X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=cca4b6d7bec1bcc0691a8b67629ba585aca8cf1e;hb=6240129c6aea6033a60a39dbe0719b21ec3018ef;hp=9eef64396a02f720345d75f074c6f725fcb34754;hpb=3fe72e05003f6d298fd8b21d35c2daf977075c3f;p=debian%2Fdebian-policy.git diff --git a/policy.sgml b/policy.sgml index 9eef643..cca4b6d 100644 --- a/policy.sgml +++ b/policy.sgml @@ -15,7 +15,7 @@ This manual describes the policy requirements for the Debian - GNU/Linux distribution. This includes the structure and + distribution. This includes the structure and contents of the Debian archive and several design issues of the operating system, as well as technical requirements that each package must satisfy to be included in the distribution. @@ -50,7 +50,7 @@

A copy of the GNU General Public License is available as - /usr/share/common-licenses/GPL in the Debian GNU/Linux + /usr/share/common-licenses/GPL in the Debian distribution or on the World Wide Web at . You can also @@ -68,7 +68,7 @@ Scope

This manual describes the policy requirements for the Debian - GNU/Linux distribution. This includes the structure and + distribution. This includes the structure and contents of the Debian archive and several design issues of the operating system, as well as technical requirements that each package must satisfy to be included in the @@ -218,12 +218,13 @@ The actual editing is done by a group of maintainers that have no editorial powers. These are the current maintainers: - - Julian Gilbey - Branden Robinson - Josip Rodin - Manoj Srivastava - + + Russ Allbery + Bill Allombert + Andrew McMillan + Manoj Srivastava + Colin Watson +

@@ -257,7 +258,6 @@ - @@ -314,7 +314,7 @@ The Debian Archive

- The Debian GNU/Linux system is maintained and distributed as a + The Debian system is maintained and distributed as a collection of packages. Since there are so many of them (currently well over 15000), they are split into sections and given priorities to simplify @@ -348,8 +348,7 @@

- The main archive area forms the Debian GNU/Linux - distribution. + The main archive area forms the Debian distribution.

@@ -465,6 +464,20 @@ The main archive area +

+ The main archive area comprises the Debian + distribution. Only the packages in this area are considered + part of the distribution. None of the packages in + the main archive area require software outside of + that area to function. Anyone may use, share, modify and + redistribute the packages in this archive area + freely + See for + more about what we mean by free software. + . +

+

Every package in main must comply with the DFSG (Debian Free Software Guidelines). @@ -474,9 +487,9 @@ In addition, the packages in main - must not require a package outside of main - for compilation or execution (thus, the package must - not declare a "Depends", "Recommends", or + must not require or recommend a package outside + of main for compilation or execution (thus, the + package must not declare a "Depends", "Recommends", or "Build-Depends" relationship on a non-main package), @@ -496,6 +509,13 @@ The contrib archive area +

+ The contrib archive area contains supplemental + packages intended to work with the Debian distribution, but + which require software outside of the distribution to either + build or function. +

+

Every package in contrib must comply with the DFSG.

@@ -514,7 +534,6 @@

-

Examples of packages which would be included in contrib are: @@ -536,6 +555,15 @@ The non-free archive area +

+ The non-free archive area contains supplemental + packages intended to work with the Debian distribution that do + not comply with the DFSG or have other problems that make + their distribution problematic. They may not comply with all + of the policy requirements in this manual due to restrictions + on modifications or other limitations. +

+

Packages must be placed in non-free if they are not compliant with the DFSG or are encumbered by patents @@ -680,12 +708,13 @@ list of sections. At present, they are: admin, cli-mono, comm, database, devel, debug, doc, editors, - electronics, embedded, fonts, - games, gnome, graphics, gnu-r, - gnustep, hamradio, haskell, - httpd, interpreters, java, kde, - kernel, libs, libdevel, lisp, - localization, mail, math, misc, + education, electronics, embedded, + fonts, games, gnome, graphics, + gnu-r, gnustep, hamradio, haskell, + httpd, interpreters, introspection, + java, kde, kernel, libs, + libdevel, lisp, localization, + mail, math, metapackages, misc, net, news, ocaml, oldlibs, otherosfs, perl, php, python, ruby, science, shells, sound, @@ -796,7 +825,7 @@ Binary packages

- The Debian GNU/Linux distribution is based on the Debian + The Debian distribution is based on the Debian package management system, called dpkg. Thus, all packages in the Debian distribution must be provided in the .deb file format. @@ -811,10 +840,11 @@ Among those files are the package maintainer scripts and control, the binary package control file that contains the control fields for - the package. Other control information files - include the shlibs - file used to store shared library dependency information - and the conffiles file that lists the package's + the package. Other control information files include + the symbols file + or shlibs file + used to store shared library dependency information and + the conffiles file that lists the package's configuration files (described in ).

@@ -907,23 +937,40 @@ - + The maintainer of a package

- Every package must have a Debian maintainer (the - maintainer may be one person or a group of people - reachable from a common email address, such as a mailing - list). The maintainer is responsible for ensuring that - the package is placed in the appropriate distributions. -

- -

- The maintainer must be specified in the - Maintainer control field with their correct name - and a working email address. If one person maintains - several packages, they should try to avoid having - different forms of their name and email address in + Every package must have a maintainer, except for orphaned + packages as described below. The maintainer may be one person + or a group of people reachable from a common email address, such + as a mailing list. The maintainer is responsible for + maintaining the Debian packaging files, evaluating and + responding appropriately to reported bugs, uploading new + versions of the package (either directly or through a sponsor), + ensuring that the package is placed in the appropriate archive + area and included in Debian releases as appropriate for the + stability and utility of the package, and requesting removal of + the package from the Debian distribution if it is no longer + useful or maintainable. +

+ +

+ The maintainer must be specified in the Maintainer + control field with their correct name and a working email + address. The email address given in the Maintainer + control field must accept mail from those role accounts in + Debian used to send automated mails regarding the package. This + includes non-spam mail from the bug-tracking system, all mail + from the Debian archive maintenance software, and other role + accounts or automated processes that are commonly agreed on by + the project. + A sample implementation of such a whitelist written for the + Mailman mailing list management software is used for mailing + lists hosted by alioth.debian.org. + + If one person or team maintains several packages, they should + use the same form of their name and email address in the Maintainer fields of those packages.

@@ -933,15 +980,23 @@

- If the maintainer of a package quits from the Debian - project, "Debian QA Group" - packages@qa.debian.org takes over the - maintainer-ship of the package until someone else - volunteers for that task. These packages are called - orphaned packages. - The detailed procedure for doing this gracefully can - be found in the Debian Developer's Reference, - see . + If the maintainer of the package is a team of people with a + shared email address, the Uploaders control field must + be present and must contain at least one human with their + personal email address. See for the + syntax of that field. +

+ +

+ An orphaned package is one with no current maintainer. Orphaned + packages should have their Maintainer control field set + to Debian QA Group <packages@qa.debian.org>. + These packages are considered maintained by the Debian project + as a whole until someone else volunteers to take over + maintenance. + The detailed procedure for gracefully orphaning a package can + be found in the Debian Developer's Reference + (see ).

@@ -1036,7 +1091,7 @@ - + Dependencies

@@ -1081,7 +1136,7 @@

Sometimes, unpacking one package requires that another package be first unpacked and configured. In this case, the - dependent package must specify this dependency in + depending package must specify this dependency in the Pre-Depends control field.

@@ -1143,7 +1198,7 @@

The base system is a minimum subset of the Debian - GNU/Linux system that is installed before everything else + system that is installed before everything else on a new system. Only very few packages are allowed to form part of the base system, in order to keep the required disk usage very small. @@ -1636,11 +1691,20 @@ The maintainer name and email address used in the changelog should be the details of the person uploading this version. They are not necessarily those of the - usual package maintainer. The information here will be - copied to the Changed-By field in the - .changes file (see ), - and then later used to send an acknowledgement when the - upload has been installed. + usual package maintainer. + If the developer uploading the package is not one of the usual + maintainers of the package (as listed in + the Maintainer + or Uploaders control + fields of the package), the first line of the changelog is + conventionally used to explain why a non-maintainer is + uploading the package. The Debian Developer's Reference + (see ) documents the conventions + used. + The information here will be copied to the Changed-By + field in the .changes file + (see ), and then later used to send an + acknowledgement when the upload has been installed.

@@ -1792,23 +1856,26 @@ identical behavior.

+

+ The following targets are required and must be implemented + by debian/rules: clean, binary, + binary-arch, binary-indep, and build. + These are the targets called by dpkg-buildpackage. +

+

Since an interactive debian/rules script makes it - impossible to auto-compile that package and also makes it - hard for other people to reproduce the same binary - package, all required targets must be - non-interactive. At a minimum, required targets are the - ones called by dpkg-buildpackage, namely, - clean, binary, binary-arch, - binary-indep, and build. It also follows - that any target that these targets depend on must also be + impossible to auto-compile that package and also makes it hard + for other people to reproduce the same binary package, all + required targets must be non-interactive. It also follows that + any target that these targets depend on must also be non-interactive.

- The targets are as follows (required unless stated otherwise): + The targets are as follows: - build + build (required)

The build target should perform all the @@ -1919,8 +1986,8 @@

- binary, binary-arch, - binary-indep + binary (required), binary-arch + (required), binary-indep (required)

@@ -1968,7 +2035,7 @@

- clean + clean (required)

This must undo any effects that the build @@ -2050,14 +2117,21 @@

The architectures we build on and build for are determined - by make variables using the utility - dpkg-architecture. - You can determine the - Debian architecture and the GNU style architecture - specification string for the build machine (the machine type - we are building on) as well as for the host machine (the - machine type we are building for). Here is a list of - supported make variables: + by make variables using the + utility dpkg-architecture. + You can determine the Debian architecture and the GNU style + architecture specification string for the build architecture as + well as for the host architecture. The build architecture is + the architecture on which debian/rules is run and + the package build is performed. The host architecture is the + architecture on which the resulting package will be installed + and run. These are normally the same, but may be different in + the case of cross-compilation (building packages for one + architecture on machines of a different architecture). +

+ +

+ Here is a list of supported make variables: DEB_*_ARCH (the Debian architecture) @@ -2081,8 +2155,8 @@ DEB_*_GNU_TYPE) where * is either BUILD for specification of - the build machine or HOST for specification of the - host machine. + the build architecture or HOST for specification of the + host architecture.

@@ -2406,19 +2480,26 @@ endif fields The paragraphs are also sometimes referred to as stanzas. . - The paragraphs are separated by blank lines. Some control + The paragraphs are separated by empty lines. Parsers may accept + lines consisting solely of spaces and tabs as paragraph + separators, but control files should use empty lines. Some control files allow only one paragraph; others allow several, in which case each paragraph usually refers to a different package. (For example, in source packages, the first paragraph refers to the source package, and later paragraphs - refer to binary packages generated from the source.) + refer to binary packages generated from the source.) The + ordering of the paragraphs in control files is significant.

Each paragraph consists of a series of data fields; each field consists of the field name, followed by a colon and - then the data/value associated with that field. It ends at - the end of the (logical) line. Horizontal whitespace + then the data/value associated with that field. The field + name is composed of printable ASCII characters (i.e., + characters that have values between 33 and 126, inclusive) + except colon and must not with a begin with #. The + field ends at the end of the line or at the end of the + last continuation line (see below). Horizontal whitespace (spaces and tabs) may occur immediately before or after the value and is ignored there; it is conventional to put a single space after the colon. For example, a field might @@ -2436,21 +2517,51 @@ Package: libc6

- Many fields' values may span several lines; in this case - each continuation line must start with a space or a tab. - Any trailing spaces or tabs at the end of individual - lines of a field value are ignored. + There are three types of fields: + + simple + + The field, including its value, must be a single line. Folding + of the field is not permitted. This is the default field type + if the definition of the field does not specify a different + type. + + folded + + The value of a folded field is a logical line that may span + several lines. The lines after the first are called + continuation lines and must start with a space or a tab. + Whitespace, including any newlines, is not significant in the + field values of folded fields. + This folding method is similar to RFC 5322, allowing control + files that contain only one paragraph and no multiline fields + to be read by parsers written for RFC 5322. + + + multiline + + The value of a multiline field may comprise multiple continuation + lines. The first line of the value, the part on the same line as + the field name, often has special significance or may have to be + empty. Other lines are added following the same syntax as the + continuation lines of the folded fields. Whitespace, including newlines, + is significant in the values of multiline fields. + +

- In fields where it is specified that lines may not wrap, - only a single line of data is allowed and whitespace is not - significant in a field body. Whitespace must not appear + Whitespace must not appear inside names (of packages, architectures, files or anything else) or version numbers, or between the characters of multi-character version relationships.

+

+ The presence and purpose of a field, and the syntax of its + value may differ between types of control files. +

+

Field names are not case-sensitive, but it is usual to capitalize the field names using mixed case as shown below. @@ -2459,9 +2570,17 @@ Package: libc6

- Blank lines, or lines consisting only of spaces and tabs, - are not allowed within field values or between fields - that - would mean a new paragraph. + Paragraph separators (empty lines) and lines consisting only of + spaces and tabs are not allowed within field values or between + fields. Empty lines in field values are usually escaped by + representing them by a space followed by a dot. +

+ +

+ Lines starting with # without any preceding whitespace are comments + lines that are only permitted in source package control files + (debian/control). These comment lines are ignored, even + between two continuation lines. They do not end logical lines.

@@ -2492,6 +2611,7 @@ Package: libc6 Source (mandatory) Maintainer (mandatory) Uploaders + DM-Upload-Allowed Section (recommended) Priority (recommended) Build-Depends et al @@ -2526,8 +2646,8 @@ Package: libc6 .changes file to accompany the upload, and by dpkg-source when it creates the .dsc source control file as part of a source - archive. Many fields are permitted to span multiple lines in - debian/control but not in any other control + archive. Some fields are folded in debian/control, + but not in any other control file. These tools are responsible for removing the line breaks from such fields when using fields from debian/control to generate other control files. @@ -2540,16 +2660,6 @@ Package: libc6 when they generate output control files. See for details.

- -

- In addition to the control file syntax described above, this file may also contain - comment lines starting with # without any preceding - whitespace. All such lines are ignored, even in the middle of - continuation lines for a multiline field, and do not end a - multiline field. -

- @@ -2597,6 +2707,7 @@ Package: libc6 Version (mandatory) Maintainer (mandatory) Uploaders + DM-Upload-Allowed Homepage Standards-Version (recommended) Build-Depends et al @@ -2607,7 +2718,7 @@ Package: libc6

- The source package control file is generated by + The Debian source control file is generated by dpkg-source when it builds the source archive, from other files in the source package, described above. When unpacking, it is checked against @@ -2718,28 +2829,36 @@ Package: libc6 putting the name in round brackets and moving it to the end, and bringing the email address forward).

+ +

+ See for additional requirements and + information about package maintainers. +

Uploaders

- List of the names and email addresses of co-maintainers of - the package, if any. If the package has other maintainers - beside the one named in the - Maintainer field, their names - and email addresses should be listed here. The format of each - entry is the same as that of the Maintainer field, and - multiple entries must be comma separated. This is an optional - field. + List of the names and email addresses of co-maintainers of the + package, if any. If the package has other maintainers besides + the one named in the Maintainer + field, their names and email addresses should be listed + here. The format of each entry is the same as that of the + Maintainer field, and multiple entries must be comma + separated.

- Any parser that interprets the Uploaders field in - debian/control must permit it to span multiple - lines. Line breaks in an Uploaders field that spans multiple - lines are not significant and the semantics of the field are - the same as if the line breaks had not been present. + This is normally an optional field, but if + the Maintainer control field names a group of people + and a shared email address, the Uploaders field must + be present and must contain at least one human with their + personal email address. +

+ +

+ The Uploaders field in debian/control can be folded.

@@ -2856,34 +2975,42 @@ Package: libc6

- In the source package control file .dsc, this - field may contain either the architecture - wildcard any or a list of architectures and - architecture wildcards separated by spaces. If a list is - given, it may include (or consist solely of) the special + In the Debian source control file .dsc, this + field contains a list of architectures and architecture + wildcards separated by spaces. When the list contains the + architecture wildcard any, the only other value + allowed in the list is all. +

+ +

+ The list may include (or consist solely of) the special value all. In other words, in .dsc files unlike the debian/control, all may occur in combination with specific architectures. - The Architecture field in the source package control + The Architecture field in the Debian source control file .dsc is generally constructed from the Architecture fields in the debian/control in the source package.

- Specifying any indicates that the source package + Specifying only any indicates that the source package isn't dependent on any particular architecture and should compile fine on any one. The produced binary package(s) - will either be specific to whatever the current build - architecture is or will be architecture-independent. + will be specific to whatever the current build architecture is.

Specifying only all indicates that the source package - will only build architecture-independent packages. If this is - the case, all must be used rather than any; - any implies that the source package will build at - least one architecture-dependent package. + will only build architecture-independent packages. +

+ +

+ Specifying any all indicates that the source package + isn't dependent on any particular architecture. The set of + produced binary packages will include at least one + architecture-dependant package and one architecture-independent + package.

@@ -2919,7 +3046,7 @@ Package: libc6

This is a boolean field which may occur only in the control file of a binary package or in a per-package fields - paragraph of a main source control data file. + paragraph of a source package control file.

@@ -3155,7 +3282,8 @@ Package: libc6 In a source or binary control file, the Description field contains a description of the binary package, consisting of two parts, the synopsis or the short description, and the - long description. The field's format is as follows: + long description. It is a multiline field with the following + format:

@@ -3175,6 +3303,7 @@ Package: libc6 Those starting with a single space are part of a paragraph. Successive lines of this form will be word-wrapped when displayed. The leading space will usually be stripped off. + The line must contain at least one non-whitespace character. @@ -3185,7 +3314,8 @@ Package: libc6 will be allowed to trail off to the right. None, one or two initial spaces may be deleted, but the number of spaces deleted from each line will be the same (so that you can have - indenting work correctly, for example). + indenting work correctly, for example). The line must + contain at least one non-whitespace character. @@ -3219,8 +3349,8 @@ Package: libc6 field contains a summary of the descriptions for the packages being uploaded. For this case, the first line of the field value (the part on the same line as Description:) is - always empty. The content of the field is expressed as - continuation lines, one line per package. Each line is + always empty. It is a multiline field, with one + line per package. Each line is indented by one space and contains the name of a binary package, a space, a hyphen (-), a space, and the short description line from that package. @@ -3356,7 +3486,7 @@ Package: libc6 Changes

- This field contains the human-readable changes data, describing + This multiline field contains the human-readable changes data, describing the differences between the last version and the current one.

@@ -3394,7 +3524,7 @@ Package: libc6 Binary

- This field is a list of binary packages. Its syntax and + This folded field is a list of binary packages. Its syntax and meaning varies depending on the control file in which it appears.

@@ -3404,7 +3534,7 @@ Package: libc6 packages which a source package can produce, separated by commas A space after each comma is conventional. - . It may span multiple lines. The source package + . The source package does not necessarily produce all of these binary packages for every architecture. The source control file doesn't contain details of which architectures are appropriate for which of @@ -3414,7 +3544,7 @@ Package: libc6

When it appears in a .changes file, it lists the names of the binary packages being uploaded, separated by - whitespace (not commas). It may span multiple lines. + whitespace (not commas).

@@ -3537,7 +3667,7 @@ Files: and Checksums-Sha256

- These fields contain a list of files with a checksum and size + These multiline fields contain a list of files with a checksum and size for each one. Both Checksums-Sha1 and Checksums-Sha256 have the same syntax and differ only in the checksum algorithm used: SHA-1 @@ -3576,6 +3706,21 @@ Checksums-Sha256: must match the list of files in the Files field.

+ + + DM-Upload-Allowed + +

+ The most recent version of a package uploaded to unstable or + experimental must include the field DM-Upload-Allowed: + yes in the source section of its source control file for + the Debian archive to accept uploads signed with a key in the + Debian Maintainer keyring. See the General + Resolution for more + details. +

+ @@ -3585,7 +3730,7 @@ Checksums-Sha256: Additional user-defined fields may be added to the source package control file. Such fields will be ignored, and not copied to (for example) binary or - source package control files or upload control files. + Debian source control files or upload control files.

@@ -3602,7 +3747,7 @@ Checksums-Sha256: field name after the hyphen will be used in the output file. Where the letter B is used the field will appear in binary package control files, where the - letter S is used in source package control + letter S is used in Debian source control files and where C is used in upload control (.changes) files.

@@ -3613,7 +3758,7 @@ Checksums-Sha256: XBS-Comment: I stand between the candle and the star. - then the binary and source package control files will contain the + then the binary and Debian source control files will contain the field Comment: I stand between the candle and the star. @@ -3782,11 +3927,11 @@ Checksums-Sha256: the preinst script cannot rely on any files included in its package. Only essential packages and pre-dependencies (Pre-Depends) may be assumed to be - available. Pre-dependencies will be at least unpacked. - They may be only unpacked or "Half-Configured", not - completely configured, but only if a previous version of the - pre-dependency was completely configured and the - pre-dependency had not been removed since then. + available. Pre-dependencies will have been configured at + least once, but at the time the preinst is + called they may only be in an unpacked or "Half-Configured" + state if a previous version of the pre-dependency was + completely configured and has not been removed since then. old-preinst abort-upgrade @@ -3796,11 +3941,15 @@ Checksums-Sha256: unpacking the new package because the postrm upgrade action failed. The unpacked files may be partly from the new version or partly missing, so the script - cannot not rely on files included in the package. Package + cannot rely on files included in the package. Package dependencies may not be available. Pre-dependencies will be at least unpacked following the same rules as above, except they may be only "Half-Installed" if an upgrade of the - pre-dependency failed. + pre-dependency failed. + This can happen if the new version of the package no + longer pre-depends on a package that had been partially + upgraded. +

@@ -3815,7 +3964,9 @@ Checksums-Sha256: The files contained in the package will be unpacked. All package dependencies will at least be unpacked. If there are no circular dependencies involved, all package - dependencies will be configured. + dependencies will be configured. For behavior in the case + of circular dependencies, see the discussion + in . old-postinst abort-upgrade @@ -3842,6 +3993,13 @@ Checksums-Sha256: foo's postinst abort-remove would be called with bar only "Half-Installed". + The postinst should still attempt any actions + for which its dependencies are required, since they will + normally be available, but consider the correct error + handling approach if those actions fail. Aborting + the postinst action if commands or facilities + from the package dependencies are not available is often the + best approach.

@@ -3897,8 +4055,22 @@ Checksums-Sha256: previously been deconfigured and only be unpacked, at which point subsequent package changes do not consider its dependencies. Therefore, all postrm actions - may only rely on essential packages and cannot assume that - the package's dependencies are available. + may only rely on essential packages and must gracefully skip + any actions that require the package's dependencies if those + dependencies are unavailable. + This is often done by checking whether the command or + facility the postrm intends to call is + available before calling it. For example: + +if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge +fi + + in postrm purges the debconf + configuration for the package + if debconf is installed. + new-postrm failed-upgrade @@ -3918,7 +4090,7 @@ Checksums-Sha256: new-postrm abort-upgrade old-version - Called before unpackaging the new package as part of the + Called before unpacking the new package as part of the error handling of preinst failures. May assume the same state as preinst can assume. @@ -4433,13 +4605,13 @@ Checksums-Sha256: specification subject to the rules in , and must appear where it's necessary to disambiguate; it is not otherwise significant. All of the - relationship fields may span multiple lines. For + relationship fields can only be folded in source package control files. For consistency and in case of future changes to dpkg it is recommended that a single space be used after a version relationship and before a version number; it is also conventional to put a single space after each comma, on either side of each vertical bar, and before - each open parenthesis. When wrapping a relationship field, it + each open parenthesis. When opening a continuation line in a relationship field, it is conventional to do so after a comma and before the space following that comma.

@@ -4458,6 +4630,7 @@ Depends: libc6 (>= 2.2.1), exim | mail-transport-agent architectures. This is indicated in brackets after each individual package name and the optional version specification. The brackets enclose a list of Debian architecture names + in the format described in , separated by whitespace. Exclamation marks may be prepended to each of the names. (It is not permitted for some names to be prepended with exclamation marks while others aren't.) @@ -4525,7 +4698,8 @@ Build-Depends: foo [!i386] | bar [!amd64]

Relationships may also be restricted to a certain set of - architectures using architecture wildcards. The syntax for + architectures using architecture wildcards in the format + described in . The syntax for declaring such restrictions is the same as declaring restrictions using a certain set of architectures without architecture wildcards. For example: @@ -4604,11 +4778,19 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]

Since Depends only places requirements on the order in which packages are configured, packages in an installation run - are usually all unpacked first and all configured later. This - allows multiple packages to be upgraded in one unpack and - configure step even if some packages being upgraded have - versioned dependencies on the upgraded versions of other - packages involved in the installation run. + are usually all unpacked first and all configured later. + + This approach makes dependency resolution easier. If two + packages A and B are being upgraded, the installed package A + depends on exactly the installed package B, and the new + package A depends on exactly the new package B (a common + situation when upgrading shared libraries and their + corresponding development packages), satisfying the + dependencies at every stage of the upgrade would be + impossible. This relaxed restriction means that both new + packages can be unpacked together and then configured in their + dependency order. +

@@ -4618,15 +4800,16 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] broken at some point and the dependency requirements violated for at least one package. Packages involved in circular dependencies may not be able to rely on their dependencies being - configured when being configured depending on which side of the - break of the circular dependency loop they happen to be on. If - one of the packages in the loop has no postinst - script, then the cycle will be broken at that package; this - ensures that all postinst scripts are run with - their dependencies properly configured if this is possible. - Otherwise the breaking point is arbitrary. Packages should - therefore avoid circular dependencies where possible, - particularly if they have postinst scripts. + configured before they themselves are configured, depending on + which side of the break of the circular dependency loop they + happen to be on. If one of the packages in the loop has + no postinst script, then the cycle will be broken + at that package; this ensures that all postinst + scripts are run with their dependencies properly configured if + this is possible. Otherwise the breaking point is arbitrary. + Packages should therefore avoid circular dependencies where + possible, particularly if they have postinst + scripts.

@@ -4659,8 +4842,22 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] dependency loop, this might not work as expected; see the explanation a few paragraphs back.) In the case of prerm or other postinst - actions, the package dependencies will be at least - unpacked or "Half-Installed". + actions, the package dependencies will normally be at + least unpacked, but they may be only "Half-Installed" if a + previous upgrade of the dependency failed. +

+ +

+ Finally, the Depends field should be used if the + depended-on package is needed by the postrm + script to fully clean up after the package removal. There + is no guarantee that package dependencies will be + available when postrm is run, but the + depended-on package is more likely to be available if the + package declares a dependency (particularly in the case + of postrm remove). The postrm + script must gracefully skip actions that require a + dependency if that dependency isn't available.

@@ -4743,6 +4940,13 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] installation would hamper the ability of the system to continue with any upgrade that might be in progress.

+ +

+ You should not specify a Pre-Depends entry for a + package before this has been discussed on the + debian-devel mailing list and a consensus about + doing that has been reached. See . +

@@ -4767,7 +4971,7 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any]

When one binary package declares that it breaks another, dpkg will refuse to allow the package which - declares Breaks be unpacked unless the broken + declares Breaks to be unpacked unless the broken package is deconfigured first, and it will refuse to allow the broken package to be reconfigured.

@@ -4821,10 +5025,10 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] When one binary package declares a conflict with another using a Conflicts field, dpkg will refuse to allow them to be unpacked on the system at the same time. This - is a stronger restriction than Breaks, which only - prevents both packages from being configured at the same time. - Conflicting packages cannot be unpacked on the system at the - same time. + is a stronger restriction than Breaks, which prevents + the broken package from being configured while the breaking + package is in the "Unpacked" state but allows both packages to + be unpacked at the same time.

@@ -4878,7 +5082,7 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] when two packages provide the same file and will continue to do so, in conjunction with Provides when only one - package providing a given virtual facility may be installed + package providing a given virtual facility may be unpacked at a time (see ), in other cases where one must prevent simultaneous installation of two packages for reasons that are ongoing @@ -5318,9 +5522,9 @@ Replaces: mail-transport-agent linked against the old shared library. Correct versioning of dependencies on the newer shared library by binaries that use the new interfaces is handled via - the shlibs - system or via symbols files (see - ). + the symbols system + or the shlibs + system.

@@ -5381,12 +5585,9 @@ Replaces: mail-transport-agent library directories of the dynamic linker (which are currently /usr/lib and /lib) or a directory that is listed in /etc/ld.so.conf - These are currently - - /usr/local/lib - /usr/lib/libc5-compat - /lib/libc5-compat - + These are currently /usr/local/lib plus + directories under /lib and /usr/lib + matching the multiarch triplet for the system architecture. must use ldconfig to update the shared library system. @@ -5592,361 +5793,811 @@ Replaces: mail-transport-agent

- + Dependencies between the library and other packages - - the shlibs system + the symbols system

If a package contains a binary or library which links to a - shared library, we must ensure that when the package is - installed on the system, all of the libraries needed are - also installed. This requirement led to the creation of the - shlibs system, which is very simple in its design: - any package which provides a shared library also - provides information on the package dependencies required to - ensure the presence of this library, and any package which - uses a shared library uses this information to - determine the dependencies it requires. The files which - contain the mapping from shared libraries to the necessary - dependency information are called shlibs files. -

- -

- When a package is built which contains any shared libraries, it - must provide a shlibs file for other packages to - use. When a package is built which contains any shared - libraries or compiled binaries, it must run - dpkg-shlibdeps - on these to determine the libraries used and hence the - dependencies needed by this package. -

- dpkg-shlibdeps will use a program - like objdump or readelf to find - the libraries directly needed by the binaries or shared - libraries in the package. -

- -

- We say that a binary foo directly uses - a library libbar if it is explicitly linked - with that library (that is, the library is listed in the ELF - NEEDED attribute, caused by adding -lbar - to the link line when the binary is created). Other - libraries that are needed by libbar are linked - indirectly to foo, and the dynamic - linker will load them automatically when it loads - libbar. A package should depend on the libraries - it directly uses, but not the libraries it indirectly uses. - The dependencies for those libraries will automatically pull - in the other libraries. -

- -

- A good example of where this helps is the following. We - could update libimlib with a new version that - supports a new graphics format called dgf (but retaining the - same major version number) and depends on libdgf. - If we used ldd to add dependencies for every - library directly or indirectly linked with a binary, every - package that uses libimlib would need to be - recompiled so it would also depend on libdgf or it - wouldn't run due to missing symbols. Since dependencies are - only added based on ELF NEEDED attribute, packages - using libimlib can rely on libimlib itself - having the dependency on libdgf and so they would - not need rebuilding. -

+ shared library, we must ensure that, when the package is + installed on the system, all of the libraries needed are also + installed. These dependencies must be added to the binary + package when it is built, since they may change based on which + version of a shared library the binary or library was linnked + with. To allow these dependencies to be constructed, shared + libraries must provide either a symbols file or + a shlibs file, which provide information on the + package dependencies required to ensure the presence of this + library. Any package which uses a shared library must use these + files to determine the required dependencies when it is built. +

+ +

+ shlibs files were the original mechanism for + handling library dependencies. They are documented + in . symbols files, + documented in this section, are recommended for most packages, + since they provide dependency information for each exported + symbol and therefore generate more accurate dependencies for + binaries that do not use symbols from newer versions of the + shared library. However, shlibs files must be used + for udebs. Packages which provide a symbols file + are not required to provide a shlibs file. +

+ +

+ When a package that contains any shared libraries or compiled + binaries is built, it must run dpkg-shlibdeps on + each shared library and compiled binary to determine the + libraries used and hence the dependencies needed by the + package. + dpkg-shlibdeps will use a program + like objdump or readelf to find the + libraries and the symbols in those libraries directly needed + by the binaries or shared libraries in the package.

- In the following sections, we will first describe where the - various shlibs files are to be found, then how to - use dpkg-shlibdeps, and finally the shlibs - file format and how to create them if your package contains a - shared library. + We say that a binary foo directly uses a + library libbar if it is explicitly linked with that + library (that is, the library is listed in the + ELF NEEDED attribute, caused by adding -lbar + to the link line when the binary is created). Other libraries + that are needed by libbar are + linked indirectly to foo, and the dynamic + linker will load them automatically when it + loads libbar. A package should depend on the libraries + it directly uses, but not the libraries it indirectly uses. The + dependencies for those libraries will automatically pull in the + other libraries. dpkg-shlibdeps will handle this + logic automatically, but package maintainers need to be aware of + this distinction between directly and indirectly using a library + if they have to override its results for some reason. + + A good example of where this helps is the following. We could + update libimlib with a new version that supports a + new graphics format called dgf (but retaining the same major + version number) and depends on libdgf. If we + used ldd to add dependencies for every library + directly or indirectly linked with a binary, every package + that uses libimlib would need to be recompiled so it + would also depend on libdgf or it wouldn't run due to + missing symbols. Since dependencies are only added based on + ELF NEEDED attribute, packages + using libimlib can rely on libimlib itself + having the dependency on libdgf and so they would not + need rebuilding. +

- - The shlibs files present on the system -

- There are several places where shlibs files are - found. The following list gives them in the order in which - they are read by - dpkg-shlibdeps. - (The first one which gives the required information is used.) + In the following sections, we will first describe where the + various symbols files are to be found, then how to + use dpkg-shlibdeps, and finally + the symbols file format and how to create them if + your package contains a shared library.

-

- - -

debian/shlibs.local

+ + The symbols files present on the + system -

- This lists overrides for this package. This file should - normally not be used, but may be needed temporarily in - unusual situations to work around bugs in other packages, - or in unusual cases where the normally declared dependency - information in the installed shlibs file for - a library cannot be used. This file overrides information - obtained from any other source. -

- - - -

/etc/dpkg/shlibs.override

+

+ symbols files for a shared library are normally + provided by the shared library package, but there are several + override paths that are checked first in case that information + is wrong or missing. The following list gives them in the + order in which they are read by dpkg-shlibdeps + The first one that contains the required information is used. + + +

debian/*/DEBIAN/symbols

-

- This lists global overrides. This list is normally - empty. It is maintained by the local system - administrator. -

- +

+ During the package build, if the package itself contains + shared libraries with symbols files, they + will be generated in these staging directories + by dpkg-gensymbols. symbols + files found in the build tree take precedence + over symbols files from other binary + packages. +

- -

DEBIAN/shlibs files in the "build directory"

+

+ These files must exist + before dpkg-shlibdeps is run or the + dependencies of binaries and libraries from a source + package on other libraries from that same source package + will not be correct. In practice, this means + that dpkg-gensymbols must be run + before dpkg-shlibdeps during the package + build. + An example may clarify. Suppose the source + package foo generates two binary + packages, libfoo2 and foo-runtime. + When building the binary packages, the contents of the + packages are staged in the + directories debian/libfoo2 + and debian/foo-runtime respectively. + (debian/tmp could be used instead of one + of these.) Since libfoo2 provides + the libfoo shared library, it will contain + a symbols file, which will be installed + in debian/libfoo2/DEBIAN/symbols, + eventually to be included as a control file in that + package. When dpkg-shlibdeps is run on + the + executable debian/foo-runtime/usr/bin/foo-prog, + it will examine + the debian/libfoo2/DEBIAN/symbols file to + determine whether foo-prog's library + dependencies are satisfied by any of the libraries + provided by libfoo2. Since those binaries + were linked against the just-built shared library as + part of the build process, the symbols + file for the newly-built libfoo2 must take + precedence over a symbols file for any + other libfoo2 package already installed on + the system. + +

+ -

- When packages are being built, - any debian/shlibs files are copied into the - control information file area of the temporary build - directory and given the name shlibs. These - files give details of any shared libraries included in the - same package. - An example may help here. Let us say that the source - package foo generates two binary - packages, libfoo2 and foo-runtime. - When building the binary packages, the two packages are - created in the directories debian/libfoo2 - and debian/foo-runtime respectively. - (debian/tmp could be used instead of one of - these.) Since libfoo2 provides the - libfoo shared library, it will require a - shlibs file, which will be installed in - debian/libfoo2/DEBIAN/shlibs, eventually to - become /var/lib/dpkg/info/libfoo2.shlibs. - When dpkg-shlibdeps is run on the - executable debian/foo-runtime/usr/bin/foo-prog, - it will examine - the debian/libfoo2/DEBIAN/shlibs file to - determine whether foo-prog's library - dependencies are satisfied by any of the libraries - provided by libfoo2. For this reason, - dpkg-shlibdeps must only be run once all of - the individual binary packages' shlibs files - have been installed into the build directory. - -

- + +

+ /etc/dpkg/symbols/package.symbols.arch + and /etc/dpkg/symbols/package.symbols +

- -

/var/lib/dpkg/info/*.shlibs

+

+ Per-system overrides of shared library dependencies. + These files normally do not exist. They are maintained + by the local system administrator and must not be + created by any Debian package. +

+ -

- These are the shlibs files corresponding to - all of the packages installed on the system, and are - maintained by the relevant package maintainers. -

- + +

symbols control files for packages + installed on the system

- -

/etc/dpkg/shlibs.default

+

+ The symbols control files for all the + packages currently installed on the system are searched + last. This will be the most common source of shared + library dependency information. These are normally + found in /var/lib/dpkg/info/*.symbols, but + packages should not rely on this and instead should + use dpkg-query --control-path package + symbols if for some reason these files need to be + examined. +

+ + +

-

- This file lists any shared libraries whose packages - have failed to provide correct shlibs files. - It was used when the shlibs setup was first - introduced, but it is now normally empty. It is - maintained by the dpkg maintainer. -

- - -

- +

+ Be aware that if a debian/shlibs.local exists in + the source package, it will override any symbols + files. This is the only case where a shlibs is + used despite symbols files being present. See + and + for more information. +

+ - - How to use dpkg-shlibdeps and the - shlibs files + + How to use dpkg-shlibdeps and the + symbols files -

- Put a call to - dpkg-shlibdeps - into your debian/rules file. If your package - contains only compiled binaries and libraries (but no scripts), - you can use a command such as: - +

+ If your package contains any compiled binaries or shared + libraries, put a call to dpkg-shlibdeps into + your debian/rules file in the source package. + List all of the compiled binaries, libraries, or loadable + modules in your package. If your source package builds only a + single binary package that contains only compiled binaries and + libraries (but no scripts) and is not multiarch, you can use a + command such as: + dpkg-shlibdeps debian/tmp/usr/bin/* debian/tmp/usr/sbin/* \ debian/tmp/usr/lib/* - - Otherwise, you will need to explicitly list the compiled - binaries and libraries. - If you are using debhelper, the - dh_shlibdeps program will do this work for you. - It will also correctly handle multi-binary packages. - -

+ + but normally finding all of the binaries is more + complex. + The easiest way to do this is to use a package helper + framework such as debhelper. If you are + using debhelper, the dh_shlibdeps + program will do this work for you. It will also correctly + handle multi-binary packages. + +

-

- This command puts the dependency information into the - debian/substvars file, which is then used by - dpkg-gencontrol. You will need to place a - ${shlibs:Depends} variable in the Depends - field in the control file for this to work. -

+

+ This command puts the dependency information into + the debian/substvars file, which is then used + by dpkg-gencontrol. You will need to place + a ${shlibs:Depends} variable in the Depends + field in the control file of every binary package built by + this source package that contains compiled binaries, + libraries, or loadable modules. If you have multiple binary + packages, you will need to call dpkg-shlibdeps on + each one which contains compiled libraries or binaries, using + the -T option to the dpkg utilities to + specify a different substvars file for each + binary package. + Again, dh_shlibdeps + and dh_gencontrol will handle all of this for + you if you're using debhelper. + +

-

- If you have multiple binary packages, you will need to call - dpkg-shlibdeps on each one which contains - compiled libraries or binaries. In such a case, you will - need to use the -T option to the dpkg - utilities to specify a different substvars file. -

+

+ For more details on dpkg-shlibdeps, + see . +

+ -

- If you are creating a udeb for use in the Debian Installer, - you will need to specify that dpkg-shlibdeps - should use the dependency line of type udeb by - adding the -tudeb option - dh_shlibdeps from the debhelper suite - will automatically add this option if it knows it is - processing a udeb. - . If there is no dependency line of - type udeb in the shlibs - file, dpkg-shlibdeps will fall back to the regular - dependency line. -

+ + The symbols File Format -

- For more details on dpkg-shlibdeps, please see - and - . -

- +

+ The following documents the format of the symbols + control file as included in binary packages. These files are + built from template symbols files in the source + package by dpkg-gensymbols. The template files + support a richer syntax that + allows dpkg-gensymbols to do some of the tedious + work involved in maintaining symbols files, such + as handling C++ symbols or optional symbols that may not exist + on particular architectures. When + writing symbols files for a shared library + package, refer to + for the richer syntax. +

- - The shlibs File Format +

+ A symbols may contain one or more entries, one + for each shared library contained in the package corresponding + to that symbols. Each entry has the following + format: +

-

- Each shlibs file has the same format. Lines - beginning with # are considered to be comments and - are ignored. Each line is of the form: - -[type: ]library-name soname-version dependencies ... - -

+

+ +library-soname main-dependency-template +[ | alternative-dependency-template ] +[ ... ] +[ * field-name: field-value ] +[ ... ] + symbol minimal-version[ id-of-dependency-template ] + +

-

- We will explain this by reference to the example of the - zlib1g package, which (at the time of writing) - installs the shared library /usr/lib/libz.so.1.1.3. -

+

+ To explain this format, we'll use the the zlib1g + package as an example, which (at the time of writing) installs + the shared library /usr/lib/libz.so.1.2.3.4. + Mandatory lines will be described first, followed by optional + lines. +

-

- type is an optional element that indicates the type - of package for which the line is valid. The only type currently - in use is udeb. The colon and space after the type are - required. -

+

+ library-soname must contain exactly the value of + the ELF SONAME attribute of the shared library. In + our example, this is libz.so.1. + This can be determined by using the command + +readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME + + +

-

- library-name is the name of the shared library, - in this case libz. (This must match the name part - of the soname, see below.) -

+

+ main-dependency-template has the same syntax as a + dependency field in a binary package control file, except that + the string #MINVER# is replaced by a version + restriction like (>= version) or by + nothing if an unversioned dependency is deemed sufficient. + The version restriction will be based on which symbols from + the shared library are referenced and the version at which + they were introduced (see below). In nearly all + cases, main-dependency-template will + be package #MINVER#, + where package is the name of the binary package + containing the shared library. This adds a simple, + possibly-versioned dependency on the shared library package. + In some rare cases, such as when multiple packages provide the + same shared library ABI, the dependency template may need to + be more complex. +

-

- soname-version is the version part of the soname of - the library. The soname is the thing that must exactly match - for the library to be recognized by the dynamic linker, and is - usually of the form - name.so.major-version, in our - example, libz.so.1. - This can be determined using the command +

+ In our example, the first line of + the zlib1g symbols file would be: -objdump -p /usr/lib/libz.so.1.1.3 | grep SONAME +libz.so.1 zlib1g #MINVER# - - The version part is the part which comes after - .so., so in our case, it is 1. The soname may - instead be of the form - name-major-version.so, such - as libdb-4.8.so, in which case the name would - be libdb and the version would be 4.8. -

+

+ +

+ Each public symbol exported by the shared library must have a + corresponding symbol line, indented by one + space. symbol is the exported symbol (which, for + C++, means the mangled symbol) followed by @ and the + symbol version, or the string Base if there is no + symbol version. minimal-version is the most recent + version of the shared library that changed the behavior of + that symbol, whether by adding it, changing its function + signature (the parameters, their types, or the return type), + or its behavior in a way that is visible to a + caller. id-of-dependency-template is an optional + field that references + an alternative-dependency-template; see below for a + full description. +

+ +

+ For example, libz.so.1 contains the + symbols compress + and compressBound. compress has no symbol + version and last changed its behavior in upstream + version 1:1.1.4. compressBound has the + symbol version ZLIB_1.2.0, was introduced in upstream + version 1:1.2.0, and has not changed its behavior. + Its symbols file therefore contains the lines: + + compress@Base 1:1.1.4 + compressBound@ZLIB_1.2.0 1:1.2.0 + + Packages using only compress would then get a + dependency of zlib1g (>= 1:1.1.4), but packages + using compressBound would get a dependency + of zlib1g (>= 1:1.2.0). +

+ +

+ One or more alternative-dependency-template lines + may be provided. These are used in cases where some symbols + in the shared library should use one dependency template while + others should use a different template. The alternative + dependency templates are used only if a symbol line contains + the id-of-dependency-template field. The first + alternative dependency template is numbered 1, the second 2, + and so forth. + An example of where this may be needed is with a library + that implements the libGL interface. All GL implementations + provide the same set of base interfaces, and then may + provide some additional interfaces only used by programs + that require that specific GL implementation. So, for + example, libgl1-mesa-glx may use the + following symbols file: + +libGL.so.1 libgl1 +| libgl1-mesa-glx #MINVER# + publicGlSymbol@Base 6.3-1 + [...] + implementationSpecificSymbol@Base 6.5.2-7 1 + [...] + + Binaries or shared libraries using + only publicGlSymbol would depend only + on libgl1 (which may be provided by multiple + packages), but ones + using implementationSpecificSymbol would get a + dependency on libgl1-mesa-glx (>= 6.5.2-7) + +

+ +

+ Finally, the entry for the library may contain one or more + metadata fields. Currently, the only + supported field-name + is Build-Depends-Package, whose value lists + the library development + package on which packages using this shared library + declare a build dependency. If this field is + present, dpkg-shlibdeps uses it to ensure that + the resulting binary package dependency on the shared library + is at least as strict as the source package dependency on the + shared library development package. + This field should normally not be necessary, since if the + behavior of any symbol has changed, the corresponding + symbol minimal-version should have been + increased. But including it makes the symbols + system more robust by tightening the dependency in cases + where the package using the shared library specifically + requires at least a particular version of the shared library + development package for some reason. + + For our example, the zlib1g symbols file + would contain: + + * Build-Depends-Package: zlib1g-dev + + (Don't forget the leading space.) +

+ +

+ Also see . +

+ + + + Providing a symbols file + +

+ If your package provides a shared library, you should arrange + to include a symbols control file following the + format described above in that package. You must include + either a symbols control file or + a shlibs control file. +

+ +

+ Normally, this is done by creating a symbols in + the source package + named debian/package.symbols + or debian/symbols, possibly + with .arch appended if the symbols + information varies by architecture. This file may use the + extended syntax documented + in . Then, + call dpkg-gensymbols as part of the package build + process. It will create symbols files in the + package staging area based on the binaries and libraries in + the package staging area and the symbols files in + the source package. + If you are + using debhelper, dh_makeshlibs will + take care of calling either dpkg-gensymbols + or generating a shlibs file as appropriate. + +

+ +

+ Packages that provide symbols files must keep + them up-to-date to ensure correct dependencies in packages + that use the shared libraries. This means updating + the symbols file whenever a new public symbol is + added, changing the minimal-version field whenever + a symbol changes behavior or signature, and changing + the library-soname + and main-dependency-template, and probably all of + the minimal-version fields, when the library + changes SONAME. Removing a public symbol from + the symbols file because it's no longer provided + by the library normally requires changing the SONAME + of the library. See . +

+ +

+ Special care should be taken in updating + the minimal-version field when the behavior of a + public symbol changes. This is easy to neglect, since there + is no automated method of determining such changes, but + failing to update minimal-version in this case may + result in binary packages with too-weak dependencies that will + fail at runtime, possibly in ways that can cause security + vulnerabilities. If the package maintainer believes that a + symbol behavior change may have occurred but isn't sure, it's + safer to update the minimal-version of all possibly + affected symbols to the current upstream version rather than + leave them unmodified. This may result in unnecessarily + strict dependencies, but it ensures that packages whose + dependencies are satisfied will work properly. +

+ +

+ A common example of when a change + to minimal-version is required is a function that + takes an enum or struct argument that controls what the + function does. For example: + +enum library_op { OP_FOO, OP_BAR }; +int library_do_operation(enum library_op); + + If a new operation, OP_BAZ, is added, + the minimal-version + of library_do_operation must be increased to the + version at which OP_BAZ was introduced. Otherwise, a + binary built against the new version of the library (having + detected at compile-time that the library + supports OP_BAZ) may be installed with a shared + library that doesn't support OP_BAZ and will fail at + runtime when it tries to pass OP_BAZ into this + function. +

+ +

+ The minimal-version field normally should not + contain the Debian revision of the package, since the library + behavior is normally fixed for a particular upstream version + and any Debian packaging of that upstream version will have + the same behavior. In the rare case that the library behavior + was changed in a particular Debian revision, + appending ~ to the end of + the minimal-version that includes the Debian + revision is recommended, since this allows backports of the + shared library package using the normal backport versioning + convention to satisfy the dependency. +

+ + + + + Dependencies between the library and other packages - + the shlibs system

- dependencies has the same syntax as a dependency - field in a binary package control file. It should give - details of which packages are required to satisfy a binary - built against the version of the library contained in the - package. See for details. + The shlibs system is an alternative to + the symbols system for declaring dependencies for + shared libraries. It predated the symbols system and + is therefore frequently seen in older packages. It is also + required for udebs, which do not support symbols.

- In our example, if the first version of the zlib1g - package which contained a minor number of at least - 1.3 was 1:1.1.3-1, then the - shlibs entry for this library could say: - -libz 1 zlib1g (>= 1:1.1.3) - - The version-specific dependency is to avoid warnings from - the dynamic linker about using older shared libraries with - newer binaries. + shlibs files do not provide as detailed of + information as symbols files. They only provide + information about the library as a whole, not individual + symbols, and therefore have to force tighter dependencies since + they have no way of relaxing dependencies for binaries and + libraries that only use symbols whose behavior has not changed. + Because of this, and because of some problems with + how shlibs files represent the + library SONAME, symbols files are + recommended instead for any shared library package that isn't a + udeb.

- As zlib1g also provides a udeb containing the shared library, - there would also be a second line: - -udeb: libz 1 zlib1g-udeb (>= 1:1.1.3) - + In the following sections, we will first describe where the + various shlibs files are to be found, then how to + use dpkg-shlibdeps, and finally + the shlibs file format and how to create them if + your package contains a shared library. Much of the information + about shlibs files is the same as + for symbols files, so only the differences will be + mentioned.

- - - Providing a shlibs file + + The shlibs files present on the + system -

- If your package provides a shared library, you need to create - a shlibs file following the format described above. - It is usual to call this file debian/shlibs (but if - you have multiple binary packages, you might want to call it - debian/shlibs.package instead). Then - let debian/rules install it in the control - information file area: - +

+ There are several places where shlibs files are + found. The following list gives them in the order in which + they are read by dpkg-shlibdeps. (The first one + which gives the required information is used.) + + +

debian/shlibs.local

+ +

+ This lists overrides for this package. This file should + normally not be used, but may be needed temporarily in + unusual situations to work around bugs in other + packages, or in unusual cases where the normally + declared dependency information in the + installed shlibs file for a library cannot + be used. This file overrides information obtained from + any other source. +

+ + + +

/etc/dpkg/shlibs.override

+ +

+ This lists global overrides. This list is normally + empty. It is maintained by the local system + administrator. +

+ + + +

DEBIAN/shlibs files in the "build + directory"

+ +

+ When packages are being built, + any debian/shlibs files are copied into the + control information file area of the temporary build + directory and given the name shlibs. These + files give details of any shared libraries included in + the same package. +

+ + + +

shlibs control files for packages + installed on the system

+ +

+ The shlibs control files for all the + packages currently installed on the system. These are + normally found + in /var/lib/dpkg/info/*.symbols, but + packages should not rely on this and instead should + use dpkg-query --control-path package + shlibs if for some reason these files need to be + examined. +

+ + + +

/etc/dpkg/shlibs.default

+ +

+ This file lists any shared libraries whose packages have + failed to provide correct shlibs files. It + was used when the shlibs setup was first + introduced, but it is now normally empty. It is + maintained by the dpkg maintainer. +

+ + +

+ +

+ If a symbols file for a shared library package + is available, dpkg-shlibdeps will always use it + in preference to a shlibs, with the exception + of debian/shlibs.local. The latter overrides any + other shlibs or symbols files. +

+ + + + How to use dpkg-shlibdeps and the + shlibs files + +

+ Use of dpkg-shlibdeps with shlibs + files is generally the same as with symbols + files. See . +

+ +

+ If you are creating a udeb for use in the Debian Installer, + you will need to specify that dpkg-shlibdeps + should use the dependency line of type udeb by + adding the -tudeb option + dh_shlibdeps from the debhelper suite + will automatically add this option if it knows it is + processing a udeb. + . If there is no dependency line of + type udeb in the shlibs + file, dpkg-shlibdeps will fall back to the + regular dependency line. +

+ + + + The shlibs File Format + +

+ Each shlibs file has the same format. Lines + beginning with # are considered to be comments and + are ignored. Each line is of the form: + +[type: ]library-name soname-version dependencies ... + +

+ +

+ We will explain this by reference to the example of the + zlib1g package, which (at the time of writing) + installs the shared + library /usr/lib/libz.so.1.2.3.4. +

+ +

+ type is an optional element that indicates the type + of package for which the line is valid. The only type + currently in use is udeb. The colon and space after + the type are required. +

+ +

+ library-name is the name of the shared library, in + this case libz. (This must match the name part of + the soname, see below.) +

+ +

+ soname-version is the version part of the + ELF SONAME attribute of the library. + The SONAME is the thing that must exactly match for + the library to be recognized by the dynamic linker, and is + usually of the + form name.so.major-version, in + our example, libz.so.1. + The version part is the part which comes after + .so., so in our case, it is 1. The soname + may instead be of the + form name-major-version.so, + such as libdb-5.1.so, in which case the name would + be libdb and the version would be 5.1. +

+ +

+ dependencies has the same syntax as a dependency + field in a binary package control file. It should give + details of which packages are required to satisfy a binary + built against the version of the library contained in the + package. See for details. +

+ +

+ In our example, if the last change to the zlib1g + package that could change behavior for a client of that + library was in version 1:1.2.3.3.dfsg-1, then + the shlibs entry for this library could say: + +libz 1 zlib1g (>= 1:1.2.3.3.dfsg-1) + + This version restriction must be new enough that any binary + built against the current version of the library will work + with any version of the shared library that satisfies that + dependency. +

+ +

+ As zlib1g also provides a udeb containing the shared library, + there would also be a second line: + +udeb: libz 1 zlib1g-udeb (>= 1:1.2.3.3.dfsg-1) + +

+ + + + Providing a shlibs file + +

+ If your package provides a shared library, you need to create + a shlibs file following the format described + above. It is usual to call this + file debian/shlibs (but if you have multiple + binary packages, you might want to call + it debian/package.shlibs instead). + Then let debian/rules install it in the control + information file area: + install -m644 debian/shlibs debian/tmp/DEBIAN - - or, in the case of a multi-binary package: - -install -m644 debian/shlibs.package debian/package/DEBIAN/shlibs - - An alternative way of doing this is to create the - shlibs file in the control information file area - directly from debian/rules without using - a debian/shlibs file at all, - This is what dh_makeshlibs in - the debhelper suite does. If your package - also has a udeb that provides a shared - library, dh_makeshlibs can automatically generate - the udeb: lines if you specify the name of the udeb - with the --add-udeb option. - - since the debian/shlibs file itself is ignored by - dpkg-shlibdeps. -

+ + or, in the case of a multi-binary package: + +install -m644 debian/package.shlibs debian/package/DEBIAN/shlibs + + An alternative way of doing this is to create + the shlibs file in the control information file + area directly from debian/rules without using + a debian/shlibs file at all, + This is what dh_makeshlibs in + the debhelper suite does. If your package + also has a udeb that provides a shared + library, dh_makeshlibs can automatically + generate the udeb: lines if you specify the name of + the udeb with the --add-udeb option. + + since the debian/shlibs file itself is ignored by + dpkg-shlibdeps. +

-

- As dpkg-shlibdeps reads the - DEBIAN/shlibs files in all of the binary packages - being built from this source package, all of the - DEBIAN/shlibs files should be installed before - dpkg-shlibdeps is called on any of the binary - packages. -

- +

+ Since dpkg-shlibdeps reads + the DEBIAN/shlibs files in all of the binary + packages being built from this source package, all of + the DEBIAN/shlibs files should be installed + before dpkg-shlibdeps is called on any of the + binary packages. +

+ @@ -5999,13 +6650,13 @@ install -m644 debian/shlibs.package debian/package/DEBIAN/ /lib/triplet and /usr/lib/triplet, where triplet is the value returned by - dpkg-architecture -qDEB_HOST_GNU_TYPE for the + dpkg-architecture -qDEB_HOST_MULTIARCH for the architecture of the package. Packages may not install files to any triplet path other than the one matching the architecture of that package; for instance, an Architecture: amd64 package containing 32-bit x86 libraries may not install these - libraries to /usr/lib/i486-linux-gnu. + libraries to /usr/lib/i386-linux-gnu. This is necessary in order to reserve the directories for use in cross-installation of library packages from other @@ -6055,9 +6706,21 @@ install -m644 debian/shlibs.package debian/package/DEBIAN/ to get access to kernel information.

+ +

+ On GNU/Hurd systems, the following additional + directories are allowed in the root + filesystem: /hurd + and /servers. + These directories are used to store translators and as + a set of standard names for mount points, + respectively. + +

+ -

+

The version of this document referred here can be found in the debian-policy package or on package debian/package/DEBIAN/ For example, the emacsen-common package could contain something like -if [ ! -e /usr/local/share/emacs ] -then - if mkdir /usr/local/share/emacs 2>/dev/null - then - chown root:staff /usr/local/share/emacs - chmod 2775 /usr/local/share/emacs +if [ ! -e /usr/local/share/emacs ]; then + if mkdir /usr/local/share/emacs 2>/dev/null; then + if chown root:staff /usr/local/share/emacs; then + chmod 2775 /usr/local/share/emacs || true + fi fi fi @@ -6928,18 +7590,20 @@ Reloading description configuration...done.

- + Cron jobs

Packages must not modify the configuration file /etc/crontab, and they must not modify the files in - /var/spool/cron/crontabs.

+ /var/spool/cron/crontabs. +

- If a package wants to install a job that has to be executed - via cron, it should place a file with the name of the - package in one or more of the following directories: + If a package wants to install a job that has to be executed via + cron, it should place a file named as specified + in into one or more of the following + directories: /etc/cron.hourly /etc/cron.daily @@ -6949,7 +7613,8 @@ Reloading description configuration...done. As these directory names imply, the files within them are executed on an hourly, daily, weekly, or monthly basis, respectively. The exact times are listed in - /etc/crontab.

+ /etc/crontab. +

All files installed in any of these directories must be @@ -6960,15 +7625,18 @@ Reloading description configuration...done.

If a certain job has to be executed at some other frequency or - at a specific time, the package should install a file - /etc/cron.d/package. This file uses the - same syntax as /etc/crontab and is processed by - cron automatically. The file must also be + at a specific time, the package should install a file in + /etc/cron.d with a name as specified + in . This file uses the same syntax + as /etc/crontab and is processed + by cron automatically. The file must also be treated as a configuration file. (Note that entries in the /etc/cron.d directory are not handled by anacron. Thus, you should only use this directory for jobs which may be skipped if the system is not - running.)

+ running.) +

+

Unlike crontab files described in the IEEE Std 1003.1-2008 (POSIX.1) available from @@ -7011,6 +7679,30 @@ Reloading description configuration...done. execute scripts in /etc/cron.{hourly,daily,weekly,monthly}.

+ + + Cron job file names + +

+ The file name of a cron job file should normally match the + name of the package from which it comes. +

+ +

+ If a package supplies multiple cron job files files in the + same directory, the file names should all start with the name + of the package (possibly modified as described below) followed + by a hyphen (-) and a suitable suffix. +

+ +

+ A cron job file name must not include any period or plus + characters (. or +) characters as this will + cause cron to ignore the file. Underscores (_) + should be used instead of . and + + characters. +

+ @@ -7059,7 +7751,7 @@ Reloading description configuration...done. MIME (Multipurpose Internet Mail Extensions, RFCs 2045-2049) is a mechanism for encoding files and data streams and providing meta-information about them, in particular their - type (e.g. audio or video) and format (e.g. PNG, HTML, + type (e.g. audio or video) and format (e.g. PNG, HTML, MP3).

@@ -7076,11 +7768,25 @@ Reloading description configuration...done.

- The MIME support policy can be found in the mime-policy - files in the debian-policy package. - It is also available from the Debian web mirrors at - . + The mime-support package provides the + update-mime program which allows packages to + register programs that can show, compose, edit or print + MIME types. +

+ +

+ Packages containing such programs must register them + with update-mime as documented in . They should not depend + on, recommend, or suggest mime-support. Instead, + they should just put something like the following in the + postinst and postrm scripts: + + + if [ -x /usr/sbin/update-mime ]; then + update-mime + fi +

@@ -7286,9 +7992,8 @@ exec /usr/lib/foo/foo "$@" package that provides online documentation (other than just manual pages) to register these documents with doc-base by installing a - doc-base control file via the - doc-base control file in + /usr/share/doc-base/.

Please refer to the documentation that comes with the @@ -7448,8 +8153,9 @@ INSTALL = install -s # (or use strip on the files in debian/tmp) Although not enforced by the build tools, shared libraries must be linked against all libraries that they use symbols from in the same way that binaries are. This ensures the correct - functioning of the shlibs - system and guarantees that all libraries can be safely opened + functioning of the symbols + and shlibs + systems and guarantees that all libraries can be safely opened with dlopen(). Packagers may wish to use the gcc option -Wl,-z,defs when building a shared library. Since this option enforces symbol resolution at build time, @@ -7651,7 +8357,7 @@ fname () { The XSI extension to trap allowing numeric signals must be supported. In addition to the signal numbers listed in the extension, which are the same as for - kill above, 13 (SIGPIPE) must be allowed. + kill above, 13 (SIGPIPE) must be allowed. If a shell script requires non-SUSv3 features from the shell @@ -7707,11 +8413,23 @@ fname () { Symbolic links

- In general, symbolic links within a top-level directory - should be relative, and symbolic links pointing from one - top-level directory into another should be absolute. (A - top-level directory is a sub-directory of the root - directory /.) + In general, symbolic links within a top-level directory should + be relative, and symbolic links pointing from one top-level + directory to or into another should be absolute. (A top-level + directory is a sub-directory of the root + directory /.) For example, a symbolic link + from /usr/lib/foo to /usr/share/bar + should be relative (../share/bar), but a symbolic + link from /var/run to /run should be + absolute. + This is necessary to allow top-level directories to be + symlinks. If linking /var/run + to /run were done with the relative symbolic + link ../run, but /var were a + symbolic link to /srv/disk1, the symbolic link + would point to /srv/run rather than the intended + target. +

@@ -7964,22 +8682,6 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq Sharing configuration files -

- Packages which specify the same file as a - conffile must be tagged as conflicting - with each other. (This is an instance of the general rule - about not sharing files. Note that neither alternatives - nor diversions are likely to be appropriate in this case; - in particular, dpkg does not handle diverted - conffiles well.) -

- -

- The maintainer scripts must not alter a conffile - of any package, including the one the scripts - belong to. -

-

If two or more packages use the same configuration file and it is reasonable for both to be installed at the same @@ -8029,6 +8731,34 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq and which manages the shared configuration files. (The sgml-base package is a good example.)

+ +

+ If the configuration file cannot be shared as described above, + the packages must be marked as conflicting with each other. + Two packages that specify the same file as + a conffile must conflict. This is an instance of the + general rule about not sharing files. Neither alternatives + nor diversions are likely to be appropriate in this case; in + particular, dpkg does not handle diverted + conffiles well. +

+ +

+ When two packages both declare the same conffile, they + may see left-over configuration files from each other even + though they conflict with each other. If a user removes + (without purging) one of the packages and installs the other, + the new package will take over the conffile from the + old package. If the file was modified by the user, it will be + treated the same as any other locally + modified conffile during an upgrade. +

+ +

+ The maintainer scripts must not alter a conffile + of any package, including the one the scripts + belong to. +

@@ -8900,9 +9630,9 @@ name ["syshostname"]: If the window manager complies with , - written by the , add 40 points. @@ -9170,41 +9900,6 @@ name ["syshostname"]: policy (such as for ).

- - - The OSF/Motif and OpenMotif libraries - -

- Programs that require the non-DFSG-compliant OSF/Motif or - OpenMotif libraries - OSF/Motif and OpenMotif are collectively referred to as - "Motif" in this policy document. - - should be compiled against and tested with LessTif (a free - re-implementation of Motif) instead. If the maintainer - judges that the program or programs do not work - sufficiently well with LessTif to be distributed and - supported, but do so when compiled against Motif, then two - versions of the package should be created; one linked - statically against Motif and with -smotif - appended to the package name, and one linked dynamically - against Motif and with -dmotif appended to the - package name. -

- -

- Both Motif-linked versions are dependent - upon non-DFSG-compliant software and thus cannot be - uploaded to the main distribution; if the - software is itself DFSG-compliant it may be uploaded to - the contrib distribution. While known existing - versions of Motif permit unlimited redistribution of - binaries linked against the library (whether statically or - dynamically), it is the package maintainer's - responsibility to determine whether this is permitted by - the license of the copy of Motif in their possession. -

- @@ -9317,13 +10012,13 @@ name ["syshostname"]: maintainer of the package is allowed to write this bug report themselves, if they so desire). Do not close the bug report until a proper man page is available. - It is not very hard to write a man page. See the + It is not very hard to write a man page. See the , - , the examples - created by debmake or dh_make, - the helper program help2man, or the - directory /usr/share/doc/man-db/examples. + , the examples created + by dh_make, the helper + program help2man, or the + directory /usr/share/doc/man-db/examples.

@@ -9569,16 +10264,14 @@ END-INFO-DIR-ENTRY

In addition, the copyright file must say where the upstream - sources (if any) were obtained. It should name the original - authors of the package and the Debian maintainer(s) who were - involved with its creation. + sources (if any) were obtained, and should name the original + authors.

Packages in the contrib or non-free archive areas should state in the copyright file that the package is not - part of the Debian GNU/Linux distribution and briefly explain - why. + part of the Debian distribution and briefly explain why.

@@ -9591,8 +10284,8 @@ END-INFO-DIR-ENTRY /usr/share/doc/package may be a symbolic link to another directory in /usr/share/doc only if the two packages both come from the same source and the - first package Depends on the second. These rules are - important because copyrights must be extractable by + first package Depends on the second. These rules are important + because copyright files must be extractable by mechanical means.

@@ -9749,9 +10442,8 @@ END-INFO-DIR-ENTRY dpkg is a suite of programs for creating binary package files and installing and removing them on Unix systems. - dpkg is targeted primarily at Debian - GNU/Linux, but may work on or be ported to other - systems. + dpkg is targeted primarily at Debian, but may + work on or be ported to other systems.

@@ -9796,13 +10488,10 @@ END-INFO-DIR-ENTRY

- The Debian version of the FSF's GNU hello program is provided - as an example for people wishing to create Debian - packages. The Debian debmake package is - recommended as a very helpful tool in creating and maintaining - Debian packages. However, while the tools and examples are - helpful, they do not replace the need to read and follow the - Policy and Programmer's Manual.

+ The Debian version of the FSF's GNU hello program is provided as + an example for people wishing to create Debian packages. However, + while the examples are helpful, they do not replace the need to + read and follow the Policy and Programmer's Manual.

@@ -10244,89 +10933,6 @@ END-INFO-DIR-ENTRY dpkg-genchanges.

- - - dpkg-shlibdeps - calculates shared library - dependencies - - -

- This program is usually called from debian/rules - just before dpkg-gencontrol (see ), in the top level of the source tree. -

- -

- Its arguments are executables and shared libraries - -

- They may be specified either in the locations in the - source tree where they are created or in the locations - in the temporary build tree where they are installed - prior to binary package creation. -

- for which shared library dependencies should - be included in the binary package's control file. -

- -

- If some of the found shared libraries should only - warrant a Recommends or Suggests, or if - some warrant a Pre-Depends, this can be achieved - by using the -ddependency-field option - before those executable(s). (Each -d option - takes effect until the next -d.) -

- -

- dpkg-shlibdeps does not directly cause the - output control file to be modified. Instead by default it - adds to the debian/substvars file variable - settings like shlibs:Depends. These variable - settings must be referenced in dependency fields in the - appropriate per-binary-package sections of the source - control file. -

- -

- For example, a package that generates an essential part - which requires dependencies, and optional parts that - which only require a recommendation, would separate those - two sets of dependencies into two different fields. - At the time of writing, an example for this was the - - It can say in its debian/rules: - - dpkg-shlibdeps -dDepends program anotherprogram ... \ - -dRecommends optionalpart anotheroptionalpart - - and then in its main control file debian/control: - - ... - Depends: ${shlibs:Depends} - Recommends: ${shlibs:Recommends} - ... - -

- -

- Sources which produce several binary packages with - different shared library dependency requirements can use - the -pvarnameprefix option to override - the default shlibs: prefix (one invocation of - dpkg-shlibdeps per setting of this option). - They can thus produce several sets of dependency - variables, each of the form - varnameprefix:dependencyfield, - which can be referred to in the appropriate parts of the - binary package control files. -

- - - dpkg-distaddfile - adds a file to @@ -11112,4 +11718,4 @@ END-INFO-DIR-ENTRY - +