X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=9eef64396a02f720345d75f074c6f725fcb34754;hb=3fe72e05003f6d298fd8b21d35c2daf977075c3f;hp=5ff9f377c1aee7eb97ad4286cfded78990ab5077;hpb=82ebdf8a823b6eb527d531e8867eb26197a8544c;p=debian%2Fdebian-policy.git
diff --git a/policy.sgml b/policy.sgml
index 5ff9f37..9eef643 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -476,11 +476,9 @@
-
must not require a package outside of main
for compilation or execution (thus, the package must
- not declare a Pre-Depends, Depends,
- Recommends, Build-Depends,
- or Build-Depends-Indep relationship on a
- non-main package unless a package
- in main is listed as an alternative),
+ not declare a "Depends", "Recommends", or
+ "Build-Depends" relationship on a non-main
+ package),
-
must not be so buggy that we refuse to support them,
@@ -804,6 +802,35 @@
in the .deb file format.
+
+ A .deb package contains two sets of files: a set of files
+ to install on the system when the package is installed, and a set
+ of files that provide additional metadata about the package or
+ which are executed when the package is installed or removed. This
+ second set of files is called control information files.
+ Among those files are the package maintainer scripts
+ and control, the binary
+ package control file that contains the control fields for
+ the package. Other control information files
+ include the shlibs
+ file used to store shared library dependency information
+ and the conffiles file that lists the package's
+ configuration files (described in [).
+ ]
+
+
+ There is unfortunately a collision of terminology here between
+ control information files and files in the Debian control file
+ format. Throughout this document, a control file refers
+ to a file in the Debian control file format. These files are
+ documented in [. Only files referred to
+ specifically as control information files are the files
+ included in the control information file member of
+ the .deb file format used by binary packages. Most
+ control information files are not in the Debian control file
+ format.
+ ]
+
The package name
@@ -851,36 +878,30 @@
In general, Debian packages should use the same version
- numbers as the upstream sources.
-
-
-
- However, in some cases where the upstream version number is
- based on a date (e.g., a development "snapshot" release) the
- package management system cannot handle these version
- numbers without epochs. For example, dpkg will consider
- "96May01" to be greater than "96Dec24".
+ numbers as the upstream sources. However, upstream version
+ numbers based on some date formats (sometimes used for
+ development or "snapshot" releases) will not be ordered
+ correctly by the package management software. For
+ example, dpkg will consider "96May01" to be
+ greater than "96Dec24".
To prevent having to use epochs for every new upstream
- version, the date based portion of the version number
- should be changed to the following format in such cases:
- "19960501", "19961224". It is up to the maintainer whether
- they want to bother the upstream maintainer to change
- the version numbers upstream, too.
-
-
-
- Note that other version formats based on dates which are
- parsed correctly by the package management system should
- not be changed.
+ version, the date-based portion of any upstream version number
+ should be given in a way that sorts correctly: four-digit year
+ first, followed by a two-digit numeric month, followed by a
+ two-digit numeric date, possibly with punctuation between the
+ components.
- Native Debian packages (i.e., packages which have been
- written especially for Debian) whose version numbers include
- dates should always use the "YYYYMMDD" format.
+ Native Debian packages (i.e., packages which have been written
+ especially for Debian) whose version numbers include dates
+ should also follow these rules. If punctuation is desired
+ between the date components, remember that hyphen (-)
+ cannot be used in native package versions. Period
+ (.) is normally a good choice.
@@ -929,9 +950,9 @@
The description of a package
- Every Debian package must have an extended description
- stored in the appropriate field of the control record.
- The technical information about the format of the
+ Every Debian package must have a Description control
+ field which contains a synopsis and extended description of the
+ package. Technical information about the format of the
Description field is in [.
]
@@ -1058,10 +1079,10 @@
- Sometimes, a package requires another package to be installed
- and configured before it can be installed. In this
- case, you must specify a Pre-Depends entry for
- the package.
+ Sometimes, unpacking one package requires that another package
+ be first unpacked and configured. In this case, the
+ dependent package must specify this dependency in
+ the Pre-Depends control field.
@@ -1143,7 +1164,7 @@
must be available and usable on the system at all times, even
when packages are in an unconfigured (but unpacked) state.
Packages are tagged essential for a system using the
- Essential control file field. The format of the
+ Essential control field. The format of the
Essential control field is described in [.
]
@@ -1263,17 +1284,16 @@
Packages which use the Debian Configuration Management
- Specification may contain an additional
- config script and a templates
- file in their control archive
- The control.tar.gz inside the .deb.
- See .
- .
- The config script might be run before the
- preinst script, and before the package is unpacked
- or any of its dependencies or pre-dependencies are satisfied.
- Therefore it must work using only the tools present in
- essential packages.
+ Specification may contain the additional control information
+ files config
+ and templates. config is an
+ additional maintainer script used for package configuration,
+ and templates contains templates used for user
+ prompting. The config script might be run before
+ the preinst script and before the package is
+ unpacked or any of its dependencies or pre-dependencies are
+ satisfied. Therefore it must work using only the tools
+ present in essential packages.
Debconf or another tool that
implements the Debian Configuration Management
Specification will also be installed, and any
@@ -2198,16 +2218,16 @@ endif
Variable substitutions: debian/substvars
- When dpkg-gencontrol,
- dpkg-genchanges and dpkg-source
- generate control files they perform variable substitutions
- on their output just before writing it. Variable
+ When dpkg-gencontrol
+ generates binary package control
+ files (DEBIAN/control), it performs variable
+ substitutions on its output just before writing it. Variable
substitutions have the form ${variable}.
The optional file debian/substvars contains
variable substitutions to be used; variables can also be set
directly from debian/rules using the -V
- option to the source packaging commands, and certain
- predefined variables are also available.
+ option to the source packaging commands, and certain predefined
+ variables are also available.
@@ -2226,12 +2246,12 @@ endif
Optional upstream source location: debian/watch
- This is an optional, recommended control file for the
- uscan utility which defines how to automatically
- scan ftp or http sites for newly available updates of the
- package. This is used by and other Debian QA tools
- to help with quality control and maintenance of the
+ This is an optional, recommended configuration file for the
+ uscan utility which defines how to automatically scan
+ ftp or http sites for newly available updates of the
+ package. This is used
+ by and other Debian QA
+ tools to help with quality control and maintenance of the
distribution as a whole.
@@ -3618,12 +3638,11 @@ Checksums-Sha256:
- These scripts are the files preinst,
- postinst, prerm and
- postrm in the control area of the package.
- They must be proper executable files; if they are scripts
- (which is recommended), they must start with the usual
- #! convention. They should be readable and
+ These scripts are the control information
+ files preinst, postinst, prerm
+ and postrm. They must be proper executable files;
+ if they are scripts (which is recommended), they must start with
+ the usual #! convention. They should be readable and
executable by anyone, and must not be world-writable.
@@ -3638,12 +3657,12 @@ Checksums-Sha256:
they exit with a zero status if everything went well.
-
- Additionally, packages interacting with users using
- debconf in the postinst script should
- install a config script in the control area,
- see [ for details.
- ]
+
+ Additionally, packages interacting with users
+ using debconf in the postinst script
+ should install a config script as a control
+ information file. See [ for details.
+ ]
When a package is upgraded a combination of the scripts from
@@ -3655,7 +3674,7 @@ Checksums-Sha256:
Broadly speaking the preinst is called before
- (a particular version of) a package is installed, and the
+ (a particular version of) a package is unpacked, and the
postinst afterwards; the prerm
before (a version of) a package is removed and the
postrm afterwards.
@@ -3739,111 +3758,173 @@ Checksums-Sha256:
-
- -
- new-preinst install
-
- -
- new-preinst install old-version
-
- -
- new-preinst upgrade old-version
-
- -
- old-preinst abort-upgrade
- new-version
-
-
+ What follows is a summary of all the ways in which maintainer
+ scripts may be called along with what facilities those scripts
+ may rely on being available at that time. Script names preceded
+ by new- are the scripts from the new version of a
+ package being installed, upgraded to, or downgraded to. Script
+ names preceded by old- are the scripts from the old
+ version of a package that is being upgraded from or downgraded
+ from.
+
-
- -
- postinst configure
- most-recently-configured-version
-
- -
- old-postinst abort-upgrade
- new-version
-
- -
- conflictor's-postinst abort-remove
- in-favour package
- new-version
-
+ The preinst script may be called in the following
+ ways:
+
+ new-preinst install
+ new-preinst install
+ old-version
+ new-preinst upgrade
+ old-version
-
- postinst abort-remove
+ The package will not yet be unpacked, so
+ the preinst script cannot rely on any files
+ included in its package. Only essential packages and
+ pre-dependencies (Pre-Depends) may be assumed to be
+ available. Pre-dependencies will be at least unpacked.
+ They may be only unpacked or "Half-Configured", not
+ completely configured, but only if a previous version of the
+ pre-dependency was completely configured and the
+ pre-dependency had not been removed since then.
+
+ old-preinst abort-upgrade
+ new-version
-
- deconfigured's-postinst
- abort-deconfigure in-favour
- failed-install-package version
- [removing conflicting-package
- version]
+ Called during error handling of an upgrade that failed after
+ unpacking the new package because the postrm
+ upgrade action failed. The unpacked files may be
+ partly from the new version or partly missing, so the script
+ cannot not rely on files included in the package. Package
+ dependencies may not be available. Pre-dependencies will be
+ at least unpacked following the same rules as above, except
+ they may be only "Half-Installed" if an upgrade of the
+ pre-dependency failed.
-
+
+
-
- -
- prerm remove
-
- -
- old-prerm upgrade
- new-version
-
- -
- new-prerm failed-upgrade
- old-version
-
+ The postinst script may be called in the following
+ ways:
+
+ postinst configure
+ most-recently-configured-version
-
- conflictor's-prerm remove
- in-favour package
- new-version
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be unpacked. If there
+ are no circular dependencies involved, all package
+ dependencies will be configured.
+
+ old-postinst abort-upgrade
+ new-version
+ conflictor's-postinst abort-remove
+ in-favour package
+ new-version
+ postinst abort-remove
+ deconfigured's-postinst
+ abort-deconfigure in-favour
+ failed-install-package version
+ [removing conflicting-package
+ version]
-
- deconfigured's-prerm deconfigure
- in-favour package-being-installed
- version [removing
- conflicting-package
- version]
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be "Half-Installed" and
+ will have previously been configured and not removed.
+ However, dependencies may not be configured or even fully
+ unpacked in some error situations.
+ For example, suppose packages foo and bar are installed
+ with foo depending on bar. If an upgrade of bar were
+ started and then aborted, and then an attempt to remove
+ foo failed because its prerm script failed,
+ foo's postinst abort-remove would be called with
+ bar only "Half-Installed".
+
-
+
+
-
- -
- postrm remove
-
- -
- postrm purge
-
- -
- old-postrm upgrade
- new-version
-
+ The prerm script may be called in the following
+ ways:
+
+ prerm remove
+ old-prerm
+ upgradenew-version
+ conflictor's-prerm remove
+ in-favour package
+ new-version
+ deconfigured's-prerm deconfigure
+ in-favour package-being-installed
+ version [removing
+ conflicting-package version]
-
- new-postrm failed-upgrade
- old-version
+ The package whose prerm is being called will be
+ at least "Half-Installed". All package dependencies will at
+ least be "Half-Installed" and will have previously been
+ configured and not removed. If there was no error, all
+ dependencies will at least be unpacked, but these actions
+ may be called in various error states where dependencies are
+ only "Half-Installed" due to a partial upgrade.
+
+ new-prerm failed-upgrade
+ old-version
-
- new-postrm abort-install
+ Called during error handling when prerm upgrade
+ fails. The new package will not yet be unpacked, and all
+ the same constraints as for preinst upgrade apply.
+
+
+
+
+ The postrm script may be called in the following
+ ways:
+
+ postrm remove
+ postrm purge
+ old-postrm upgrade
+ new-version
+ disappearer's-postrm disappear
+ overwriter overwriter-version
-
- new-postrm abort-install
- old-version
+ The postrm script is called after the package's
+ files have been removed or replaced. The package
+ whose postrm is being called may have
+ previously been deconfigured and only be unpacked, at which
+ point subsequent package changes do not consider its
+ dependencies. Therefore, all postrm actions
+ may only rely on essential packages and cannot assume that
+ the package's dependencies are available.
+
+ new-postrm failed-upgrade
+ old-version
-
- new-postrm abort-upgrade
- old-version
+ Called when the old postrm upgrade action fails.
+ The new package will be unpacked, but only essential
+ packages and pre-dependencies can be relied on.
+ Pre-dependencies will either be configured or will be
+ "Unpacked" or "Half-Configured" but previously had been
+ configured and was never removed.
+
+ new-postrm abort-install
+ new-postrm abort-install
+ old-version
+ new-postrm abort-upgrade
+ old-version
-
- disappearer's-postrm disappear
- overwriter
- overwriter-version
+ Called before unpackaging the new package as part of the
+ error handling of preinst failures. May assume
+ the same state as preinst can assume.
-
+
-
+
Details of unpack phase of installation or upgrade
@@ -4045,7 +4126,7 @@ Checksums-Sha256:
behavior which, though deterministic, is hard for the
system administrator to understand. It can easily
lead to "missing" programs if, for example, a package
- is installed which overwrites a file from another
+ is unpacked which overwrites a file from another
package, and is then removed again.
Part of the problem is due to what is arguably a
bug in dpkg.
@@ -4181,7 +4262,7 @@ Checksums-Sha256:
If there was a conflicting package we go and do the
removal actions (described below), starting with the
removal of the conflicting package's files (any that
- are also in the package being installed have already
+ are also in the package being unpacked have already
been removed from the conflicting package's file list,
and so do not get removed now).
@@ -4319,7 +4400,7 @@ Checksums-Sha256:
In the Depends, Recommends,
Suggests, Pre-Depends,
Build-Depends and Build-Depends-Indep
- control file fields of the package, which declare
+ control fields of the package, which declare
dependencies on other packages, the package names listed may
also include lists of alternative package names, separated
by vertical bar (pipe) symbols |. In such a case,
@@ -4483,7 +4564,7 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
This is done using the Depends, Pre-Depends,
Recommends, Suggests, Enhances,
- Breaks and Conflicts control file fields.
+ Breaks and Conflicts control fields.
Breaks is described in [, and
Conflicts is described in ][. The
rest are described below.
@@ -4521,31 +4602,31 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
]
- For this reason packages in an installation run are usually
- all unpacked first and all configured later; this gives
- later versions of packages with dependencies on later
- versions of other packages the opportunity to have their
- dependencies satisfied.
+ Since Depends only places requirements on the order in
+ which packages are configured, packages in an installation run
+ are usually all unpacked first and all configured later. This
+ allows multiple packages to be upgraded in one unpack and
+ configure step even if some packages being upgraded have
+ versioned dependencies on the upgraded versions of other
+ packages involved in the installation run.
-
- In case of circular dependencies, since installation or
- removal order honoring the dependency order can't be
- established, dependency loops are broken at some point
- (based on rules below), and some packages may not be able to
- rely on their dependencies being present when being
- installed or removed, depending on which side of the break
- of the circular dependency loop they happen to be on. If one
- of the packages in the loop has no postinst script, then the
- cycle will be broken at that package, so as to ensure that
- all postinst scripts run with the dependencies properly
- configured if this is possible. Otherwise the breaking point
- is arbitrary.
-
-
- The Depends field thus allows package maintainers
- to impose an order in which packages should be configured.
+ If there is a circular dependency among packages being installed
+ or removed, installation or removal order honoring the
+ dependency order is impossible, requiring the dependency loop be
+ broken at some point and the dependency requirements violated
+ for at least one package. Packages involved in circular
+ dependencies may not be able to rely on their dependencies being
+ configured when being configured depending on which side of the
+ break of the circular dependency loop they happen to be on. If
+ one of the packages in the loop has no postinst
+ script, then the cycle will be broken at that package; this
+ ensures that all postinst scripts are run with
+ their dependencies properly configured if this is possible.
+ Otherwise the breaking point is arbitrary. Packages should
+ therefore avoid circular dependencies where possible,
+ particularly if they have postinst scripts.
@@ -4557,7 +4638,8 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
This declares an absolute dependency. A package will
not be configured unless all of the packages listed in
its Depends field have been correctly
- configured.
+ configured (unless there is a circular dependency as
+ described above).
@@ -4569,12 +4651,17 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
The Depends field should also be used if the
- postinst, prerm or
- postrm scripts require the package to be
- present in order to run. Note, however, that the
- postrm cannot rely on any non-essential
- packages to be present during the purge
- phase.
+ postinst or prerm scripts
+ require the depended-on package to be unpacked or
+ configured in order to run. In the case of postinst
+ configure, the depended-on packages will be unpacked
+ and configured first. (If both packages are involved in a
+ dependency loop, this might not work as expected; see the
+ explanation a few paragraphs back.) In the case
+ of prerm or other postinst
+ actions, the package dependencies will be at least
+ unpacked or "Half-Installed".
+
Recommends
@@ -4633,11 +4720,21 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
- When the package declaring a pre-dependency is about
- to be configured, the pre-dependency will be
- treated as a normal Depends, that is, it will
- be considered satisfied only if the depended-on
- package has been correctly configured.
+ When the package declaring a pre-dependency is about to
+ be configured, the pre-dependency will be treated
+ as a normal Depends. It will be considered
+ satisfied only if the depended-on package has been
+ correctly configured. However, unlike
+ with Depends, Pre-Depends does not
+ permit circular dependencies to be broken. If a circular
+ dependency is encountered while attempting to honor
+ Pre-Depends, the installation will be aborted.
+
+
+
+ Pre-Depends are also required if the
+ preinst script depends on the named package.
+ It is best to avoid this situation if possible.
@@ -4646,13 +4743,6 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
installation would hamper the ability of the system to
continue with any upgrade that might be in progress.
-
-
- Pre-Depends are also required if the
- preinst script depends on the named
- package. It is best to avoid this situation if
- possible.
-
@@ -4677,7 +4767,7 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
When one binary package declares that it breaks another,
dpkg will refuse to allow the package which
- declares Breaks be installed unless the broken
+ declares Breaks be unpacked unless the broken
package is deconfigured first, and it will refuse to
allow the broken package to be reconfigured.
@@ -4728,18 +4818,18 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
Conflicting binary packages - Conflicts
- When one binary package declares a conflict with another
- using a Conflicts field, dpkg will
- refuse to allow them to be installed on the system at the
- same time. This is a stronger restriction than Breaks,
- which just prevents both packages from being configured at the
- same time. Conflicting packages cannot be unpacked on the
- system at the same time.
+ When one binary package declares a conflict with another using
+ a Conflicts field, dpkg will refuse to
+ allow them to be unpacked on the system at the same time. This
+ is a stronger restriction than Breaks, which only
+ prevents both packages from being configured at the same time.
+ Conflicting packages cannot be unpacked on the system at the
+ same time.
- If one package is to be installed, the other must be removed
- first. If the package being installed is marked as replacing
+ If one package is to be unpacked, the other must be removed
+ first. If the package being unpacked is marked as replacing
(see [, but note that Breaks should
normally be used in this case) the one on the system, or the one
on the system is marked as deselected, or both packages are
@@ -4803,6 +4893,15 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
example, ][.
]
+
+ Neither Breaks nor Conflicts should be used
+ unless two packages cannot be installed at the same time or
+ installing them both causes one of them to be broken or
+ unusable. Having similar functionality or performing the same
+ tasks as another package is not sufficient reason to
+ declare Breaks or Conflicts with that package.
+
+
A Conflicts entry may have an "earlier than" version
clause if the reason for the conflict is corrected in a later
@@ -4832,11 +4931,10 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]
A virtual package is one which appears in the
- Provides control file field of another package.
- The effect is as if the package(s) which provide a
- particular virtual package name had been listed by name
- everywhere the virtual package name appears. (See also [)
+ Provides control field of another package. The effect
+ is as if the package(s) which provide a particular virtual
+ package name had been listed by name everywhere the virtual
+ package name appears. (See also ][)
]
@@ -4904,9 +5002,9 @@ Provides: bar
Packages can declare in their control file that they should
- overwrite files in certain other packages, or completely
- replace other packages. The Replaces control file
- field has these two distinct purposes.
+ overwrite files in certain other packages, or completely replace
+ other packages. The Replaces control field has these
+ two distinct purposes.
Overwriting files in other packages
@@ -5012,7 +5110,7 @@ Provides: mail-transport-agent
Conflicts: mail-transport-agent
Replaces: mail-transport-agent
- ensuring that only one MTA can be installed at any one
+ ensuring that only one MTA can be unpacked at any one
time. See [ for more information about this
example.
]
@@ -5033,7 +5131,7 @@ Replaces: mail-transport-agent
This is done using the Build-Depends,
Build-Depends-Indep, Build-Conflicts and
- Build-Conflicts-Indep control file fields.
+ Build-Conflicts-Indep control fields.
@@ -5048,7 +5146,7 @@ Replaces: mail-transport-agent
There is no Build-Depends-Arch; this role is essentially
met with Build-Depends. Anyone building the
- build-indep and binary-indep targets is
+ build-indep and binary-indep targets is
assumed to be building the whole package, and therefore
installation of all build dependencies is required.
@@ -5097,55 +5195,134 @@ Replaces: mail-transport-agent
- Packages involving shared libraries should be split up into
- several binary packages. This section mostly deals with how
- this separation is to be accomplished; rules for files within
- the shared library packages are in [ instead.
+ This section deals only with public shared libraries: shared
+ libraries that are placed in directories searched by the dynamic
+ linker by default or which are intended to be linked against
+ normally and possibly used by other, independent packages. Shared
+ libraries that are internal to a particular package or that are
+ only loaded as dynamic modules are not covered by this section and
+ are not subject to its requirements.
]
-
- Run-time shared libraries
+
+ A shared library is identified by the SONAME attribute
+ stored in its dynamic section. When a binary is linked against a
+ shared library, the SONAME of the shared library is
+ recorded in the binary's NEEDED section so that the
+ dynamic linker knows that library must be loaded at runtime. The
+ shared library file's full name (which usually contains additional
+ version information not needed in the SONAME) is
+ therefore normally not referenced directly. Instead, the shared
+ library is loaded by its SONAME, which exists on the file
+ system as a symlink pointing to the full name of the shared
+ library. This symlink must be provided by the
+ package. [ describes how to do this.
+
+ This is a convention of shared library versioning, but not a
+ requirement. Some libraries use the SONAME as the full
+ library file name instead and therefore do not need a symlink.
+ Most, however, encode additional information about
+ backwards-compatible revisions as a minor version number in the
+ file name. The SONAME itself only changes when
+ binaries linked with the earlier version of the shared library
+ may no longer work, but the filename may change with each
+ release of the library. See ][ for
+ more information.
+ ]
+
- The run-time shared library needs to be placed in a package
- whose name changes whenever the shared object version
- changes.
-
- Since it is common place to install several versions of a
- package that just provides shared libraries, it is a
- good idea that the library package should not
- contain any extraneous non-versioned files, unless they
- happen to be in versioned directories.
-
- The most common mechanism is to place it in a package
- called
- librarynamesoversion,
- where soversion is the version number
- in the soname of the shared library
- The soname is the shared object name: it's the thing
- that has to match exactly between building an executable
- and running it for the dynamic linker to be able run the
- program. For example, if the soname of the library is
- libfoo.so.6, the library package would be
- called libfoo6.
- .
- Alternatively, if it would be confusing to directly append
- soversion to libraryname (e.g. because
- libraryname itself ends in a number), you may use
- libraryname-soversion and
- libraryname-soversion-dev
- instead.
+ When linking a binary or another shared library against a shared
+ library, the SONAME for that shared library is not yet
+ known. Instead, the shared library is found by looking for a file
+ matching the library name with .so appended. This file
+ exists on the file system as a symlink pointing to the shared
+ library.
- If you have several shared libraries built from the same
- source tree you may lump them all together into a single
- shared library package, provided that you change all of
- their sonames at once (so that you don't get filename
- clashes if you try to install different versions of the
- combined shared libraries package).
+ Shared libraries are normally split into several binary packages.
+ The SONAME symlink is installed by the runtime shared
+ library package, and the bare .so symlink is installed in
+ the development package since it's only used when linking binaries
+ or shared libraries. However, there are some exceptions for
+ unusual shared libraries or for shared libraries that are also
+ loaded as dynamic modules by other programs.
+
+ This section is primarily concerned with how the separation of
+ shared libraries into multiple packages should be done and how
+ dependencies on and between shared library binary packages are
+ managed in Debian. [ should be read in
+ conjunction with this section and contains additional rules for
+ the files contained in the shared library packages.
+ ]
+
+
+ Run-time shared libraries
+
+
+ The run-time shared library must be placed in a package
+ whose name changes whenever the SONAME of the shared
+ library changes. This allows several versions of the shared
+ library to be installed at the same time, allowing installation
+ of the new version of the shared library without immediately
+ breaking binaries that depend on the old version. Normally, the
+ run-time shared library and its SONAME symlink should
+ be placed in a package named
+ librarynamesoversion,
+ where soversion is the version number in
+ the SONAME of the shared library.
+ See [ for detailed information on how to
+ determine this version. Alternatively, if it would be confusing
+ to directly append soversion
+ to libraryname (if, for example, libraryname
+ itself ends in a number), you should use
+ libraryname-soversion
+ instead.
+ ]
+
+
+ If you have several shared libraries built from the same source
+ tree, you may lump them all together into a single shared
+ library package provided that all of their SONAMEs will
+ always change together. Be aware that this is not normally the
+ case, and if the SONAMEs do not change together,
+ upgrading such a merged shared library package will be
+ unnecessarily difficult because of file conflicts with the old
+ version of the package. When in doubt, always split shared
+ library packages so that each binary package installs a single
+ shared library.
+
+
+
+ Every time the shared library ABI changes in a way that may
+ break binaries linked against older versions of the shared
+ library, the SONAME of the library and the
+ corresponding name for the binary package containing the runtime
+ shared library should change. Normally, this means
+ the SONAME should change any time an interface is
+ removed from the shared library or the signature of an interface
+ (the number of parameters or the types of parameters that it
+ takes, for example) is changed. This practice is vital to
+ allowing clean upgrades from older versions of the package and
+ clean transitions between the old ABI and new ABI without having
+ to upgrade every affected package simultaneously.
+
+
+
+ The SONAME and binary package name need not, and indeed
+ normally should not, change if new interfaces are added but none
+ are removed or changed, since this will not break binaries
+ linked against the old shared library. Correct versioning of
+ dependencies on the newer shared library by binaries that use
+ the new interfaces is handled via
+ the shlibs
+ system or via symbols files (see
+ ).
+
+
The package should install the shared libraries under
their normal names. For example, the libgdbm3
@@ -5165,10 +5342,11 @@ Replaces: mail-transport-agent
- The run-time library package should include the symbolic link that
- ldconfig would create for the shared libraries.
- For example, the libgdbm3 package should include
- a symbolic link from /usr/lib/libgdbm.so.3 to
+ The run-time library package should include the symbolic link for
+ the SONAME that ldconfig would create for
+ the shared libraries. For example,
+ the libgdbm3 package should include a symbolic
+ link from /usr/lib/libgdbm.so.3 to
libgdbm.so.3.0.0. This is needed so that the dynamic
linker (for example ld.so or
ld-linux.so.*) can find the library between the
@@ -5231,7 +5409,7 @@ Replaces: mail-transport-agent
During install or upgrade, the preinst is called before
- the new files are installed, so calling "ldconfig" is
+ the new files are unpacked, so calling "ldconfig" is
pointless. The preinst of an existing package can also be
called if an upgrade fails. However, this happens during
the critical time when a shared libs may exist on-disk
@@ -5376,7 +5554,7 @@ Replaces: mail-transport-agent
[) to ensure that the user only installs one
development version at a time (as different development versions are
likely to have the same header files in them, which would cause a
- filename clash if both were installed).
+ filename clash if both were unpacked).
]
@@ -5388,6 +5566,14 @@ Replaces: mail-transport-agent
(ld) when compiling packages, as it will only look for
libgdbm.so when compiling dynamically.
+
+
+ If the package provides Ada Library Information
+ (*.ali) files for use with GNAT, these files must be
+ installed read-only (mode 0444) so that GNAT will not attempt to
+ recompile them. This overrides the normal file mode requirements
+ given in [.
+ ]
@@ -5524,10 +5710,10 @@ Replaces: mail-transport-agent
When packages are being built,
any debian/shlibs files are copied into the
- control file area of the temporary build directory and
- given the name shlibs. These files give
- details of any shared libraries included in the same
- package.
+ control information file area of the temporary build
+ directory and given the name shlibs. These
+ files give details of any shared libraries included in the
+ same package.
An example may help here. Let us say that the source
package foo generates two binary
packages, libfoo2 and foo-runtime.
@@ -5728,7 +5914,8 @@ udeb: libz 1 zlib1g-udeb (>= 1:1.1.3)
It is usual to call this file debian/shlibs (but if
you have multiple binary packages, you might want to call it
debian/shlibs.package instead). Then
- let debian/rules install it in the control area:
+ let debian/rules install it in the control
+ information file area:
install -m644 debian/shlibs debian/tmp/DEBIAN
@@ -5737,9 +5924,9 @@ install -m644 debian/shlibs debian/tmp/DEBIAN
install -m644 debian/shlibs.package debian/package/DEBIAN/shlibs
An alternative way of doing this is to create the
- shlibs file in the control area directly from
- debian/rules without using a debian/shlibs
- file at all,
+ shlibs file in the control information file area
+ directly from debian/rules without using
+ a debian/shlibs file at all,
This is what dh_makeshlibs in
the debhelper suite does. If your package
also has a udeb that provides a shared
@@ -7251,10 +7438,10 @@ INSTALL = install -s # (or use strip on the files in debian/tmp)
for C files) will need to be compiled twice, for the normal
case.
+
- You must specify the gcc option -D_REENTRANT
- when building a library (either static or shared) to make
- the library compatible with LinuxThreads.
+ Libraries should be built with threading support and to be
+ thread-safe if the library supports this.
@@ -7453,7 +7640,19 @@ fname () {
must be supported and must set the value of c to
delta.
-
+
+ - The XSI extension to kill allowing kill
+ -signal, where signal is either
+ the name of a signal or one of the numeric signals listed in
+ the XSI extension (0, 1, 2, 3, 6, 9, 14, and 15), must be
+ supported if kill is implemented as a shell
+ built-in.
+
+ - The XSI extension to trap allowing numeric
+ signals must be supported. In addition to the signal
+ numbers listed in the extension, which are the same as for
+ kill above, 13 (SIGPIPE) must be allowed.
+
If a shell script requires non-SUSv3 features from the shell
interpreter other than those listed above, the appropriate shell
@@ -7930,27 +8129,27 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
compress
missingok
postrotate
- [ -f /var/run/foo.pid ] && kill -s HUP `cat /var/run/foo.pid`
+ start-stop-daemon -K -p /var/run/foo.pid -s HUP -x /usr/sbin/foo -q
endscript
}
This rotates all files under /var/log/foo, saves 12
- compressed generations, and forces the daemon to reload its
- configuration information after the log rotation. It skips this
- log rotation (via missingok) if no such log file is
- present, which avoids errors if the package is removed but not
- purged.
+ compressed generations, and tells the daemon to reopen its log
+ files after the log rotation. It skips this log rotation
+ (via missingok) if no such log file is present, which
+ avoids errors if the package is removed but not purged.
- Log files should be removed when the package is purged (but not
- when it is only removed). This should be done by
- the postrm script when it is called with the
- argument purge (see [).
+ Log files should be removed when the package is
+ purged (but not when it is only removed). This should be
+ done by the postrm script when it is called
+ with the argument purge (see ][).
]
-
+
Permissions and owners
@@ -7991,6 +8190,12 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
+
+ Control information files should be owned by root:root
+ and either mode 644 (for most files) or mode 755 (for
+ executables such as maintainer
+ scripts).
+
Setuid and setgid executables should be mode 4755 or 2755
@@ -8277,10 +8482,14 @@ done
These two files are managed through the dpkg
- "alternatives" mechanism. Thus every package providing an
- editor or pager must call the
- update-alternatives script to register these
- programs.
+ "alternatives" mechanism. Every package providing an editor or
+ pager must call the update-alternatives script to
+ register as an alternative for /usr/bin/editor
+ or /usr/bin/pager as appropriate. The alternative
+ should have a slave alternative
+ for /usr/share/man/man1/editor.1.gz
+ or /usr/share/man/man1/pager.1.gz pointing to the
+ corresponding manual page.
@@ -8329,11 +8538,13 @@ done
/usr/lib/cgi-bin/cgi-bin-name
- and should be referred to as
+ or a subdirectory of that directory, and should be
+ referred to as
http://localhost/cgi-bin/cgi-bin-name
-
+ (possibly with a subdirectory name
+ before cgi-bin-name).
-
@@ -8489,8 +8700,7 @@ http://localhost/doc/package/filename
this so programs should not fail if newaliases
cannot be found. Note that because of this, all MTA
packages must have Provides, Conflicts and
- Replaces: mail-transport-agent control file
- fields.
+ Replaces: mail-transport-agent control fields.
@@ -8599,8 +8809,9 @@ name ["syshostname"]:
Packages that provide an X server that, directly or
indirectly, communicates with real input and display
- hardware should declare in their control data that they
- provide the virtual package xserver.
+ hardware should declare in their Provides control
+ field that they provide the virtual
+ package xserver.
This implements current practice, and provides an
actual policy for usage of the xserver
virtual package which appears in the virtual packages
@@ -8618,12 +8829,14 @@ name ["syshostname"]:
Packages that provide a terminal emulator for the X Window
- System which meet the criteria listed below should declare
- in their control data that they provide the virtual
- package x-terminal-emulator. They should also
- register themselves as an alternative for
+ System which meet the criteria listed below should declare in
+ their Provides control field that they provide the
+ virtual package x-terminal-emulator. They should
+ also register themselves as an alternative for
/usr/bin/x-terminal-emulator, with a priority of
- 20.
+ 20. That alternative should have a slave alternative
+ for /usr/share/man/man1/x-terminal-emulator.1.gz
+ pointing to the corresponding manual page.
@@ -8664,9 +8877,9 @@ name ["syshostname"]:
Packages that provide a window manager should declare in
- their control data that they provide the virtual package
- x-window-manager. They should also register
- themselves as an alternative for
+ their Provides control field that they provide the
+ virtual package x-window-manager. They should also
+ register themselves as an alternative for
/usr/bin/x-window-manager, with a priority
calculated as follows:
@@ -8700,6 +8913,9 @@ name ["syshostname"]:
configuration, add 10 points; otherwise add none.
+ That alternative should have a slave alternative
+ for /usr/share/man/man1/x-window-manager.1.gz
+ pointing to the corresponding manual page.
@@ -8839,8 +9055,8 @@ name ["syshostname"]:
-
Font packages must declare a dependency on
- xfonts-utils in their control
- data.
+ xfonts-utils in their Depends
+ or Pre-Depends control field.
-
@@ -9660,7 +9876,7 @@ END-INFO-DIR-ENTRY
The DEBIAN directory will not appear in the
file system archive of the package, and so won't be installed
- by dpkg when the package is installed.
+ by dpkg when the package is unpacked.
@@ -9708,13 +9924,13 @@ END-INFO-DIR-ENTRY
It is possible to put other files in the package control
- area, but this is not generally a good idea (though they
- will largely be ignored).
+ information file area, but this is not generally a good idea
+ (though they will largely be ignored).
- Here is a brief list of the control info files supported by
- dpkg and a summary of what they're used for.
+ Here is a brief list of the control information files supported
+ by dpkg and a summary of what they're used for.
@@ -10585,7 +10801,7 @@ END-INFO-DIR-ENTRY
Package_Revision
-
The Debian revision part of the package version was
- at one point in a separate control file field. This
+ at one point in a separate control field. This
field went through several names.
@@ -10642,7 +10858,7 @@ END-INFO-DIR-ENTRY
- A package may contain a control area file called
+ A package may contain a control information file called
conffiles. This file should be a list of filenames
of configuration files needing automatic handling, separated
by newlines. The filenames should be absolute pathnames,