of the dependency can be satisfied by any one of + the alternative packages.
@@ -5017,11 +5068,11 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] be unpacked the pre-dependency can be satisfied if the depended-on package is either fully configured, or even if the depended-on - package(s) are only unpacked or in the "Half-Configured" + package(s) are only in the "Unpacked" or the "Half-Configured" state, provided that they have been configured correctly at some point in the past (and not removed or partially removed since). In this case, both the - previously-configured and currently unpacked or + previously-configured and currently "Unpacked" or "Half-Configured" versions must satisfy any version clause in the Pre-Depends field.
@@ -5376,7 +5427,7 @@ Depends: foo-data (>= 1.2-3)
To determine the soversion, look at
the SONAME of the library, stored in the
- ELF SONAME attribute. it is usually of the
+ ELF SONAME attribute. It is usually of the
form name.so.major-version (for
example, libz.so.1). The version part is the part
which comes after .so., so in that example it
@@ -5978,28 +6029,37 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
whether new library interfaces are available and can be called).
To allow these dependencies to be constructed, shared libraries
must provide either a
- These two mechanisms differ in the degree of detail that they
- provide. A
+ The two mechanisms differ in the degree of detail that they
+ provide. A
+ A
-
@@ -6019,9 +6086,10 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
required by
There are two types of ABI changes: ones that are
backward-compatible and ones that are not. An ABI change is
- backward-compatible if any binary was linked with the previous
- version of the shared library will still work correctly with
- the new version of the shared library. Adding new symbols to
- the shared library is a backward-compatible change. Removing
- symbols from the shared library is not. Changing the behavior
- of a symbol may or may not be backward-compatible depending on
- the change; for example, changing a function to accept a new
- enum constant not previously used by the library is generally
+ backward-compatible if any reasonable program or library that
+ was linked with the previous version of the shared library
+ will still work correctly with the new version of the shared
+ library.
- A common example of when a change to the is required is a
- function that takes an enum or struct argument that controls
- what the function does. For example:
+ A common example of when a change to the dependency version
+ is required is a function that takes an enum or struct
+ argument that controls what the function does. For example:
@@ -6460,8 +6540,9 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
recent version of the shared library that changed the
behavior of that symbol, whether by adding it, changing its
function signature (the parameters, their types, or the
- return type), or its behavior in a way that is visible to a
- caller. id-of-dependency-template is an optional
+ return type), or changing its behavior in a way that is
+ visible to a caller.
+ id-of-dependency-template is an optional
field that references
an alternative-dependency-template; see below for
a full description.
@@ -6482,9 +6563,9 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
compressBound@ZLIB_1.2.0 1:1.2.0
@@ -6611,7 +6692,7 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
- The shlibs system is an simpler alternative to
+ The shlibs system is a simpler alternative to
the symbols system for declaring dependencies for
shared libraries. It may be more appropriate for C++
libraries and other cases where tracking individual symbols is
@@ -6682,7 +6763,7 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
The
+ The FHS requirement that architecture-independent
+ application-specific static files be located in
+
The optional rules related to user specific @@ -6881,6 +6976,17 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) multiarch.
+ The requirement for C and C++ headers files to be
+ accessible through the search path
+
Applications may also use a single subdirectory under
+ Packages must not assume the
+ The
+ The requirement for
- The following directories in the root filesystem are
- additionally allowed:
On GNU/Hurd systems, the following additional @@ -8020,33 +8141,28 @@ Reloading description configuration...done.
- Packages which provide the ability to view/show/play,
- compose, edit or print MIME types should register themselves
- as such following the current MIME support policy.
+ Packages which provide programs to view/show/play, compose, edit or
+ print MIME types should register them as such by placing a file in
+
The
- Packages containing such programs must register them
- with
+ A number of other init systems are available now in Debian that
+ can be used in place of
+ Packages may integrate with these replacement init systems by
+ providing implementation-specific configuration information about
+ how and when to start a service or in what order to run certain
+ tasks at boot time. However, any package integrating with other
+ init systems must also be backwards-compatible with
+
+ Packages may integrate with the
+ Because packages shipping upstart jobs may be installed on
+ systems that are not using upstart, maintainer scripts must
+ still use the common
+ Dependency-based boot managers for SysV init scripts, such as
+
+ Binary executables must not be statically linked with the GNU C + library, since this prevents the binary from benefiting from + fixes and improvements to the C library without being rebuilt + and complicates security updates. This requirement may be + relaxed for binary executables whose intended purpose is to + diagnose and fix the system in situations where the GNU C + library may not be usable (such as system recovery shells or + utilities like ldconfig) or for binary executables where the + security benefits of static linking outweigh the drawbacks. +
By default, when a package is being built, any binaries created should include debugging information, as well as @@ -8723,7 +8917,9 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
- A symbolic link pointing to a compressed file should always
+ A symbolic link pointing to a compressed file (in the sense
+ that it is meant to be uncompressed with
@@ -9341,6 +9539,23 @@ done
+ ++ The name of the files installed by binary packages in the system PATH + (namely /bin, /sbin, /usr/bin, + /usr/sbin and /usr/games) must be encoded in + ASCII. +
+ ++ The name of the files and directories installed by binary packages + outside the system PATH must be encoded in UTF-8 and should be + restricted to ASCII when it is possible to do so. +
+Access to HTML documents
- -
- HTML documents for a package are stored in
-
- The web server should restrict access to the document - tree so that only clients on the same host can read - the documents. If the web server does not support such - access controls, then it should not provide access at - all, or ask about providing access during installation. -
+(Deleted)
The
+
+ Info readers requiring the
@@ -10745,12 +10949,6 @@ END-INFO-DIR-ENTRY
- It also documents the interaction between
-
This manual does not go into detail about the options and usage of the package building and installation tools. It @@ -10760,10 +10958,7 @@ END-INFO-DIR-ENTRY
The utility programs which are provided with
@@ -10783,25 +10978,9 @@ END-INFO-DIR-ENTRY
- The binary package has two main sections. The first part
- consists of various control information files and scripts used
- by
- The second part is an archive containing the files and - directories to be installed. -
- -
- In the future binary packages may also contain other
- components, such as checksums and digital signatures. The
- format for the archive is described in full in the
-
-
- It is usually invoked by hand from the top level of the
- built or unbuilt source directory. It may be invoked with
- no arguments; useful arguments include:
-
- Do not sign the .changes file or the
- source package .dsc file, respectively.
- Invoke sign-command instead of finding
- gpg or pgp on the
- When root privilege is required, invoke the command
- root-command. root-command
- should invoke its first argument as a command, from
- the
- Two types of binary-only build and upload - see
-
- This program is usually called by package-independent
- automatic building scripts such as
-
- It is usually called in the top level of a built source
- tree, and when invoked with no arguments will print out a
- straightforward
- This program is used internally by
-
- This program can be used manually, but is also invoked by
- dpkg-buildpackage or
+ Do not attempt to divert a conffile, as