X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=404dc7373f80cdc20bf793e064d7163e3885518f;hb=e369912eff1a2ff024668531cbd127ed48e61fcf;hp=10e626babf857a9c1b25e56444ae3d75f9f12e2c;hpb=bce4b938b4e603a7bceeaf2ad31d007d0a9dcb43;p=debian%2Fdebian-policy.git diff --git a/policy.sgml b/policy.sgml index 10e626b..404dc73 100644 --- a/policy.sgml +++ b/policy.sgml @@ -158,6 +158,14 @@ distributed in some other way or is intended for local use only.
+ +
+ udebs (stripped-down binary packages used by the Debian Installer) do
+ not comply with all of the requirements discussed here. See the
+
Essential is defined as the minimal set of functionality that
must be available and usable on the system at all times, even
- when packages are in an unconfigured (but unpacked) state.
+ when packages are in the "Unpacked" state.
Packages are tagged essential for a system using the
Essential control field. The format of the
Essential control field is described in dpkg to stave off boredom on
- the part of a user installing many packages. This means,
- amongst other things, using the --quiet option on
-
@@ -1353,7 +1360,7 @@ zope.
installed together. If
The maintainer name and email address used in the changelog
- should be the details of the person uploading this
- version. They are not necessarily those of the
- usual package maintainer.
The following targets are required and must be implemented
by
+ For packages in the main archive, no required targets + may attempt network access. +
The targets are as follows: @@ -2153,7 +2168,7 @@ zope.
The architectures we build on and build for are determined
by
@@ -2548,7 +2562,9 @@ Package: libc6 the field name is Package and the field value libc6.
- + Empty field values are only permitted in source package control files
+ (
A paragraph must not contain more than one instance of a
particular field name.
@@ -2671,6 +2687,7 @@ Package: libc6
@@ -2749,8 +2767,10 @@ Package: libc6
The special value byhand for the section in a .changes file indicates that the file in question - is not an ordinary package file and must by installed by + is not an ordinary package file and must be installed by hand by the distribution maintainers. If the section is byhand the priority should be -.
@@ -3801,6 +3821,54 @@ Checksums-Sha256: + +
+ Multiline field listing all the packages that can be built from
+ the source package, considering every architecture. The first line
+ of the field value is empty. Each one of the next lines describes
+ one binary package, by listing its name, type, section and priority
+ separated by spaces. Fifth and subsequent space-separated items
+ may be present and parsers must allow them. See the
+
+ Simple field containing a word indicating the type of package: + deb for binary packages and udeb for micro binary + packages. Other types not defined here may be indicated. In + source package control files, the Package-Type field + should be omitted instead of giving it a value of deb, as + this value is assumed for paragraphs lacking this field. +
++ Folded field containing a single git commit hash, presented in + full, followed optionally by whitespace and other data to be + defined in future extensions. +
+ +
+ Declares that the source package corresponds exactly to a
+ referenced commit in a Git repository available at the canonical
+ location called dgit-repos, used by
The new package's status is now sane, and recorded as - "unpacked". + "Unpacked".
@@ -4558,7 +4625,7 @@ fi
No attempt is made to unwind after errors during configuration. If the configuration fails, the package is in - a "Failed Config" state, and an error message is generated. + a "Half-Configured" state, and an error message is generated.
@@ -4678,8 +4745,8 @@ fi dependencies on other packages, the package names listed may also include lists of alternative package names, separated by vertical bar (pipe) symbols |. In such a case, - if any one of the alternative packages is installed, that - part of the dependency is considered to be satisfied. + that part of the dependency can be satisfied by any one of + the alternative packages.
@@ -5010,11 +5077,11 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] be unpacked the pre-dependency can be satisfied if the depended-on package is either fully configured, or even if the depended-on - package(s) are only unpacked or in the "Half-Configured" + package(s) are only in the "Unpacked" or the "Half-Configured" state, provided that they have been configured correctly at some point in the past (and not removed or partially removed since). In this case, both the - previously-configured and currently unpacked or + previously-configured and currently "Unpacked" or "Half-Configured" versions must satisfy any version clause in the Pre-Depends field.
@@ -5369,7 +5436,7 @@ Depends: foo-data (>= 1.2-3)
+ The FHS requirement that architecture-independent
+ application-specific static files be located in
+
The optional rules related to user specific
@@ -6900,8 +6981,18 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
+ The requirement for C and C++ headers files to be
+ accessible through the search path
+
@@ -6962,15 +7053,29 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
stable release of Debian supports
+ The
- The following directories in the root filesystem are
- additionally allowed:
+ The requirement for
On GNU/Hurd systems, the following additional @@ -7251,6 +7356,35 @@ rmdir /usr/local/share/emacs 2>/dev/null || true
+ This value must not be used, because it was + the error return sentinel value when uid_t + was 16 bits. +
+
+ Dynamically allocated user accounts. By
+ default
+ (uid_t)(-2) == (gid_t)(-2) must not be + used, because it is used as the anonymous, unauthenticated + user by some NFS implementations. +
+(uid_t)(-1) == (gid_t)(-1) must @@ -8374,7 +8508,17 @@ fi renamed. If a consensus cannot be reached, both programs must be renamed.
- ++ Binary executables must not be statically linked with the GNU C + library, since this prevents the binary from benefiting from + fixes and improvements to the C library without being rebuilt + and complicates security updates. This requirement may be + relaxed for binary executables whose intended purpose is to + diagnose and fix the system in situations where the GNU C + library may not be usable (such as system recovery shells or + utilities like ldconfig) or for binary executables where the + security benefits of static linking outweigh the drawbacks. +
By default, when a package is being built, any binaries
created should include debugging information, as well as
@@ -8783,6 +8927,7 @@ fname () {
would point to
@@ -8815,7 +8960,9 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
- A symbolic link pointing to a compressed file should always
+ A symbolic link pointing to a compressed file (in the sense
+ that it is meant to be uncompressed with
@@ -9433,6 +9582,23 @@ done
+ The name of the files installed by binary packages in the system PATH + (namely /bin, /sbin, /usr/bin, + /usr/sbin and /usr/games) must be encoded in + ASCII. +
+ ++ The name of the files and directories installed by binary packages + outside the system PATH must be encoded in UTF-8 and should be + restricted to ASCII when it is possible to do so. +
+Access to HTML documents
- -
- HTML documents for a package are stored in
-
- The web server should restrict access to the document - tree so that only clients on the same host can read - the documents. If the web server does not support such - access controls, then it should not provide access at - all, or ask about providing access during installation. -
+(Deleted)
The
+
+ Info readers requiring the
@@ -10507,45 +10662,77 @@ END-INFO-DIR-ENTRY
-
- Any additional documentation that comes with the package may
- be installed at the discretion of the package maintainer.
- Plain text documentation should be installed in the directory
-
- If a package comes with large amounts of documentation which - many users of the package will not require you should create - a separate binary package to contain it, so that it does not - take up disk space on the machines of users who do not need - or want it installed.
+ Plain text documentation should be compressed with gzip + -9 unless it is small. +
- It is often a good idea to put text information files
- (
+ Additional documentation included in the package should be
+ installed under
+ Any separate package providing documentation must still install
+ standard documentation files in its
+ own
Packages must not require the existence of any files in
@@ -10565,18 +10752,6 @@ END-INFO-DIR-ENTRY
- -
- Former Debian releases placed all additional documentation
- in
- If your package comes with extensive documentation in a
+ If the package comes with extensive documentation in a
markup format that can be converted to various other formats
you should if possible ship HTML versions in a binary
- package, in the directory
-
@@ -10837,12 +11012,6 @@ END-INFO-DIR-ENTRY
- It also documents the interaction between
-
This manual does not go into detail about the options and usage of the package building and installation tools. It @@ -10852,10 +11021,7 @@ END-INFO-DIR-ENTRY
The utility programs which are provided with
@@ -10875,25 +11041,9 @@ END-INFO-DIR-ENTRY
- The binary package has two main sections. The first part
- consists of various control information files and scripts used
- by
- The second part is an archive containing the files and
- directories to be installed.
+ See
- In the future binary packages may also contain other
- components, such as checksums and digital signatures. The
- format for the archive is described in full in the
-
-
- It is usually invoked by hand from the top level of the
- built or unbuilt source directory. It may be invoked with
- no arguments; useful arguments include:
-
- Do not sign the .changes file or the
- source package .dsc file, respectively.
- Invoke sign-command instead of finding
- gpg or pgp on the
- When root privilege is required, invoke the command
- root-command. root-command
- should invoke its first argument as a command, from
- the
- Two types of binary-only build and upload - see
-
- This program is usually called by package-independent
- automatic building scripts such as
-
- It is usually called in the top level of a built source
- tree, and when invoked with no arguments will print out a
- straightforward
- This program is used internally by
-
- This program can be used manually, but is also invoked by
- dpkg-buildpackage or
+ Do not attempt to divert a conffile, as