X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;ds=sidebyside;f=policy.sgml;h=4adee0b00da29910a0008d6aa549655e4d3a6383;hb=a34ae3cf97b43e0d200ff4e25b10fd6fad9494ad;hp=050c688438db4cb9e95731c6e71106debbd6584a;hpb=55b89aacf0291dd3fea8771d8bef75efb8e64b4d;p=debian%2Fdebian-policy.git diff --git a/policy.sgml b/policy.sgml index 050c688..4adee0b 100644 --- a/policy.sgml +++ b/policy.sgml @@ -158,6 +158,14 @@ distributed in some other way or is intended for local use only.
+ +
+ udebs (stripped-down binary packages used by the Debian Installer) do
+ not comply with all of the requirements discussed here. See the
+
Essential is defined as the minimal set of functionality that
must be available and usable on the system at all times, even
- when packages are in an unconfigured (but unpacked) state.
+ when packages are in the "Unpacked" state.
Packages are tagged essential for a system using the
Essential control field. The format of the
Essential control field is described in dpkg to stave off boredom on
- the part of a user installing many packages. This means,
- amongst other things, using the --quiet option on
-
@@ -1353,7 +1360,7 @@ zope.
installed together. If
The maintainer name and email address used in the changelog
- should be the details of the person uploading this
- version. They are not necessarily those of the
- usual package maintainer.
The following targets are required and must be implemented
by
- A package may also provide one or both of the targets - build-arch and build-indep. - The build-arch target, if provided, should + The build-arch target must perform all the configuration and compilation required for producing all architecture-dependant binary packages (those packages for which the body of the Architecture field in debian/control is not all). Similarly, the build-indep - target, if provided, should perform all the configuration + target must perform all the configuration and compilation required for producing all architecture-independent binary packages (those packages for which the body of the Architecture field in debian/control is all). -
- -
- If build-arch or build-indep targets are
- provided in the rules file, the build target
+ The build target
should either depend on those targets or take the same
actions as invoking those targets would perform.
- If one or both of the targets build-arch and
- build-indep are not provided, then invoking
-
The build-arch and build-indep targets must not do anything that might require root privilege. @@ -2171,7 +2164,7 @@ zope.
The architectures we build on and build for are determined
by
@@ -2566,7 +2558,9 @@ Package: libc6 the field name is Package and the field value libc6.
- + Empty field values are only permitted in source package control files
+ (
A paragraph must not contain more than one instance of a
particular field name.
@@ -2667,7 +2661,6 @@ Package: libc6
@@ -2766,13 +2761,14 @@ Package: libc6
The special value byhand for the section in a .changes file indicates that the file in question - is not an ordinary package file and must by installed by + is not an ordinary package file and must be installed by hand by the distribution maintainers. If the section is byhand the priority should be -.
@@ -3759,28 +3755,19 @@ Checksums-Sha256:
- In the
- Indicates that Debian Maintainers may upload this package to
- the Debian archive. The only valid value is yes. If
- the field DM-Upload-Allowed: yes is present in the
- source section of the source control file of the most recent
- version of a package in unstable or experimental, the Debian
- archive will accept uploads of this package signed with a key
- in the Debian Maintainer keyring. See the General
- Resolution
+ Multiline field listing all the packages that can be built from
+ the source package, considering every architecture. The first line
+ of the field value is empty. Each one of the next lines describes
+ one binary package, by listing its name, type, section and priority
+ separated by spaces. Fifth and subsequent space-separated items
+ may be present and parsers must allow them. See the
+
+ Simple field containing a word indicating the type of package: + deb for binary packages and udeb for micro binary + packages. Other types not defined here may be indicated. In + source package control files, the Package-Type field + should be omitted instead of giving it a value of deb, as + this value is assumed for paragraphs lacking this field. +
++ Folded field containing a single git commit hash, presented in + full, followed optionally by whitespace and other data to be + defined in future extensions. +
+ +
+ Declares that the source package corresponds exactly to a
+ referenced commit in a Git repository available at the canonical
+ location called dgit-repos, used by
+ The following fields have been obsoleted and may be found in packages + conforming with previous versions of the Policy. +
+ +
+ Indicates that Debian Maintainers may upload this package to
+ the Debian archive. The only valid value is yes. This
+ field was used to regulate uploads by Debian Maintainers, See the
+ General Resolution
The new package's status is now sane, and recorded as - "unpacked". + "Unpacked".
@@ -4565,7 +4621,7 @@ fi
No attempt is made to unwind after errors during configuration. If the configuration fails, the package is in - a "Failed Config" state, and an error message is generated. + a "Half-Configured" state, and an error message is generated.
@@ -4685,8 +4741,8 @@ fi dependencies on other packages, the package names listed may also include lists of alternative package names, separated by vertical bar (pipe) symbols |. In such a case, - if any one of the alternative packages is installed, that - part of the dependency is considered to be satisfied. + that part of the dependency can be satisfied by any one of + the alternative packages.
@@ -5017,11 +5073,11 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] be unpacked the pre-dependency can be satisfied if the depended-on package is either fully configured, or even if the depended-on - package(s) are only unpacked or in the "Half-Configured" + package(s) are only in the "Unpacked" or the "Half-Configured" state, provided that they have been configured correctly at some point in the past (and not removed or partially removed since). In this case, both the - previously-configured and currently unpacked or + previously-configured and currently "Unpacked" or "Half-Configured" versions must satisfy any version clause in the Pre-Depends field.
@@ -5376,7 +5432,7 @@ Depends: foo-data (>= 1.2-3)
-
- The shlibs system is an simpler alternative to
+ The shlibs system is a simpler alternative to
the symbols system for declaring dependencies for
shared libraries. It may be more appropriate for C++
libraries and other cases where tracking individual symbols is
@@ -6712,7 +6768,7 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
The
In our example, if the last change to the zlib1g
package that could change behavior for a client of that
- library was in version 1:1.2.3.3.dfsg-2, then
+ library was in version 1:1.2.3.3.dfsg-1, then
the shlibs entry for this library could say:
+ The FHS requirement that architecture-independent
+ application-specific static files be located in
+
The optional rules related to user specific
@@ -6907,8 +6977,18 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
+ The requirement for C and C++ headers files to be
+ accessible through the search path
+
@@ -6962,16 +7042,36 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
in
+ Packages must not assume the
+ The
- The following directories in the root filesystem are
- additionally allowed:
+ The requirement for
On GNU/Hurd systems, the following additional
@@ -7252,6 +7352,35 @@ rmdir /usr/local/share/emacs 2>/dev/null || true
+ This value must not be used, because it was
+ the error return sentinel value when uid_t
+ was 16 bits.
+
+ Dynamically allocated user accounts. By
+ default
+ (uid_t)(-2) == (gid_t)(-2) must not be
+ used, because it is used as the anonymous, unauthenticated
+ user by some NFS implementations.
+
(uid_t)(-1) == (gid_t)(-1) must
@@ -8050,33 +8179,28 @@ Reloading description configuration...done.
- Packages which provide the ability to view/show/play,
- compose, edit or print MIME types should register themselves
- as such following the current MIME support policy.
+ Packages which provide programs to view/show/play, compose, edit or
+ print MIME types should register them as such by placing a file in
+
The
- Packages containing such programs must register them
- with
+ A number of other init systems are available now in Debian that
+ can be used in place of
+ Packages may integrate with these replacement init systems by
+ providing implementation-specific configuration information about
+ how and when to start a service or in what order to run certain
+ tasks at boot time. However, any package integrating with other
+ init systems must also be backwards-compatible with
+
+ Packages may integrate with the
+ Because packages shipping upstart jobs may be installed on
+ systems that are not using upstart, maintainer scripts must
+ still use the common
+ Dependency-based boot managers for SysV init scripts, such as
+
+ Binary executables must not be statically linked with the GNU C + library, since this prevents the binary from benefiting from + fixes and improvements to the C library without being rebuilt + and complicates security updates. This requirement may be + relaxed for binary executables whose intended purpose is to + diagnose and fix the system in situations where the GNU C + library may not be usable (such as system recovery shells or + utilities like ldconfig) or for binary executables where the + security benefits of static linking outweigh the drawbacks. +
By default, when a package is being built, any binaries
created should include debugging information, as well as
@@ -8721,6 +8923,7 @@ fname () {
would point to
@@ -8753,7 +8956,9 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
- A symbolic link pointing to a compressed file should always
+ A symbolic link pointing to a compressed file (in the sense
+ that it is meant to be uncompressed with
@@ -9371,6 +9578,23 @@ done
+ ++ The name of the files installed by binary packages in the system PATH + (namely /bin, /sbin, /usr/bin, + /usr/sbin and /usr/games) must be encoded in + ASCII. +
+ ++ The name of the files and directories installed by binary packages + outside the system PATH must be encoded in UTF-8 and should be + restricted to ASCII when it is possible to do so. +
+Access to HTML documents
- -
- HTML documents for a package are stored in
-
- The web server should restrict access to the document - tree so that only clients on the same host can read - the documents. If the web server does not support such - access controls, then it should not provide access at - all, or ask about providing access during installation. -
+(Deleted)
The
+
+ Info readers requiring the
@@ -10775,12 +10988,6 @@ END-INFO-DIR-ENTRY
- It also documents the interaction between
-
This manual does not go into detail about the options and usage of the package building and installation tools. It @@ -10790,10 +10997,7 @@ END-INFO-DIR-ENTRY
The utility programs which are provided with
@@ -10813,25 +11017,9 @@ END-INFO-DIR-ENTRY
- The binary package has two main sections. The first part
- consists of various control information files and scripts used
- by
- The second part is an archive containing the files and - directories to be installed. -
- -
- In the future binary packages may also contain other
- components, such as checksums and digital signatures. The
- format for the archive is described in full in the
-
-
- It is usually invoked by hand from the top level of the
- built or unbuilt source directory. It may be invoked with
- no arguments; useful arguments include:
-
- Do not sign the .changes file or the
- source package .dsc file, respectively.
- Invoke sign-command instead of finding
- gpg or pgp on the
- When root privilege is required, invoke the command
- root-command. root-command
- should invoke its first argument as a command, from
- the
- Two types of binary-only build and upload - see
-
- This program is usually called by package-independent
- automatic building scripts such as
-
- It is usually called in the top level of a built source
- tree, and when invoked with no arguments will print out a
- straightforward
- This program is used internally by
-
- This program can be used manually, but is also invoked by
- dpkg-buildpackage or
+ Do not attempt to divert a conffile, as