The actual editing is done by a group of maintainers that have
no editorial powers. These are the current maintainers:
- <enumlist>
- <item>Julian Gilbey</item>
- <item>Branden Robinson</item>
- <item>Josip Rodin</item>
- <item>Manoj Srivastava</item>
- </enumlist>
+ <enumlist>
+ <item>Russ Allbery</item>
+ <item>Bill Allombert</item>
+ <item>Andrew McMillan</item>
+ <item>Manoj Srivastava</item>
+ <item>Colin Watson</item>
+ </enumlist>
</p>
<p>
<item><ref id="fhs"></item>
<item><ref id="virtual_pkg"></item>
<item><ref id="menus"></item>
- <item><ref id="mime"></item>
<item><ref id="perl"></item>
<item><ref id="maintscriptprompt"></item>
<item><ref id="emacs"></item>
<tt><url name="/doc/developers-reference/"
id="http://www.debian.org/doc/developers-reference/"></tt>.
</p>
+
+ <p>
+ Finally, a <qref id="copyrightformat">specification for
+ machine-readable copyright files</qref> is maintained as part of
+ the <package>debian-policy</package> package using the same
+ procedure as the other policy documents. Use of this format is
+ optional.
+ </p>
</sect>
<sect id="definitions">
<sect1 id="main">
<heading>The main archive area</heading>
+ <p>
+ The <em>main</em> archive area comprises the Debian
+ distribution. Only the packages in this area are considered
+ part of the distribution. None of the packages in
+ the <em>main</em> archive area require software outside of
+ that area to function. Anyone may use, share, modify and
+ redistribute the packages in this archive area
+ freely<footnote>
+ See <url id="http://www.debian.org/intro/free"
+ name="What Does Free Mean?"> for
+ more about what we mean by free software.
+ </footnote>.
+ </p>
+
<p>
Every package in <em>main</em> must comply with the DFSG
(Debian Free Software Guidelines).
In addition, the packages in <em>main</em>
<list compact="compact">
<item>
- must not require a package outside of <em>main</em>
- for compilation or execution (thus, the package must
- not declare a "Depends", "Recommends", or
- "Build-Depends" relationship on a non-<em>main</em>
- package),
+ must not require or recommend a package outside
+ of <em>main</em> for compilation or execution (thus, the
+ package must not declare a "Pre-Depends", "Depends",
+ "Recommends", "Build-Depends", or "Build-Depends-Indep"
+ relationship on a non-<em>main</em> package),
</item>
<item>
must not be so buggy that we refuse to support them,
<sect1 id="contrib">
<heading>The contrib archive area</heading>
+ <p>
+ The <em>contrib</em> archive area contains supplemental
+ packages intended to work with the Debian distribution, but
+ which require software outside of the distribution to either
+ build or function.
+ </p>
+
<p>
Every package in <em>contrib</em> must comply with the DFSG.
</p>
</list>
</p>
-
<p>
Examples of packages which would be included in
<em>contrib</em> are:
<sect1 id="non-free">
<heading>The non-free archive area</heading>
+ <p>
+ The <em>non-free</em> archive area contains supplemental
+ packages intended to work with the Debian distribution that do
+ not comply with the DFSG or have other problems that make
+ their distribution problematic. They may not comply with all
+ of the policy requirements in this manual due to restrictions
+ on modifications or other limitations.
+ </p>
+
<p>
Packages must be placed in <em>non-free</em> if they are
not compliant with the DFSG or are encumbered by patents
<p>
The Debian archive maintainers provide the authoritative
list of sections. At present, they are:
- <em>admin</em>, <em>cli-mono</em>, <em>comm</em>, <em>database</em>,
- <em>devel</em>, <em>debug</em>, <em>doc</em>, <em>editors</em>,
- <em>electronics</em>, <em>embedded</em>, <em>fonts</em>,
- <em>games</em>, <em>gnome</em>, <em>graphics</em>, <em>gnu-r</em>,
- <em>gnustep</em>, <em>hamradio</em>, <em>haskell</em>,
- <em>httpd</em>, <em>interpreters</em>, <em>java</em>, <em>kde</em>,
- <em>kernel</em>, <em>libs</em>, <em>libdevel</em>, <em>lisp</em>,
- <em>localization</em>, <em>mail</em>, <em>math</em>, <em>misc</em>,
- <em>net</em>, <em>news</em>, <em>ocaml</em>, <em>oldlibs</em>,
- <em>otherosfs</em>, <em>perl</em>, <em>php</em>, <em>python</em>,
- <em>ruby</em>, <em>science</em>, <em>shells</em>, <em>sound</em>,
- <em>tex</em>, <em>text</em>, <em>utils</em>, <em>vcs</em>,
- <em>video</em>, <em>web</em>, <em>x11</em>, <em>xfce</em>,
- <em>zope</em>. The additional section <em>debian-installer</em>
+admin,
+cli-mono,
+comm,
+database,
+debug,
+devel,
+doc,
+editors,
+education,
+electronics,
+embedded,
+fonts,
+games,
+gnome,
+gnu-r,
+gnustep,
+graphics,
+hamradio,
+haskell,
+httpd,
+interpreters,
+introspection,
+java,
+kde,
+kernel,
+libdevel,
+libs,
+lisp,
+localization,
+mail,
+math,
+metapackages,
+misc,
+net,
+news,
+ocaml,
+oldlibs,
+otherosfs,
+perl,
+php,
+python,
+ruby,
+science,
+shells,
+sound,
+tasks,
+tex,
+text,
+utils,
+vcs,
+video,
+web,
+x11,
+xfce,
+zope.
+ The additional section <em>debian-installer</em>
contains special packages used by the installer and is not used
for normal Debian packages.
</p>
Among those files are the package maintainer scripts
and <file>control</file>, the <qref id="binarycontrolfiles">binary
package control file</qref> that contains the control fields for
- the package. Other control information files
- include <qref id="sharedlibs-shlibdeps">the <file>shlibs</file>
- file</qref> used to store shared library dependency information
- and the <file>conffiles</file> file that lists the package's
+ the package. Other control information files include
+ the <qref id="sharedlibs-symbols"><file>symbols</file> file</qref>
+ or <qref id="sharedlibs-shlibdeps"><file>shlibs</file> file</qref>
+ used to store shared library dependency information and
+ the <file>conffiles</file> file that lists the package's
configuration files (described in <ref id="config-files">).
</p>
</sect>
- <sect>
+ <sect id="dependencies">
<heading>Dependencies</heading>
<p>
</p>
<p>
- Sometimes, a package requires another package to be installed
- <em>and</em> configured before it can be installed. In this
- case, you must specify a <tt>Pre-Depends</tt> entry for
- the package.
+ Sometimes, unpacking one package requires that another package
+ be first unpacked <em>and</em> configured. In this case, the
+ depending package must specify this dependency in
+ the <tt>Pre-Depends</tt> control field.
</p>
<p>
</p>
</item>
- <tag><tt>build-arch</tt> (optional),
- <tt>build-indep</tt> (optional)
+ <tag><tt>build-arch</tt> (required),
+ <tt>build-indep</tt> (required)
</tag>
<item>
<p>
- A package may also provide both of the targets
- <tt>build-arch</tt> and <tt>build-indep</tt>.
- The <tt>build-arch</tt> target, if provided, should
+ The <tt>build-arch</tt> target must
perform all the configuration and compilation required for
producing all architecture-dependant binary packages
(those packages for which the body of the
<tt>Architecture</tt> field in <tt>debian/control</tt> is
not <tt>all</tt>). Similarly, the <tt>build-indep</tt>
- target, if provided, should perform all the configuration
+ target must perform all the configuration
and compilation required for producing all
architecture-independent binary packages (those packages
for which the body of the <tt>Architecture</tt> field
in <tt>debian/control</tt> is <tt>all</tt>).
- The <tt>build</tt> target should depend on those of the
- targets <tt>build-arch</tt> and <tt>build-indep</tt> that
- are provided in the rules file.<footnote>
- The intent of this split is so that binary-only builds
- need not install the dependencies required for
- the <tt>build-indep</tt> target. However, this is not
- yet used in practice since <tt>dpkg-buildpackage
- -B</tt>, and therefore the autobuilders,
- invoke <tt>build</tt> rather than <tt>build-arch</tt>
- due to the difficulties in determining whether the
- optional <tt>build-arch</tt> target exists.
+ The <tt>build</tt> target
+ should either depend on those targets or take the same
+ actions as invoking those targets would perform.<footnote>
+ This split allows binary-only builds to not install the
+ dependencies required for the <tt>build-indep</tt>
+ target and skip any resource-intensive build tasks that
+ are only required when building architecture-independent
+ binary packages.
</footnote>
</p>
- <p>
- If one or both of the targets <tt>build-arch</tt> and
- <tt>build-indep</tt> are not provided, then invoking
- <file>debian/rules</file> with one of the not-provided
- targets as arguments should produce a exit status code
- of 2. Usually this is provided automatically by make
- if the target is missing.
- </p>
-
<p>
The <tt>build-arch</tt> and <tt>build-indep</tt> targets
must not do anything that might require root privilege.
fields<footnote>
The paragraphs are also sometimes referred to as stanzas.
</footnote>.
- The paragraphs are separated by blank lines. Some control
+ The paragraphs are separated by empty lines. Parsers may accept
+ lines consisting solely of spaces and tabs as paragraph
+ separators, but control files should use empty lines. Some control
files allow only one paragraph; others allow several, in
which case each paragraph usually refers to a different
package. (For example, in source packages, the first
paragraph refers to the source package, and later paragraphs
- refer to binary packages generated from the source.)
+ refer to binary packages generated from the source.) The
+ ordering of the paragraphs in control files is significant.
+ </p>
+
+ <p>
+ Each paragraph consists of a series of data fields. Each field
+ consists of the field name followed by a colon and then the
+ data/value associated with that field. The field name is
+ composed of US-ASCII characters excluding control characters,
+ space, and colon (i.e., characters in the ranges 33-57 and
+ 59-126, inclusive). Field names must not begin with the comment
+ character, <tt>#</tt>.
</p>
<p>
- Each paragraph consists of a series of data fields; each
- field consists of the field name, followed by a colon and
- then the data/value associated with that field. It ends at
- the end of the (logical) line. Horizontal whitespace
- (spaces and tabs) may occur immediately before or after the
- value and is ignored there; it is conventional to put a
- single space after the colon. For example, a field might
- be:
+ The field ends at the end of the line or at the end of the last
+ continuation line (see below). Horizontal whitespace (spaces
+ and tabs) may occur immediately before or after the value and is
+ ignored there; it is conventional to put a single space after
+ the colon. For example, a field might be:
<example compact="compact">
Package: libc6
</example>
</p>
<p>
- Many fields' values may span several lines; in this case
- each continuation line must start with a space or a tab.
- Any trailing spaces or tabs at the end of individual
- lines of a field value are ignored.
+ There are three types of fields:
+ <taglist>
+ <tag>simple</tag>
+ <item>
+ The field, including its value, must be a single line. Folding
+ of the field is not permitted. This is the default field type
+ if the definition of the field does not specify a different
+ type.
+ </item>
+ <tag>folded</tag>
+ <item>
+ The value of a folded field is a logical line that may span
+ several lines. The lines after the first are called
+ continuation lines and must start with a space or a tab.
+ Whitespace, including any newlines, is not significant in the
+ field values of folded fields.<footnote>
+ This folding method is similar to RFC 5322, allowing control
+ files that contain only one paragraph and no multiline fields
+ to be read by parsers written for RFC 5322.
+ </footnote>
+ </item>
+ <tag>multiline</tag>
+ <item>
+ The value of a multiline field may comprise multiple continuation
+ lines. The first line of the value, the part on the same line as
+ the field name, often has special significance or may have to be
+ empty. Other lines are added following the same syntax as the
+ continuation lines of the folded fields. Whitespace, including newlines,
+ is significant in the values of multiline fields.
+ </item>
+ </taglist>
</p>
<p>
- In fields where it is specified that lines may not wrap,
- only a single line of data is allowed and whitespace is not
- significant in a field body. Whitespace must not appear
+ Whitespace must not appear
inside names (of packages, architectures, files or anything
else) or version numbers, or between the characters of
multi-character version relationships.
</p>
+ <p>
+ The presence and purpose of a field, and the syntax of its
+ value may differ between types of control files.
+ </p>
+
<p>
Field names are not case-sensitive, but it is usual to
capitalize the field names using mixed case as shown below.
</p>
<p>
- Blank lines, or lines consisting only of spaces and tabs,
- are not allowed within field values or between fields - that
- would mean a new paragraph.
+ Paragraph separators (empty lines) and lines consisting only of
+ spaces and tabs are not allowed within field values or between
+ fields. Empty lines in field values are usually escaped by
+ representing them by a space followed by a dot.
+ </p>
+
+ <p>
+ Lines starting with # without any preceding whitespace are comments
+ lines that are only permitted in source package control files
+ (<file>debian/control</file>). These comment lines are ignored, even
+ between two continuation lines. They do not end logical lines.
</p>
<p>
<item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
<item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
<item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
+ <item><qref id="f-VCS-fields"><tt>Vcs-Browser</tt>, <tt>Vcs-Git</tt>, et al.</qref></item>
</list>
</p>
<item><qref id="binarydeps"><tt>Depends</tt> et al</qref></item>
<item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
<item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
+ <item><qref id="built-using"><tt>Built-Using</tt></qref></item>
</list>
</p>
<file>.changes</file> file to accompany the upload, and by
<prgn>dpkg-source</prgn> when it creates the
<file>.dsc</file> source control file as part of a source
- archive. Many fields are permitted to span multiple lines in
- <file>debian/control</file> but not in any other control
+ archive. Some fields are folded in <file>debian/control</file>,
+ but not in any other control
file. These tools are responsible for removing the line
breaks from such fields when using fields from
<file>debian/control</file> to generate other control files.
when they generate output control files.
See <ref id="substvars"> for details.
</p>
-
- <p>
- In addition to the control file syntax described <qref
- id="controlsyntax">above</qref>, this file may also contain
- comment lines starting with <tt>#</tt> without any preceding
- whitespace. All such lines are ignored, even in the middle of
- continuation lines for a multiline field, and do not end a
- multiline field.
- </p>
-
</sect>
<sect id="binarycontrolfiles">
<item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
<item><qref id="f-Description"><tt>Description</tt></qref> (mandatory)</item>
<item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
+ <item><qref id="built-using"><tt>Built-Using</tt></qref></item>
</list>
</p>
</sect>
<p>
This file consists of a single paragraph, possibly surrounded by
a PGP signature. The fields of that paragraph are listed below.
- Their syntax is described above, in <ref id="pkg-controlfields">.
+ Their syntax is described above, in <ref id="controlsyntax">.
<list compact="compact">
<item><qref id="f-Format"><tt>Format</tt></qref> (mandatory)</item>
<item><qref id="f-Maintainer"><tt>Maintainer</tt></qref> (mandatory)</item>
<item><qref id="f-Uploaders"><tt>Uploaders</tt></qref></item>
<item><qref id="f-Homepage"><tt>Homepage</tt></qref></item>
+ <item><qref id="f-VCS-fields"><tt>Vcs-Browser</tt>, <tt>Vcs-Git</tt>, et al.</qref></item>
<item><qref id="f-Standards-Version"><tt>Standards-Version</tt></qref> (recommended)</item>
<item><qref id="sourcebinarydeps"><tt>Build-Depends</tt> et al</qref></item>
<item><qref id="f-Checksums"><tt>Checksums-Sha1</tt>
- and <tt>Checksums-Sha256</tt></qref> (recommended)</item>
+ and <tt>Checksums-Sha256</tt></qref> (mandatory)</item>
<item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
</list>
</p>
<p>
- The source package control file is generated by
+ The Debian source control file is generated by
<prgn>dpkg-source</prgn> when it builds the source
archive, from other files in the source package,
described above. When unpacking, it is checked against
<item><qref id="f-Closes"><tt>Closes</tt></qref></item>
<item><qref id="f-Changes"><tt>Changes</tt></qref> (mandatory)</item>
<item><qref id="f-Checksums"><tt>Checksums-Sha1</tt>
- and <tt>Checksums-Sha256</tt></qref> (recommended)</item>
+ and <tt>Checksums-Sha256</tt></qref> (mandatory)</item>
<item><qref id="f-Files"><tt>Files</tt></qref> (mandatory)</item>
</list>
</p>
</p>
<p>
- Any parser that interprets the Uploaders field in
- <file>debian/control</file> must permit it to span multiple
- lines. Line breaks in an Uploaders field that spans multiple
- lines are not significant and the semantics of the field are
- the same as if the line breaks had not been present.
+ The Uploaders field in <file>debian/control</file> can be folded.
</p>
</sect1>
</p>
<p>
- In the source package control file <file>.dsc</file>, this
- field may contain either the architecture
- wildcard <tt>any</tt> or a list of architectures and
- architecture wildcards separated by spaces. If a list is
- given, it may include (or consist solely of) the special
+ In the Debian source control file <file>.dsc</file>, this
+ field contains a list of architectures and architecture
+ wildcards separated by spaces. When the list contains the
+ architecture wildcard <tt>any</tt>, the only other value
+ allowed in the list is <tt>all</tt>.
+ </p>
+
+ <p>
+ The list may include (or consist solely of) the special
value <tt>all</tt>. In other words, in <file>.dsc</file>
files unlike the <file>debian/control</file>, <tt>all</tt> may
occur in combination with specific architectures.
- The <tt>Architecture</tt> field in the source package control
+ The <tt>Architecture</tt> field in the Debian source control
file <file>.dsc</file> is generally constructed from
the <tt>Architecture</tt> fields in
the <file>debian/control</file> in the source package.
</p>
<p>
- Specifying <tt>any</tt> indicates that the source package
+ Specifying only <tt>any</tt> indicates that the source package
isn't dependent on any particular architecture and should
compile fine on any one. The produced binary package(s)
- will either be specific to whatever the current build
- architecture is or will be architecture-independent.
+ will be specific to whatever the current build architecture is.
</p>
<p>
Specifying only <tt>all</tt> indicates that the source package
- will only build architecture-independent packages. If this is
- the case, <tt>all</tt> must be used rather than <tt>any</tt>;
- <tt>any</tt> implies that the source package will build at
- least one architecture-dependent package.
+ will only build architecture-independent packages.
+ </p>
+
+ <p>
+ Specifying <tt>any all</tt> indicates that the source package
+ isn't dependent on any particular architecture. The set of
+ produced binary packages will include at least one
+ architecture-dependant package and one architecture-independent
+ package.
</p>
<p>
<p>
This is a boolean field which may occur only in the
control file of a binary package or in a per-package fields
- paragraph of a main source control data file.
+ paragraph of a source package control file.
</p>
<p>
In a source or binary control file, the <tt>Description</tt>
field contains a description of the binary package, consisting
of two parts, the synopsis or the short description, and the
- long description. The field's format is as follows:
+ long description. It is a multiline field with the following
+ format:
</p>
<p>
Those starting with a single space are part of a paragraph.
Successive lines of this form will be word-wrapped when
displayed. The leading space will usually be stripped off.
+ The line must contain at least one non-whitespace character.
</item>
<item>
will be allowed to trail off to the right. None, one or two
initial spaces may be deleted, but the number of spaces
deleted from each line will be the same (so that you can have
- indenting work correctly, for example).
+ indenting work correctly, for example). The line must
+ contain at least one non-whitespace character.
</item>
<item>
field contains a summary of the descriptions for the packages
being uploaded. For this case, the first line of the field
value (the part on the same line as <tt>Description:</tt>) is
- always empty. The content of the field is expressed as
- continuation lines, one line per package. Each line is
+ always empty. It is a multiline field, with one
+ line per package. Each line is
indented by one space and contains the name of a binary
package, a space, a hyphen (<tt>-</tt>), a space, and the
short description line from that package.
<heading><tt>Changes</tt></heading>
<p>
- This field contains the human-readable changes data, describing
+ This multiline field contains the human-readable changes data, describing
the differences between the last version and the current one.
</p>
<heading><tt>Binary</tt></heading>
<p>
- This field is a list of binary packages. Its syntax and
+ This folded field is a list of binary packages. Its syntax and
meaning varies depending on the control file in which it
appears.
</p>
packages which a source package can produce, separated by
commas<footnote>
A space after each comma is conventional.
- </footnote>. It may span multiple lines. The source package
+ </footnote>. The source package
does not necessarily produce all of these binary packages for
every architecture. The source control file doesn't contain
details of which architectures are appropriate for which of
<p>
When it appears in a <file>.changes</file> file, it lists the
names of the binary packages being uploaded, separated by
- whitespace (not commas). It may span multiple lines.
+ whitespace (not commas).
</p>
</sect1>
and <tt>Checksums-Sha256</tt></heading>
<p>
- These fields contain a list of files with a checksum and size
+ These multiline fields contain a list of files with a checksum and size
for each one. Both <tt>Checksums-Sha1</tt>
and <tt>Checksums-Sha256</tt> have the same syntax and differ
only in the checksum algorithm used: SHA-1
</p>
<p>
- In the <file>.dsc</file> file, these fields should list all
+ In the <file>.dsc</file> file, these fields list all
files that make up the source package. In
- the <file>.changes</file> file, these fields should list all
+ the <file>.changes</file> file, these fields list all
files being uploaded. The list of files in these fields
must match the list of files in the <tt>Files</tt> field.
</p>
</sect1>
+
+ <sect1>
+ <heading><tt>DM-Upload-Allowed</tt></heading>
+
+ <p>
+ Obsolete, see <qref id="f-DM-Upload-Allowed">below</qref>.
+ </p>
+ </sect1>
+
+ <sect1 id="f-VCS-fields">
+ <heading>Version Control System (VCS) fields</heading>
+
+ <p>
+ Debian source packages are increasingly developed using VCSs. The
+ purpose of the following fields is to indicate a publicly accessible
+ repository where the Debian source package is developed.
+
+ <taglist>
+ <tag><tt>Vcs-Browser</tt></tag>
+ <item>
+ <p>
+ URL of a web interface for browsing the repository.
+ </p>
+ </item>
+
+ <tag>
+ <tt>Vcs-Arch</tt>, <tt>Vcs-Bzr</tt> (Bazaar), <tt>Vcs-Cvs</tt>,
+ <tt>Vcs-Darcs</tt>, <tt>Vcs-Git</tt>, <tt>Vcs-Hg</tt>
+ (Mercurial), <tt>Vcs-Mtn</tt> (Monotone), <tt>Vcs-Svn</tt>
+ (Subversion)
+ </tag>
+ <item>
+ <p>
+ The field name identifies the VCS. The field's value uses the
+ version control system's conventional syntax for describing
+ repository locations and should be sufficient to locate the
+ repository used for packaging. Ideally, it also locates the
+ branch used for development of new versions of the Debian
+ package.
+ </p>
+ <p>
+ In the case of Git, the value consists of a URL, optionally
+ followed by the word <tt>-b</tt> and the name of a branch in
+ the indicated repository, following the syntax of the
+ <tt>git clone</tt> command. If no branch is specified, the
+ packaging should be on the default branch.
+ </p>
+ <p>
+ More than one different VCS may be specified for the same
+ package.
+ </p>
+ </item>
+ </taglist>
+ </p>
+ </sect1>
</sect>
<sect>
Additional user-defined fields may be added to the
source package control file. Such fields will be
ignored, and not copied to (for example) binary or
- source package control files or upload control files.
+ Debian source control files or upload control files.
</p>
<p>
field name after the hyphen will be used in the output
file. Where the letter <tt>B</tt> is used the field
will appear in binary package control files, where the
- letter <tt>S</tt> is used in source package control
+ letter <tt>S</tt> is used in Debian source control
files and where <tt>C</tt> is used in upload control
(<tt>.changes</tt>) files.
</p>
<example>
XBS-Comment: I stand between the candle and the star.
</example>
- then the binary and source package control files will contain the
+ then the binary and Debian source control files will contain the
field
<example>
Comment: I stand between the candle and the star.
</sect>
+ <sect id="obsolete-control-data-fields">
+ <heading>Obsolete fields</heading>
+
+ <p>
+ The following fields have been obsoleted and may be found in packages
+ conforming with previous versions of the Policy.
+ </p>
+
+ <sect1 id="f-DM-Upload-Allowed">
+ <heading><tt>DM-Upload-Allowed</tt></heading>
+
+ <p>
+ Indicates that Debian Maintainers may upload this package to
+ the Debian archive. The only valid value is <tt>yes</tt>. This
+ field was used to regulate uploads by Debian Maintainers, See the
+ General Resolution <url id="http://www.debian.org/vote/2007/vote_003"
+ name="Endorse the concept of Debian Maintainers"> for more details.
+ </p>
+ </sect1>
+
+ </sect>
+
</chapt>
<p>
Broadly speaking the <prgn>preinst</prgn> is called before
- (a particular version of) a package is installed, and the
+ (a particular version of) a package is unpacked, and the
<prgn>postinst</prgn> afterwards; the <prgn>prerm</prgn>
before (a version of) a package is removed and the
<prgn>postrm</prgn> afterwards.
</heading>
<p>
- <list compact="compact">
- <item>
- <var>new-preinst</var> <tt>install</tt>
- </item>
- <item>
- <var>new-preinst</var> <tt>install</tt> <var>old-version</var>
- </item>
- <item>
- <var>new-preinst</var> <tt>upgrade</tt> <var>old-version</var>
- </item>
- <item>
- <var>old-preinst</var> <tt>abort-upgrade</tt>
- <var>new-version</var>
- </item>
- </list>
+ What follows is a summary of all the ways in which maintainer
+ scripts may be called along with what facilities those scripts
+ may rely on being available at that time. Script names preceded
+ by <var>new-</var> are the scripts from the new version of a
+ package being installed, upgraded to, or downgraded to. Script
+ names preceded by <var>old-</var> are the scripts from the old
+ version of a package that is being upgraded from or downgraded
+ from.
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>postinst</var> <tt>configure</tt>
- <var>most-recently-configured-version</var>
- </item>
- <item>
- <var>old-postinst</var> <tt>abort-upgrade</tt>
- <var>new-version</var>
- </item>
- <item>
- <var>conflictor's-postinst</var> <tt>abort-remove</tt>
- <tt>in-favour</tt> <var>package</var>
- <var>new-version</var>
- </item>
+ The <prgn>preinst</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>new-preinst</var> <tt>install</tt></tag>
+ <tag><var>new-preinst</var> <tt>install</tt>
+ <var>old-version</var></tag>
+ <tag><var>new-preinst</var> <tt>upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>postinst</var> <tt>abort-remove</tt>
+ The package will not yet be unpacked, so
+ the <prgn>preinst</prgn> script cannot rely on any files
+ included in its package. Only essential packages and
+ pre-dependencies (<tt>Pre-Depends</tt>) may be assumed to be
+ available. Pre-dependencies will have been configured at
+ least once, but at the time the <prgn>preinst</prgn> is
+ called they may only be in an unpacked or "Half-Configured"
+ state if a previous version of the pre-dependency was
+ completely configured and has not been removed since then.
</item>
+
+ <tag><var>old-preinst</var> <tt>abort-upgrade</tt>
+ <var>new-version</var></tag>
<item>
- <var>deconfigured's-postinst</var>
- <tt>abort-deconfigure</tt> <tt>in-favour</tt>
- <var>failed-install-package</var> <var>version</var>
- [<tt>removing</tt> <var>conflicting-package</var>
- <var>version</var>]
+ Called during error handling of an upgrade that failed after
+ unpacking the new package because the <tt>postrm
+ upgrade</tt> action failed. The unpacked files may be
+ partly from the new version or partly missing, so the script
+ cannot rely on files included in the package. Package
+ dependencies may not be available. Pre-dependencies will be
+ at least unpacked following the same rules as above, except
+ they may be only "Half-Installed" if an upgrade of the
+ pre-dependency failed.<footnote>
+ This can happen if the new version of the package no
+ longer pre-depends on a package that had been partially
+ upgraded.
+ </footnote>
</item>
- </list>
+ </taglist>
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>prerm</var> <tt>remove</tt>
- </item>
- <item>
- <var>old-prerm</var> <tt>upgrade</tt>
- <var>new-version</var>
- </item>
- <item>
- <var>new-prerm</var> <tt>failed-upgrade</tt>
- <var>old-version</var>
- </item>
+ The <prgn>postinst</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>postinst</var> <tt>configure</tt>
+ <var>most-recently-configured-version</var></tag>
<item>
- <var>conflictor's-prerm</var> <tt>remove</tt>
- <tt>in-favour</tt> <var>package</var>
- <var>new-version</var>
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be unpacked. If there
+ are no circular dependencies involved, all package
+ dependencies will be configured. For behavior in the case
+ of circular dependencies, see the discussion
+ in <ref id="binarydeps">.
</item>
+
+ <tag><var>old-postinst</var> <tt>abort-upgrade</tt>
+ <var>new-version</var></tag>
+ <tag><var>conflictor's-postinst</var> <tt>abort-remove</tt>
+ <tt>in-favour</tt> <var>package</var>
+ <var>new-version</var></tag>
+ <tag><var>postinst</var> <tt>abort-remove</tt></tag>
+ <tag><var>deconfigured's-postinst</var>
+ <tt>abort-deconfigure</tt> <tt>in-favour</tt>
+ <var>failed-install-package</var> <var>version</var>
+ [<tt>removing</tt> <var>conflicting-package</var>
+ <var>version</var>]</tag>
<item>
- <var>deconfigured's-prerm</var> <tt>deconfigure</tt>
- <tt>in-favour</tt> <var>package-being-installed</var>
- <var>version</var> [<tt>removing</tt>
- <var>conflicting-package</var>
- <var>version</var>]
+ The files contained in the package will be unpacked. All
+ package dependencies will at least be "Half-Installed" and
+ will have previously been configured and not removed.
+ However, dependencies may not be configured or even fully
+ unpacked in some error situations.<footnote>
+ For example, suppose packages foo and bar are installed
+ with foo depending on bar. If an upgrade of bar were
+ started and then aborted, and then an attempt to remove
+ foo failed because its <prgn>prerm</prgn> script failed,
+ foo's <tt>postinst abort-remove</tt> would be called with
+ bar only "Half-Installed".
+ </footnote>
+ The <prgn>postinst</prgn> should still attempt any actions
+ for which its dependencies are required, since they will
+ normally be available, but consider the correct error
+ handling approach if those actions fail. Aborting
+ the <prgn>postinst</prgn> action if commands or facilities
+ from the package dependencies are not available is often the
+ best approach.
</item>
- </list>
+ </taglist>
+ </p>
<p>
- <list compact="compact">
- <item>
- <var>postrm</var> <tt>remove</tt>
- </item>
- <item>
- <var>postrm</var> <tt>purge</tt>
- </item>
- <item>
- <var>old-postrm</var> <tt>upgrade</tt>
- <var>new-version</var>
- </item>
+ The <prgn>prerm</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>prerm</var> <tt>remove</tt></tag>
+ <tag><var>old-prerm</var>
+ <tt>upgrade</tt><var>new-version</var></tag>
+ <tag><var>conflictor's-prerm</var> <tt>remove</tt>
+ <tt>in-favour</tt> <var>package</var>
+ <var>new-version</var></tag>
+ <tag><var>deconfigured's-prerm</var> <tt>deconfigure</tt>
+ <tt>in-favour</tt> <var>package-being-installed</var>
+ <var>version</var> [<tt>removing</tt>
+ <var>conflicting-package</var> <var>version</var>]</tag>
<item>
- <var>new-postrm</var> <tt>failed-upgrade</tt>
- <var>old-version</var>
+ The package whose <prgn>prerm</prgn> is being called will be
+ at least "Half-Installed". All package dependencies will at
+ least be "Half-Installed" and will have previously been
+ configured and not removed. If there was no error, all
+ dependencies will at least be unpacked, but these actions
+ may be called in various error states where dependencies are
+ only "Half-Installed" due to a partial upgrade.
</item>
+
+ <tag><var>new-prerm</var> <tt>failed-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-install</tt>
+ Called during error handling when <tt>prerm upgrade</tt>
+ fails. The new package will not yet be unpacked, and all
+ the same constraints as for <tt>preinst upgrade</tt> apply.
</item>
+ </taglist>
+ </p>
+
+ <p>
+ The <prgn>postrm</prgn> script may be called in the following
+ ways:
+ <taglist>
+ <tag><var>postrm</var> <tt>remove</tt></tag>
+ <tag><var>postrm</var> <tt>purge</tt></tag>
+ <tag><var>old-postrm</var> <tt>upgrade</tt>
+ <var>new-version</var></tag>
+ <tag><var>disappearer's-postrm</var> <tt>disappear</tt>
+ <var>overwriter</var> <var>overwriter-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-install</tt>
- <var>old-version</var>
+ The <prgn>postrm</prgn> script is called after the package's
+ files have been removed or replaced. The package
+ whose <prgn>postrm</prgn> is being called may have
+ previously been deconfigured and only be unpacked, at which
+ point subsequent package changes do not consider its
+ dependencies. Therefore, all <prgn>postrm</prgn> actions
+ may only rely on essential packages and must gracefully skip
+ any actions that require the package's dependencies if those
+ dependencies are unavailable.<footnote>
+ This is often done by checking whether the command or
+ facility the <prgn>postrm</prgn> intends to call is
+ available before calling it. For example:
+<example>
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+fi
+</example>
+ in <prgn>postrm</prgn> purges the <prgn>debconf</prgn>
+ configuration for the package
+ if <package>debconf</package> is installed.
+ </footnote>
</item>
+
+ <tag><var>new-postrm</var> <tt>failed-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>new-postrm</var> <tt>abort-upgrade</tt>
- <var>old-version</var>
+ Called when the old <tt>postrm upgrade</tt> action fails.
+ The new package will be unpacked, but only essential
+ packages and pre-dependencies can be relied on.
+ Pre-dependencies will either be configured or will be
+ "Unpacked" or "Half-Configured" but previously had been
+ configured and was never removed.
</item>
+
+ <tag><var>new-postrm</var> <tt>abort-install</tt></tag>
+ <tag><var>new-postrm</var> <tt>abort-install</tt>
+ <var>old-version</var></tag>
+ <tag><var>new-postrm</var> <tt>abort-upgrade</tt>
+ <var>old-version</var></tag>
<item>
- <var>disappearer's-postrm</var> <tt>disappear</tt>
- <var>overwriter</var>
- <var>overwriter-version</var>
+ Called before unpacking the new package as part of the
+ error handling of <prgn>preinst</prgn> failures. May assume
+ the same state as <prgn>preinst</prgn> can assume.
</item>
- </list>
+ </taglist>
</p>
-
+ </sect>
<sect id="unpackphase">
<heading>Details of unpack phase of installation or upgrade</heading>
behavior which, though deterministic, is hard for the
system administrator to understand. It can easily
lead to "missing" programs if, for example, a package
- is installed which overwrites a file from another
+ is unpacked which overwrites a file from another
package, and is then removed again.<footnote>
Part of the problem is due to what is arguably a
bug in <prgn>dpkg</prgn>.
If there was a conflicting package we go and do the
removal actions (described below), starting with the
removal of the conflicting package's files (any that
- are also in the package being installed have already
+ are also in the package being unpacked have already
been removed from the conflicting package's file list,
and so do not get removed now).
</item>
<p>
The relations allowed are <tt><<</tt>, <tt><=</tt>,
- <tt>=</tt>, <tt>>=</tt> and <tt>>></tt> for
- strictly earlier, earlier or equal, exactly equal, later or
- equal and strictly later, respectively. The deprecated
- forms <tt><</tt> and <tt>></tt> were used to mean
- earlier/later or equal, rather than strictly earlier/later,
- so they should not appear in new packages (though
- <prgn>dpkg</prgn> still supports them).
+ <tt>=</tt>, <tt>>=</tt> and <tt>>></tt> for strictly
+ earlier, earlier or equal, exactly equal, later or equal and
+ strictly later, respectively. The deprecated
+ forms <tt><</tt> and <tt>></tt> were confusingly used to
+ mean earlier/later or equal, rather than strictly earlier/later,
+ and must not appear in new packages (though <prgn>dpkg</prgn>
+ still supports them with a warning).
</p>
<p>
specification subject to the rules in <ref
id="controlsyntax">, and must appear where it's necessary to
disambiguate; it is not otherwise significant. All of the
- relationship fields may span multiple lines. For
+ relationship fields can only be folded in source package control files. For
consistency and in case of future changes to
<prgn>dpkg</prgn> it is recommended that a single space be
used after a version relationship and before a version
number; it is also conventional to put a single space after
each comma, on either side of each vertical bar, and before
- each open parenthesis. When wrapping a relationship field, it
+ each open parenthesis. When opening a continuation line in a relationship field, it
is conventional to do so after a comma and before the space
following that comma.
</p>
Relationships may be restricted to a certain set of
architectures. This is indicated in brackets after each
individual package name and the optional version specification.
- The brackets enclose a list of Debian architecture names
+ The brackets enclose a non-empty list of Debian architecture names
+ in the format described in <ref id="arch-spec">,
separated by whitespace. Exclamation marks may be prepended to
each of the names. (It is not permitted for some names to be
prepended with exclamation marks while others aren't.)
</p>
<p>
- For binary relationship fields, the architecture restriction
+ For binary relationship fields and the <tt>Built-Using</tt>
+ field, the architecture restriction
syntax is only supported in the source package control
file <file>debian/control</file>. When the corresponding binary
package control file is generated, the relationship will either
<p>
Relationships may also be restricted to a certain set of
- architectures using architecture wildcards. The syntax for
+ architectures using architecture wildcards in the format
+ described in <ref id="arch-wildcard-spec">. The syntax for
declaring such restrictions is the same as declaring
restrictions using a certain set of architectures without
architecture wildcards. For example:
</p>
<p>
- For this reason packages in an installation run are usually
- all unpacked first and all configured later; this gives
- later versions of packages with dependencies on later
- versions of other packages the opportunity to have their
- dependencies satisfied.
+ Since <tt>Depends</tt> only places requirements on the order in
+ which packages are configured, packages in an installation run
+ are usually all unpacked first and all configured later.
+ <footnote>
+ This approach makes dependency resolution easier. If two
+ packages A and B are being upgraded, the installed package A
+ depends on exactly the installed package B, and the new
+ package A depends on exactly the new package B (a common
+ situation when upgrading shared libraries and their
+ corresponding development packages), satisfying the
+ dependencies at every stage of the upgrade would be
+ impossible. This relaxed restriction means that both new
+ packages can be unpacked together and then configured in their
+ dependency order.
+ </footnote>
</p>
- <p>
- In case of circular dependencies, since installation or
- removal order honoring the dependency order can't be
- established, dependency loops are broken at some point
- (based on rules below), and some packages may not be able to
- rely on their dependencies being present when being
- installed or removed, depending on which side of the break
- of the circular dependency loop they happen to be on. If one
- of the packages in the loop has no postinst script, then the
- cycle will be broken at that package, so as to ensure that
- all postinst scripts run with the dependencies properly
- configured if this is possible. Otherwise the breaking point
- is arbitrary.
- </p>
-
<p>
- The <tt>Depends</tt> field thus allows package maintainers
- to impose an order in which packages should be configured.
+ If there is a circular dependency among packages being installed
+ or removed, installation or removal order honoring the
+ dependency order is impossible, requiring the dependency loop be
+ broken at some point and the dependency requirements violated
+ for at least one package. Packages involved in circular
+ dependencies may not be able to rely on their dependencies being
+ configured before they themselves are configured, depending on
+ which side of the break of the circular dependency loop they
+ happen to be on. If one of the packages in the loop has
+ no <prgn>postinst</prgn> script, then the cycle will be broken
+ at that package; this ensures that all <prgn>postinst</prgn>
+ scripts are run with their dependencies properly configured if
+ this is possible. Otherwise the breaking point is arbitrary.
+ Packages should therefore avoid circular dependencies where
+ possible, particularly if they have <prgn>postinst</prgn>
+ scripts.
</p>
<p>
This declares an absolute dependency. A package will
not be configured unless all of the packages listed in
its <tt>Depends</tt> field have been correctly
- configured.
+ configured (unless there is a circular dependency as
+ described above).
</p>
<p>
<p>
The <tt>Depends</tt> field should also be used if the
- <prgn>postinst</prgn>, <prgn>prerm</prgn> or
- <prgn>postrm</prgn> scripts require the package to be
- present in order to run. Note, however, that the
- <prgn>postrm</prgn> cannot rely on any non-essential
- packages to be present during the <tt>purge</tt>
- phase.
+ <prgn>postinst</prgn> or <prgn>prerm</prgn> scripts
+ require the depended-on package to be unpacked or
+ configured in order to run. In the case of <tt>postinst
+ configure</tt>, the depended-on packages will be unpacked
+ and configured first. (If both packages are involved in a
+ dependency loop, this might not work as expected; see the
+ explanation a few paragraphs back.) In the case
+ of <prgn>prerm</prgn> or other <prgn>postinst</prgn>
+ actions, the package dependencies will normally be at
+ least unpacked, but they may be only "Half-Installed" if a
+ previous upgrade of the dependency failed.
+ </p>
+
+ <p>
+ Finally, the <tt>Depends</tt> field should be used if the
+ depended-on package is needed by the <prgn>postrm</prgn>
+ script to fully clean up after the package removal. There
+ is no guarantee that package dependencies will be
+ available when <prgn>postrm</prgn> is run, but the
+ depended-on package is more likely to be available if the
+ package declares a dependency (particularly in the case
+ of <tt>postrm remove</tt>). The <prgn>postrm</prgn>
+ script must gracefully skip actions that require a
+ dependency if that dependency isn't available.
+ </p>
</item>
<tag><tt>Recommends</tt></tag>
</p>
<p>
- When the package declaring a pre-dependency is about
- to be <em>configured</em>, the pre-dependency will be
- treated as a normal <tt>Depends</tt>, that is, it will
- be considered satisfied only if the depended-on
- package has been correctly configured.
+ When the package declaring a pre-dependency is about to
+ be <em>configured</em>, the pre-dependency will be treated
+ as a normal <tt>Depends</tt>. It will be considered
+ satisfied only if the depended-on package has been
+ correctly configured. However, unlike
+ with <tt>Depends</tt>, <tt>Pre-Depends</tt> does not
+ permit circular dependencies to be broken. If a circular
+ dependency is encountered while attempting to honor
+ <tt>Pre-Depends</tt>, the installation will be aborted.
+ </p>
+
+ <p>
+ <tt>Pre-Depends</tt> are also required if the
+ <prgn>preinst</prgn> script depends on the named package.
+ It is best to avoid this situation if possible.
</p>
<p>
</p>
<p>
- <tt>Pre-Depends</tt> are also required if the
- <prgn>preinst</prgn> script depends on the named
- package. It is best to avoid this situation if
- possible.
+ You should not specify a <tt>Pre-Depends</tt> entry for a
+ package before this has been discussed on the
+ <tt>debian-devel</tt> mailing list and a consensus about
+ doing that has been reached. See <ref id="dependencies">.
</p>
</item>
</taglist>
<p>
When one binary package declares that it breaks another,
<prgn>dpkg</prgn> will refuse to allow the package which
- declares <tt>Breaks</tt> be installed unless the broken
+ declares <tt>Breaks</tt> to be unpacked unless the broken
package is deconfigured first, and it will refuse to
allow the broken package to be reconfigured.
</p>
<heading>Conflicting binary packages - <tt>Conflicts</tt></heading>
<p>
- When one binary package declares a conflict with another
- using a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will
- refuse to allow them to be installed on the system at the
- same time. This is a stronger restriction than <tt>Breaks</tt>,
- which just prevents both packages from being configured at the
- same time. Conflicting packages cannot be unpacked on the
- system at the same time.
+ When one binary package declares a conflict with another using
+ a <tt>Conflicts</tt> field, <prgn>dpkg</prgn> will refuse to
+ allow them to be unpacked on the system at the same time. This
+ is a stronger restriction than <tt>Breaks</tt>, which prevents
+ the broken package from being configured while the breaking
+ package is in the "Unpacked" state but allows both packages to
+ be unpacked at the same time.
</p>
<p>
- If one package is to be installed, the other must be removed
- first. If the package being installed is marked as replacing
+ If one package is to be unpacked, the other must be removed
+ first. If the package being unpacked is marked as replacing
(see <ref id="replaces">, but note that <tt>Breaks</tt> should
normally be used in this case) the one on the system, or the one
on the system is marked as deselected, or both packages are
<item>when two packages provide the same file and will
continue to do so,</item>
<item>in conjunction with <tt>Provides</tt> when only one
- package providing a given virtual facility may be installed
+ package providing a given virtual facility may be unpacked
at a time (see <ref id="virtual">),</item>
<item>in other cases where one must prevent simultaneous
installation of two packages for reasons that are ongoing
Conflicts: mail-transport-agent
Replaces: mail-transport-agent
</example>
- ensuring that only one MTA can be installed at any one
+ ensuring that only one MTA can be unpacked at any one
time. See <ref id="virtual"> for more information about this
example.
</sect1>
</taglist>
</p>
</sect>
+
+ <sect id="built-using">
+ <heading>Additional source packages used to build the binary
+ - <tt>Built-Using</tt>
+ </heading>
+
+ <p>
+ Some binary packages incorporate parts of other packages when built
+ but do not have to depend on those packages. Examples include
+ linking with static libraries or incorporating source code from
+ another package during the build. In this case, the source packages
+ of those other packages are a required part of the complete source
+ (the binary package is not reproducible without them).
+ </p>
+
+ <p>
+ A <tt>Built-Using</tt> field must list the corresponding source
+ package for any such binary package incorporated during the build
+ <footnote>
+ <tt>Build-Depends</tt> in the source package is not adequate since
+ it (rightfully) does not document the exact version used in the
+ build.
+ </footnote>,
+ including an "exactly equal" ("=") version relation on the version
+ that was used to build that binary package<footnote>
+ The archive software might reject packages that refer to
+ non-existent sources.
+ </footnote>.
+ </p>
+
+ <p>
+ A package using the source code from the gcc-4.6-source
+ binary package built from the gcc-4.6 source package would
+ have this field in its control file:
+ <example compact="compact">
+Built-Using: gcc-4.6 (= 4.6.0-11)
+ </example>
+ </p>
+
+ <p>
+ A package including binaries from grub2 and loadlin would
+ have this field in its control file:
+ <example compact="compact">
+Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
+ </example>
+ </p>
+ </sect>
</chapt>
be placed in a package named
<package><var>libraryname</var><var>soversion</var></package>,
where <var>soversion</var> is the version number in
- the <tt>SONAME</tt> of the shared library.
- See <ref id="shlibs"> for detailed information on how to
- determine this version. Alternatively, if it would be confusing
- to directly append <var>soversion</var>
- to <var>libraryname</var> (if, for example, <var>libraryname</var>
- itself ends in a number), you should use
+ the <tt>SONAME</tt> of the shared library. Alternatively, if it
+ would be confusing to directly append <var>soversion</var>
+ to <var>libraryname</var> (if, for
+ example, <var>libraryname</var> itself ends in a number), you
+ should use
<package><var>libraryname</var>-<var>soversion</var></package>
instead.
</p>
+ <p>
+ To determine the <var>soversion</var>, look at
+ the <tt>SONAME</tt> of the library, stored in the
+ ELF <tt>SONAME</tt> attribute. It is usually of the
+ form <tt><var>name</var>.so.<var>major-version</var></tt> (for
+ example, <tt>libz.so.1</tt>). The version part is the part
+ which comes after <tt>.so.</tt>, so in that example it
+ is <tt>1</tt>. The soname may instead be of the
+ form <tt><var>name</var>-<var>major-version</var>.so</tt>, such
+ as <tt>libdb-5.1.so</tt>, in which case the name would
+ be <tt>libdb</tt> and the version would be <tt>5.1</tt>.
+ </p>
+
<p>
If you have several shared libraries built from the same source
tree, you may lump them all together into a single shared
linked against the old shared library. Correct versioning of
dependencies on the newer shared library by binaries that use
the new interfaces is handled via
- the <qref id="sharedlibs-shlibdeps"><tt>shlibs</tt>
- system</qref> or via symbols files (see
- <manref name="deb-symbols" section="5">).
+ the <qref id="sharedlibs-depends"><tt>symbols</tt>
+ or <tt>shlibs</tt> system</qref>.
</p>
<p>
<footnote>
<p>
During install or upgrade, the preinst is called before
- the new files are installed, so calling "ldconfig" is
+ the new files are unpacked, so calling "ldconfig" is
pointless. The preinst of an existing package can also be
called if an upgrade fails. However, this happens during
the critical time when a shared libs may exist on-disk
<ref id="conflicts">) to ensure that the user only installs one
development version at a time (as different development versions are
likely to have the same header files in them, which would cause a
- filename clash if both were installed).
+ filename clash if both were unpacked).
</p>
<p>
</p>
</sect>
- <sect id="sharedlibs-shlibdeps">
- <heading>Dependencies between the library and other packages -
- the <tt>shlibs</tt> system</heading>
+ <sect id="sharedlibs-depends">
+ <heading>Dependencies between the library and other
+ packages</heading>
<p>
If a package contains a binary or library which links to a
- shared library, we must ensure that when the package is
- installed on the system, all of the libraries needed are
- also installed. This requirement led to the creation of the
- <tt>shlibs</tt> system, which is very simple in its design:
- any package which <em>provides</em> a shared library also
- provides information on the package dependencies required to
- ensure the presence of this library, and any package which
- <em>uses</em> a shared library uses this information to
- determine the dependencies it requires. The files which
- contain the mapping from shared libraries to the necessary
- dependency information are called <file>shlibs</file> files.
- </p>
-
- <p>
- When a package is built which contains any shared libraries, it
- must provide a <file>shlibs</file> file for other packages to
- use. When a package is built which contains any shared
- libraries or compiled binaries, it must run
- <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>
- on these to determine the libraries used and hence the
- dependencies needed by this package.<footnote>
- <p>
+ shared library, we must ensure that, when the package is
+ installed on the system, all of the libraries needed are also
+ installed. These dependencies must be added to the binary
+ package when it is built, since they may change based on which
+ version of a shared library the binary or library was linked
+ with even if there are no changes to the source of the binary
+ (for example, symbol versions change, macros become functions or
+ vice versa, or the binary package may determine at compile-time
+ whether new library interfaces are available and can be called).
+ To allow these dependencies to be constructed, shared libraries
+ must provide either a <file>symbols</file> file or
+ a <file>shlibs</file> file. These provide information on the
+ package dependencies required to ensure the presence of
+ interfaces provided by this library. Any package with binaries
+ or libraries linking to a shared library must use these files to
+ determine the required dependencies when it is built. Other
+ packages which use a shared library (for example using
+ <tt>dlopen()</tt>) should compute appropriate dependencies
+ using these files at build time as well.
+ </p>
+
+ <p>
+ The two mechanisms differ in the degree of detail that they
+ provide. A <file>symbols</file> file documents, for each symbol
+ exported by a library, the minimal version of the package any
+ binary using this symbol will need. This is typically the
+ version of the package in which the symbol was introduced. This
+ information permits detailed analysis of the symbols used by a
+ particular package and construction of an accurate dependency,
+ but it requires the package maintainer to track more information
+ about the shared library.
+ </p>
+
+ <p>
+ A <file>shlibs</file> file, in contrast, only documents the last
+ time the library ABI changed in any way. It only provides
+ information about the library as a whole, not individual
+ symbols. When a package is built using a shared library with
+ only a <file>shlibs</file> file, the generated dependency will
+ require a version of the shared library equal to or newer than
+ the version of the last ABI change. This generates
+ unnecessarily restrictive dependencies compared
+ to <file>symbols</file> files if none of the symbols used by the
+ package have changed. This, in turn, may make upgrades
+ needlessly complex and unnecessarily restrict use of the package
+ on systems with older versions of the shared libraries.
+ </p>
+
+ <p>
+ <file>shlibs</file> files also only support a limited range of
+ library SONAMEs, making it difficult to use <file>shlibs</file>
+ files in some unusual corner cases.<footnote>
+ A <file>shlibs</file> file represents an SONAME as a library
+ name and version number, such as <tt>libfoo VERSION</tt>,
+ instead of recording the actual SONAME. If the SONAME doesn't
+ match one of the two expected formats
+ (<tt>libfoo-VERSION.so</tt> or <tt>libfoo.so.VERSION</tt>), it
+ cannot be represented.
+ </footnote>
+ </p>
+
+ <p>
+ <file>symbols</file> files are therefore recommended for most
+ shared library packages since they provide more accurate
+ dependencies. For most C libraries, the additional detail
+ required by <file>symbols</file> files is not too difficult to
+ maintain. However, maintaining exhaustive symbols information
+ for a C++ library can be quite onerous, so <file>shlibs</file>
+ files may be more appropriate for most C++ libraries. Libraries
+ with a corresponding udeb must also provide
+ a <file>shlibs</file> file, since the udeb infrastructure does
+ not use <file>symbols</file> files.
+ </p>
+
+ <sect1 id="dpkg-shlibdeps">
+ <heading>Generating dependencies on shared libraries</heading>
+
+ <p>
+ When a package that contains any shared libraries or compiled
+ binaries is built, it must run <prgn>dpkg-shlibdeps</prgn> on
+ each shared library and compiled binary to determine the
+ libraries used and hence the dependencies needed by the
+ package.<footnote>
<prgn>dpkg-shlibdeps</prgn> will use a program
like <prgn>objdump</prgn> or <prgn>readelf</prgn> to find
- the libraries directly needed by the binaries or shared
- libraries in the package.
- </p>
+ the libraries and the symbols in those libraries directly
+ needed by the binaries or shared libraries in the package.
+ </footnote>
+ To do this, put a call to <prgn>dpkg-shlibdeps</prgn> into
+ your <file>debian/rules</file> file in the source package.
+ List all of the compiled binaries, libraries, or loadable
+ modules in your package.<footnote>
+ The easiest way to call <prgn>dpkg-shlibdeps</prgn>
+ correctly is to use a package helper framework such
+ as <package>debhelper</package>. If you are
+ using <package>debhelper</package>,
+ the <prgn>dh_shlibdeps</prgn> program will do this work for
+ you. It will also correctly handle multi-binary packages.
+ </footnote>
+ <prgn>dpkg-shlibdeps</prgn> will use the <file>symbols</file>
+ or <file>shlibs</file> files installed by the shared libraries
+ to generate dependency information. The package must then
+ provide a substitution variable into which the discovered
+ dependency information can be placed.
+ </p>
+
+ <p>
+ If you are creating a udeb for use in the Debian Installer,
+ you will need to specify that <prgn>dpkg-shlibdeps</prgn>
+ should use the dependency line of type <tt>udeb</tt> by adding
+ the <tt>-tudeb</tt> option<footnote>
+ <prgn>dh_shlibdeps</prgn> from the <tt>debhelper</tt> suite
+ will automatically add this option if it knows it is
+ processing a udeb.
+ </footnote>. If there is no dependency line of
+ type <tt>udeb</tt> in the <file>shlibs</file>
+ file, <prgn>dpkg-shlibdeps</prgn> will fall back to the
+ regular dependency line.
+ </p>
+
+ <p>
+ <prgn>dpkg-shlibdeps</prgn> puts the dependency information
+ into the <file>debian/substvars</file> file by default, which
+ is then used by <prgn>dpkg-gencontrol</prgn>. You will need
+ to place a <tt>${shlibs:Depends}</tt> variable in
+ the <tt>Depends</tt> field in the control file of every binary
+ package built by this source package that contains compiled
+ binaries, libraries, or loadable modules. If you have
+ multiple binary packages, you will need to
+ call <prgn>dpkg-shlibdeps</prgn> on each one which contains
+ compiled libraries or binaries. For example, you could use
+ the <tt>-T</tt> option to the <tt>dpkg</tt> utilities to
+ specify a different <file>substvars</file> file for each
+ binary package.<footnote>
+ Again, <prgn>dh_shlibdeps</prgn>
+ and <prgn>dh_gencontrol</prgn> will handle everything except
+ the addition of the variable to the control file for you if
+ you're using <package>debhelper</package>, including
+ generating separate <file>substvars</file> files for each
+ binary package and calling <prgn>dpkg-gencontrol</prgn> with
+ the appropriate flags.
+ </footnote>
+ </p>
- <p>
- We say that a binary <tt>foo</tt> <em>directly</em> uses
- a library <tt>libbar</tt> if it is explicitly linked
- with that library (that is, the library is listed in the ELF
- <tt>NEEDED</tt> attribute, caused by adding <tt>-lbar</tt>
- to the link line when the binary is created). Other
- libraries that are needed by <tt>libbar</tt> are linked
- <em>indirectly</em> to <tt>foo</tt>, and the dynamic
- linker will load them automatically when it loads
- <tt>libbar</tt>. A package should depend on the libraries
- it directly uses, but not the libraries it indirectly uses.
- The dependencies for those libraries will automatically pull
- in the other libraries.
- </p>
+ <p>
+ For more details on <prgn>dpkg-shlibdeps</prgn>,
+ see <manref name="dpkg-shlibdeps" section="1">.
+ </p>
- <p>
+ <p>
+ We say that a binary <tt>foo</tt> <em>directly</em> uses a
+ library <tt>libbar</tt> if it is explicitly linked with that
+ library (that is, the library is listed in the
+ ELF <tt>NEEDED</tt> attribute, caused by adding <tt>-lbar</tt>
+ to the link line when the binary is created). Other libraries
+ that are needed by <tt>libbar</tt> are
+ linked <em>indirectly</em> to <tt>foo</tt>, and the dynamic
+ linker will load them automatically when it
+ loads <tt>libbar</tt>. A package should depend on the
+ libraries it directly uses, but not the libraries it only uses
+ indirectly. The dependencies for the libraries used
+ directly will automatically pull in the indirectly-used
+ libraries. <prgn>dpkg-shlibdeps</prgn> will handle this logic
+ automatically, but package maintainers need to be aware of
+ this distinction between directly and indirectly using a
+ library if they have to override its results for some reason.
+ <footnote>
A good example of where this helps is the following. We
could update <tt>libimlib</tt> with a new version that
- supports a new graphics format called dgf (but retaining the
- same major version number) and depends on <tt>libdgf</tt>.
- If we used <prgn>ldd</prgn> to add dependencies for every
- library directly or indirectly linked with a binary, every
- package that uses <tt>libimlib</tt> would need to be
- recompiled so it would also depend on <tt>libdgf</tt> or it
- wouldn't run due to missing symbols. Since dependencies are
- only added based on ELF <tt>NEEDED</tt> attribute, packages
+ supports a new revision of a graphics format called dgf (but
+ retaining the same major version number) and depends on a
+ new library package <package>libdgf4</package> instead of
+ the older <package>libdgf3</package>. If we
+ used <prgn>ldd</prgn> to add dependencies for every library
+ directly or indirectly linked with a binary, every package
+ that uses <tt>libimlib</tt> would need to be recompiled so
+ it would also depend on <package>libdgf4</package> in order
+ to retire the older <package>libdgf3</package> package.
+ Since dependencies are only added based on
+ ELF <tt>NEEDED</tt> attribute, packages
using <tt>libimlib</tt> can rely on <tt>libimlib</tt> itself
- having the dependency on <tt>libdgf</tt> and so they would
- not need rebuilding.
- </p>
- </footnote>
- </p>
+ having the dependency on an appropriate version
+ of <tt>libdgf</tt> and do not need rebuilding.
+ </footnote>
+ </p>
+ </sect1>
- <p>
- In the following sections, we will first describe where the
- various <tt>shlibs</tt> files are to be found, then how to
- use <prgn>dpkg-shlibdeps</prgn>, and finally the <tt>shlibs</tt>
- file format and how to create them if your package contains a
- shared library.
- </p>
+ <sect1 id="sharedlibs-updates">
+ <heading>Shared library ABI changes</heading>
+
+ <p>
+ Maintaining a shared library package using
+ either <file>symbols</file> or <file>shlibs</file> files
+ requires being aware of the exposed ABI of the shared library
+ and any changes to it. Both <file>symbols</file>
+ and <file>shlibs</file> files record every change to the ABI
+ of the shared library; <file>symbols</file> files do so per
+ public symbol, whereas <file>shlibs</file> files record only
+ the last change for the entire library.
+ </p>
+
+ <p>
+ There are two types of ABI changes: ones that are
+ backward-compatible and ones that are not. An ABI change is
+ backward-compatible if any reasonable program or library that
+ was linked with the previous version of the shared library
+ will still work correctly with the new version of the shared
+ library.<footnote>
+ An example of an "unreasonable" program is one that uses
+ library interfaces that are documented as internal and
+ unsupported. If the only programs or libraries affected by
+ a change are "unreasonable" ones, other techniques, such as
+ declaring <tt>Breaks</tt> relationships with affected
+ packages or treating their usage of the library as bugs in
+ those packages, may be appropriate instead of changing the
+ SONAME. However, the default approach is to change the
+ SONAME for any change to the ABI that could break a program.
+ </footnote>
+ Adding new symbols to the shared library is a
+ backward-compatible change. Removing symbols from the shared
+ library is not. Changing the behavior of a symbol may or may
+ not be backward-compatible depending on the change; for
+ example, changing a function to accept a new enum constant not
+ previously used by the library is generally
+ backward-compatible, but changing the members of a struct that
+ is passed into library functions is generally not unless the
+ library takes special precautions to accept old versions of
+ the data structure.
+ </p>
+
+ <p>
+ ABI changes that are not backward-compatible normally require
+ changing the <tt>SONAME</tt> of the library and therefore the
+ shared library package name, which forces rebuilding all
+ packages using that shared library to update their
+ dependencies and allow them to use the new version of the
+ shared library. For more information,
+ see <ref id="sharedlibs-runtime">. The remainder of this
+ section will deal with backward-compatible changes.
+ </p>
+
+ <p>
+ Backward-compatible changes require either updating or
+ recording the <var>minimal-version</var> for that symbol
+ in <file>symbols</file> files or updating the version in
+ the <var>dependencies</var> in <file>shlibs</file> files. For
+ more information on how to do this in the two formats, see
+ <ref id="symbols"> and <ref id="shlibs">. Below are general
+ rules that apply to both files.
+ </p>
+
+ <p>
+ The easy case is when a public symbol is added. Simply add
+ the version at which the symbol was introduced
+ (for <file>symbols</file> files) or update the dependency
+ version (for <file>shlibs</file>) files. But special care
+ should be taken to update dependency versions when the
+ behavior of a public symbol changes. This is easy to neglect,
+ since there is no automated method of determining such
+ changes, but failing to update versions in this case may
+ result in binary packages with too-weak dependencies that will
+ fail at runtime, possibly in ways that can cause security
+ vulnerabilities. If the package maintainer believes that a
+ symbol behavior change may have occurred but isn't sure, it's
+ safer to update the version rather than leave it unmodified.
+ This may result in unnecessarily strict dependencies, but it
+ ensures that packages whose dependencies are satisfied will
+ work properly.
+ </p>
+
+ <p>
+ A common example of when a change to the dependency version
+ is required is a function that takes an enum or struct
+ argument that controls what the function does. For example:
+ <example>
+ enum library_op { OP_FOO, OP_BAR };
+ int library_do_operation(enum library_op);
+ </example>
+ If a new operation, <tt>OP_BAZ</tt>, is added,
+ the <var>minimal-version</var>
+ of <tt>library_do_operation</tt> (for <file>symbols</file>
+ files) or the version in the dependency for the shared library
+ (for <file>shlibs</file> files) must be increased to the
+ version at which <tt>OP_BAZ</tt> was introduced. Otherwise, a
+ binary built against the new version of the library (having
+ detected at compile-time that the library
+ supports <tt>OP_BAZ</tt>) may be installed with a shared
+ library that doesn't support <tt>OP_BAZ</tt> and will fail at
+ runtime when it tries to pass <tt>OP_BAZ</tt> into this
+ function.
+ </p>
+
+ <p>
+ Dependency versions in either <file>symbols</file>
+ or <file>shlibs</file> files normally should not contain the
+ Debian revision of the package, since the library behavior is
+ normally fixed for a particular upstream version and any
+ Debian packaging of that upstream version will have the same
+ behavior. In the rare case that the library behavior was
+ changed in a particular Debian revision, appending <tt>~</tt>
+ to the end of the version that includes the Debian revision is
+ recommended, since this allows backports of the shared library
+ package using the normal backport versioning convention to
+ satisfy the dependency.
+ </p>
+ </sect1>
- <sect1>
- <heading>The <tt>shlibs</tt> files present on the system</heading>
+ <sect1 id="sharedlibs-symbols">
+ <heading>The <tt>symbols</tt> system</heading>
- <p>
- There are several places where <tt>shlibs</tt> files are
- found. The following list gives them in the order in which
- they are read by
- <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>.
- (The first one which gives the required information is used.)
- </p>
+ In the following sections, we will first describe where the
+ various <file>symbols</file> files are to be found, then
+ the <file>symbols</file> file format, and finally how to
+ create <file>symbols</file> files if your package contains a
+ shared library.
+ </p>
- <p>
- <list>
- <item>
- <p><file>debian/shlibs.local</file></p>
+ <sect2 id="symbols-paths">
+ <heading>The <file>symbols</file> files present on the
+ system</heading>
- <p>
- This lists overrides for this package. This file should
- normally not be used, but may be needed temporarily in
- unusual situations to work around bugs in other packages,
- or in unusual cases where the normally declared dependency
- information in the installed <file>shlibs</file> file for
- a library cannot be used. This file overrides information
- obtained from any other source.
- </p>
- </item>
+ <p>
+ <file>symbols</file> files for a shared library are normally
+ provided by the shared library package as a control file,
+ but there are several override paths that are checked first
+ in case that information is wrong or missing. The following
+ list gives them in the order in which they are read
+ by <prgn>dpkg-shlibdeps</prgn> The first one that contains
+ the required information is used.
+ <list>
+ <item>
+ <p><file>debian/*/DEBIAN/symbols</file></p>
+
+ <p>
+ During the package build, if the package itself
+ contains shared libraries with <file>symbols</file>
+ files, they will be generated in these staging
+ directories by <prgn>dpkg-gensymbols</prgn>
+ (see <ref id="providing-symbols">). <file>symbols</file>
+ files found in the build tree take precedence
+ over <file>symbols</file> files from other binary
+ packages.
+ </p>
+
+ <p>
+ These files must exist
+ before <prgn>dpkg-shlibdeps</prgn> is run or the
+ dependencies of binaries and libraries from a source
+ package on other libraries from that same source
+ package will not be correct. In practice, this means
+ that <prgn>dpkg-gensymbols</prgn> must be run
+ before <prgn>dpkg-shlibdeps</prgn> during the package
+ build.<footnote>
+ An example may clarify. Suppose the source
+ package <tt>foo</tt> generates two binary
+ packages, <tt>libfoo2</tt> and <tt>foo-runtime</tt>.
+ When building the binary packages, the contents of
+ the packages are staged in the
+ directories <file>debian/libfoo2</file>
+ and <file>debian/foo-runtime</file> respectively.
+ (<file>debian/tmp</file> could be used instead of
+ one of these.) Since <tt>libfoo2</tt> provides
+ the <tt>libfoo</tt> shared library, it will contain
+ a <tt>symbols</tt> file, which will be installed
+ in <file>debian/libfoo2/DEBIAN/symbols</file>,
+ eventually to be included as a control file in that
+ package. When <prgn>dpkg-shlibdeps</prgn> is run on
+ the
+ executable <file>debian/foo-runtime/usr/bin/foo-prog</file>,
+ it will examine
+ the <file>debian/libfoo2/DEBIAN/symbols</file> file
+ to determine whether <tt>foo-prog</tt>'s library
+ dependencies are satisfied by any of the libraries
+ provided by <tt>libfoo2</tt>. Since those binaries
+ were linked against the just-built shared library as
+ part of the build process, the <file>symbols</file>
+ file for the newly-built <tt>libfoo2</tt> must take
+ precedence over a <file>symbols</file> file for any
+ other <tt>libfoo2</tt> package already installed on
+ the system.
+ </footnote>
+ </p>
+ </item>
- <item>
- <p><file>/etc/dpkg/shlibs.override</file></p>
+ <item>
+ <p>
+ <file>/etc/dpkg/symbols/<var>package</var>.symbols.<var>arch</var></file>
+ and <file>/etc/dpkg/symbols/<var>package</var>.symbols</file>
+ </p>
+
+ <p>
+ Per-system overrides of shared library dependencies.
+ These files normally do not exist. They are
+ maintained by the local system administrator and must
+ not be created by any Debian package.
+ </p>
+ </item>
- <p>
- This lists global overrides. This list is normally
- empty. It is maintained by the local system
- administrator.
- </p>
- </item>
+ <item>
+ <p><file>symbols</file> control files for packages
+ installed on the system</p>
+
+ <p>
+ The <file>symbols</file> control files for all the
+ packages currently installed on the system are
+ searched last. This will be the most common source of
+ shared library dependency information. These are
+ normally found
+ in <file>/var/lib/dpkg/info/*.symbols</file>, but
+ packages should not rely on this and instead should
+ use <tt>dpkg-query --control-path <var>package</var>
+ symbols</tt> if for some reason these files need to be
+ examined.
+ </p>
+ </item>
+ </list>
+ </p>
- <item>
- <p><file>DEBIAN/shlibs</file> files in the "build directory"</p>
+ <p>
+ Be aware that if a <file>debian/shlibs.local</file> exists
+ in the source package, it will override
+ any <file>symbols</file> files. This is the only case where
+ a <file>shlibs</file> is used despite <file>symbols</file>
+ files being present. See <ref id="shlibs-paths">
+ and <ref id="sharedlibs-shlibdeps"> for more information.
+ </p>
+ </sect2>
- <p>
- When packages are being built,
- any <file>debian/shlibs</file> files are copied into the
- control information file area of the temporary build
- directory and given the name <file>shlibs</file>. These
- files give details of any shared libraries included in the
- same package.<footnote>
- An example may help here. Let us say that the source
- package <tt>foo</tt> generates two binary
- packages, <tt>libfoo2</tt> and <tt>foo-runtime</tt>.
- When building the binary packages, the two packages are
- created in the directories <file>debian/libfoo2</file>
- and <file>debian/foo-runtime</file> respectively.
- (<file>debian/tmp</file> could be used instead of one of
- these.) Since <tt>libfoo2</tt> provides the
- <tt>libfoo</tt> shared library, it will require a
- <tt>shlibs</tt> file, which will be installed in
- <file>debian/libfoo2/DEBIAN/shlibs</file>, eventually to
- become <file>/var/lib/dpkg/info/libfoo2.shlibs</file>.
- When <prgn>dpkg-shlibdeps</prgn> is run on the
- executable <file>debian/foo-runtime/usr/bin/foo-prog</file>,
- it will examine
- the <file>debian/libfoo2/DEBIAN/shlibs</file> file to
- determine whether <tt>foo-prog</tt>'s library
- dependencies are satisfied by any of the libraries
- provided by <tt>libfoo2</tt>. For this reason,
- <prgn>dpkg-shlibdeps</prgn> must only be run once all of
- the individual binary packages' <tt>shlibs</tt> files
- have been installed into the build directory.
- </footnote>
- </p>
- </item>
+ <sect2 id="symbols">
+ <heading>The <file>symbols</file> File Format</heading>
- <item>
- <p><file>/var/lib/dpkg/info/*.shlibs</file></p>
+ <p>
+ The following documents the format of
+ the <file>symbols</file> control file as included in binary
+ packages. These files are built from
+ template <file>symbols</file> files in the source package
+ by <prgn>dpkg-gensymbols</prgn>. The template files support
+ a richer syntax that allows <prgn>dpkg-gensymbols</prgn> to
+ do some of the tedious work involved in
+ maintaining <file>symbols</file> files, such as handling C++
+ symbols or optional symbols that may not exist on particular
+ architectures. When writing <file>symbols</file> files for
+ a shared library package, refer
+ to <manref name="dpkg-gensymbols" section="1"> for the
+ richer syntax.
+ </p>
- These are the <file>shlibs</file> files corresponding to
- all of the packages installed on the system, and are
- maintained by the relevant package maintainers.
- </p>
- </item>
+ <p>
+ A <file>symbols</file> may contain one or more entries, one
+ for each shared library contained in the package
+ corresponding to that <file>symbols</file>. Each entry has
+ the following format:
+ </p>
- <item>
- <p><file>/etc/dpkg/shlibs.default</file></p>
+ <p>
+ <example>
+ <var>library-soname</var> <var>main-dependency-template</var>
+ [| <var>alternative-dependency-template</var>]
+ [...]
+ [* <var>field-name</var>: <var>field-value</var>]
+ [...]
+ <var>symbol</var> <var>minimal-version</var>[ <var>id-of-dependency-template</var> ]
+ </example>
+ </p>
- <p>
- This file lists any shared libraries whose packages
- have failed to provide correct <file>shlibs</file> files.
- It was used when the <file>shlibs</file> setup was first
- introduced, but it is now normally empty. It is
- maintained by the <tt>dpkg</tt> maintainer.
- </p>
- </item>
- </list>
- </p>
- </sect1>
+ <p>
+ To explain this format, we'll use the the <tt>zlib1g</tt>
+ package as an example, which (at the time of writing)
+ installs the shared
+ library <file>/usr/lib/libz.so.1.2.3.4</file>. Mandatory
+ lines will be described first, followed by optional lines.
+ </p>
- <sect1>
- <heading>How to use <prgn>dpkg-shlibdeps</prgn> and the
- <file>shlibs</file> files</heading>
+ <p>
+ <var>library-soname</var> must contain exactly the value of
+ the ELF <tt>SONAME</tt> attribute of the shared library. In
+ our example, this is <tt>libz.so.1</tt>.<footnote>
+ This can be determined by using the command
+ <example compact="compact">
+ readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME
+ </example>
+ </footnote>
+ </p>
- <p>
- Put a call to
- <qref id="pkg-dpkg-shlibdeps"><prgn>dpkg-shlibdeps</prgn></qref>
- into your <file>debian/rules</file> file. If your package
- contains only compiled binaries and libraries (but no scripts),
- you can use a command such as:
- <example compact="compact">
-dpkg-shlibdeps debian/tmp/usr/bin/* debian/tmp/usr/sbin/* \
- debian/tmp/usr/lib/*
- </example>
- Otherwise, you will need to explicitly list the compiled
- binaries and libraries.<footnote>
- If you are using <tt>debhelper</tt>, the
- <prgn>dh_shlibdeps</prgn> program will do this work for you.
- It will also correctly handle multi-binary packages.
- </footnote>
- </p>
+ <p>
+ <var>main-dependency-template</var> has the same syntax as a
+ dependency field in a binary package control file, except
+ that the string <tt>#MINVER#</tt> is replaced by a version
+ restriction like <tt>(>= <var>version</var>)</tt> or by
+ nothing if an unversioned dependency is deemed sufficient.
+ The version restriction will be based on which symbols from
+ the shared library are referenced and the version at which
+ they were introduced (see below). In nearly all
+ cases, <var>main-dependency-template</var> will
+ be <tt><var>package</var> #MINVER#</tt>,
+ where <var>package</var> is the name of the binary package
+ containing the shared library. This adds a simple,
+ possibly-versioned dependency on the shared library package.
+ In some rare cases, such as when multiple packages provide
+ the same shared library ABI, the dependency template may
+ need to be more complex.
+ </p>
- <p>
- This command puts the dependency information into the
- <file>debian/substvars</file> file, which is then used by
- <prgn>dpkg-gencontrol</prgn>. You will need to place a
- <tt>${shlibs:Depends}</tt> variable in the <tt>Depends</tt>
- field in the control file for this to work.
- </p>
+ In our example, the first line of
+ the <tt>zlib1g</tt> <file>symbols</file> file would be:
+ <example compact="compact">
+ libz.so.1 zlib1g #MINVER#
+ </example>
+ </p>
- <p>
- If you have multiple binary packages, you will need to call
- <prgn>dpkg-shlibdeps</prgn> on each one which contains
- compiled libraries or binaries. In such a case, you will
- need to use the <tt>-T</tt> option to the <tt>dpkg</tt>
- utilities to specify a different <file>substvars</file> file.
- </p>
+ <p>
+ Each public symbol exported by the shared library must have
+ a corresponding symbol line, indented by one
+ space. <var>symbol</var> is the exported symbol (which, for
+ C++, means the mangled symbol) followed by <tt>@</tt> and
+ the symbol version, or the string <tt>Base</tt> if there is
+ no symbol version. <var>minimal-version</var> is the most
+ recent version of the shared library that changed the
+ behavior of that symbol, whether by adding it, changing its
+ function signature (the parameters, their types, or the
+ return type), or changing its behavior in a way that is
+ visible to a caller.
+ <var>id-of-dependency-template</var> is an optional
+ field that references
+ an <var>alternative-dependency-template</var>; see below for
+ a full description.
+ </p>
- <p>
- If you are creating a udeb for use in the Debian Installer,
- you will need to specify that <prgn>dpkg-shlibdeps</prgn>
- should use the dependency line of type <tt>udeb</tt> by
- adding the <tt>-tudeb</tt> option<footnote>
- <prgn>dh_shlibdeps</prgn> from the <tt>debhelper</tt> suite
- will automatically add this option if it knows it is
- processing a udeb.
- </footnote>. If there is no dependency line of
- type <tt>udeb</tt> in the <file>shlibs</file>
- file, <prgn>dpkg-shlibdeps</prgn> will fall back to the regular
- dependency line.
- </p>
+ <p>
+ For example, <tt>libz.so.1</tt> contains the
+ symbols <tt>compress</tt>
+ and <tt>compressBound</tt>. <tt>compress</tt> has no symbol
+ version and last changed its behavior in upstream
+ version <tt>1:1.1.4</tt>. <tt>compressBound</tt> has the
+ symbol version <tt>ZLIB_1.2.0</tt>, was introduced in
+ upstream version <tt>1:1.2.0</tt>, and has not changed its
+ behavior. Its <file>symbols</file> file therefore contains
+ the lines:
+ <example compact="compact">
+ compress@Base 1:1.1.4
+ compressBound@ZLIB_1.2.0 1:1.2.0
+ </example>
+ Packages using only <tt>compress</tt> would then get a
+ dependency on <tt>zlib1g (>= 1:1.1.4)</tt>, but packages
+ using <tt>compressBound</tt> would get a dependency
+ on <tt>zlib1g (>= 1:1.2.0)</tt>.
+ </p>
- <p>
- For more details on <prgn>dpkg-shlibdeps</prgn>, please see
- <ref id="pkg-dpkg-shlibdeps"> and
- <manref name="dpkg-shlibdeps" section="1">.
- </p>
- </sect1>
+ <p>
+ One or more <var>alternative-dependency-template</var> lines
+ may be provided. These are used in cases where some symbols
+ in the shared library should use one dependency template
+ while others should use a different template. The
+ alternative dependency templates are used only if a symbol
+ line contains the <var>id-of-dependency-template</var>
+ field. The first alternative dependency template is
+ numbered 1, the second 2, and so forth.<footnote>
+ An example of where this may be needed is with a library
+ that implements the libGL interface. All GL
+ implementations provide the same set of base interfaces,
+ and then may provide some additional interfaces only used
+ by programs that require that specific GL implementation.
+ So, for example, libgl1-mesa-glx may use the
+ following <file>symbols</file> file:
+ <example>
+ libGL.so.1 libgl1
+ | libgl1-mesa-glx #MINVER#
+ publicGlSymbol@Base 6.3-1
+ [...]
+ implementationSpecificSymbol@Base 6.5.2-7 1
+ [...]
+ </example>
+ Binaries or shared libraries using
+ only <tt>publicGlSymbol</tt> would depend only
+ on <tt>libgl1</tt> (which may be provided by multiple
+ packages), but ones
+ using <tt>implementationSpecificSymbol</tt> would get a
+ dependency on <tt>libgl1-mesa-glx (>= 6.5.2-7)</tt>
+ </footnote>
+ </p>
- <sect1 id="shlibs">
- <heading>The <file>shlibs</file> File Format</heading>
+ <p>
+ Finally, the entry for the library may contain one or more
+ metadata fields. Currently, the only
+ supported <var>field-name</var>
+ is <tt>Build-Depends-Package</tt>, whose value lists
+ the <qref id="sharedlibs-dev">library development
+ package</qref> on which packages using this shared library
+ declare a build dependency. If this field is
+ present, <prgn>dpkg-shlibdeps</prgn> uses it to ensure that
+ the resulting binary package dependency on the shared
+ library is at least as strict as the source package
+ dependency on the shared library development
+ package.<footnote>
+ This field should normally not be necessary, since if the
+ behavior of any symbol has changed, the corresponding
+ symbol <var>minimal-version</var> should have been
+ increased. But including it makes the <tt>symbols</tt>
+ system more robust by tightening the dependency in cases
+ where the package using the shared library specifically
+ requires at least a particular version of the shared
+ library development package for some reason.
+ </footnote>
+ For our example, the <tt>zlib1g</tt> <file>symbols</file>
+ file would contain:
+ <example compact="compact">
+ * Build-Depends-Package: zlib1g-dev
+ </example>
+ </p>
- <p>
- Each <file>shlibs</file> file has the same format. Lines
- beginning with <tt>#</tt> are considered to be comments and
- are ignored. Each line is of the form:
- <example compact="compact">
-[<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
- </example>
- </p>
+ <p>
+ Also see <manref name="deb-symbols" section="5">.
+ </p>
+ </sect2>
- <p>
- We will explain this by reference to the example of the
- <tt>zlib1g</tt> package, which (at the time of writing)
- installs the shared library <file>/usr/lib/libz.so.1.1.3</file>.
- </p>
+ <sect2 id="providing-symbols">
+ <heading>Providing a <file>symbols</file> file</heading>
- <p>
- <var>type</var> is an optional element that indicates the type
- of package for which the line is valid. The only type currently
- in use is <tt>udeb</tt>. The colon and space after the type are
- required.
- </p>
+ <p>
+ If your package provides a shared library, you should
+ arrange to include a <file>symbols</file> control file
+ following the format described above in that package. You
+ must include either a <file>symbols</file> control file or
+ a <file>shlibs</file> control file.
+ </p>
- <p>
- <var>library-name</var> is the name of the shared library,
- in this case <tt>libz</tt>. (This must match the name part
- of the soname, see below.)
- </p>
+ <p>
+ Normally, this is done by creating a <file>symbols</file> in
+ the source package
+ named <file>debian/<var>package</var>.symbols</file>
+ or <file>debian/symbols</file>, possibly
+ with <file>.<var>arch</var></file> appended if the symbols
+ information varies by architecture. This file may use the
+ extended syntax documented in <manref name="dpkg-gensymbols"
+ section="1">. Then, call <prgn>dpkg-gensymbols</prgn> as
+ part of the package build process. It will
+ create <file>symbols</file> files in the package staging
+ area based on the binaries and libraries in the package
+ staging area and the <file>symbols</file> files in the
+ source package.<footnote>
+ If you are
+ using <tt>debhelper</tt>, <prgn>dh_makeshlibs</prgn> will
+ take care of calling either <prgn>dpkg-gensymbols</prgn>
+ or generating a <file>shlibs</file> file as appropriate.
+ </footnote>
+ </p>
- <p>
- <var>soname-version</var> is the version part of the soname of
- the library. The soname is the thing that must exactly match
- for the library to be recognized by the dynamic linker, and is
- usually of the form
- <tt><var>name</var>.so.<var>major-version</var></tt>, in our
- example, <tt>libz.so.1</tt>.<footnote>
- This can be determined using the command
- <example compact="compact">
-objdump -p /usr/lib/libz.so.1.1.3 | grep SONAME
- </example>
- </footnote>
- The version part is the part which comes after
- <tt>.so.</tt>, so in our case, it is <tt>1</tt>. The soname may
- instead be of the form
- <tt><var>name</var>-<var>major-version</var>.so</tt>, such
- as <tt>libdb-4.8.so</tt>, in which case the name would
- be <tt>libdb</tt> and the version would be <tt>4.8</tt>.
- </p>
+ <p>
+ Packages that provide <file>symbols</file> files must keep
+ them up-to-date to ensure correct dependencies in packages
+ that use the shared libraries. This means updating
+ the <file>symbols</file> file whenever a new public symbol
+ is added, changing the <var>minimal-version</var> field
+ whenever a symbol changes behavior or signature in a
+ backward-compatible way (see <ref id="sharedlibs-updates">),
+ and changing the <var>library-soname</var>
+ and <var>main-dependency-template</var>, and probably all of
+ the <var>minimal-version</var> fields, when the library
+ changes <tt>SONAME</tt>. Removing a public symbol from
+ the <file>symbols</file> file because it's no longer
+ provided by the library normally requires changing
+ the <tt>SONAME</tt> of the library.
+ See <ref id="sharedlibs-runtime"> for more information
+ on <tt>SONAME</tt>s.
+ </p>
+ </sect2>
+ </sect1>
- <p>
- <var>dependencies</var> has the same syntax as a dependency
- field in a binary package control file. It should give
- details of which packages are required to satisfy a binary
- built against the version of the library contained in the
- package. See <ref id="depsyntax"> for details.
- </p>
+ <sect1 id="sharedlibs-shlibdeps">
+ <heading>The <tt>shlibs</tt> system</heading>
- <p>
- In our example, if the first version of the <tt>zlib1g</tt>
- package which contained a minor number of at least
- <tt>1.3</tt> was <var>1:1.1.3-1</var>, then the
- <tt>shlibs</tt> entry for this library could say:
- <example compact="compact">
-libz 1 zlib1g (>= 1:1.1.3)
- </example>
- The version-specific dependency is to avoid warnings from
- the dynamic linker about using older shared libraries with
- newer binaries.
- </p>
+ <p>
+ The <tt>shlibs</tt> system is a simpler alternative to
+ the <tt>symbols</tt> system for declaring dependencies for
+ shared libraries. It may be more appropriate for C++
+ libraries and other cases where tracking individual symbols is
+ too difficult. It predated the <tt>symbols</tt> system and is
+ therefore frequently seen in older packages. It is also
+ required for udebs, which do not support <tt>symbols</tt>.
+ </p>
- <p>
- As zlib1g also provides a udeb containing the shared library,
- there would also be a second line:
- <example compact="compact">
-udeb: libz 1 zlib1g-udeb (>= 1:1.1.3)
- </example>
- </p>
- </sect1>
+ <p>
+ In the following sections, we will first describe where the
+ various <file>shlibs</file> files are to be found, then how to
+ use <prgn>dpkg-shlibdeps</prgn>, and finally
+ the <file>shlibs</file> file format and how to create them.
+ </p>
- <sect1>
- <heading>Providing a <file>shlibs</file> file</heading>
+ <sect2 id="shlibs-paths">
+ <heading>The <file>shlibs</file> files present on the
+ system</heading>
- <p>
- If your package provides a shared library, you need to create
- a <file>shlibs</file> file following the format described above.
- It is usual to call this file <file>debian/shlibs</file> (but if
- you have multiple binary packages, you might want to call it
- <file>debian/shlibs.<var>package</var></file> instead). Then
- let <file>debian/rules</file> install it in the control
- information file area:
- <example compact="compact">
-install -m644 debian/shlibs debian/tmp/DEBIAN
- </example>
- or, in the case of a multi-binary package:
- <example compact="compact">
-install -m644 debian/shlibs.<var>package</var> debian/<var>package</var>/DEBIAN/shlibs
- </example>
- An alternative way of doing this is to create the
- <file>shlibs</file> file in the control information file area
- directly from <file>debian/rules</file> without using
- a <file>debian/shlibs</file> file at all,<footnote>
- This is what <prgn>dh_makeshlibs</prgn> in
- the <package>debhelper</package> suite does. If your package
- also has a udeb that provides a shared
- library, <prgn>dh_makeshlibs</prgn> can automatically generate
- the <tt>udeb:</tt> lines if you specify the name of the udeb
- with the <tt>--add-udeb</tt> option.
- </footnote>
- since the <file>debian/shlibs</file> file itself is ignored by
- <prgn>dpkg-shlibdeps</prgn>.
- </p>
+ <p>
+ There are several places where <tt>shlibs</tt> files are
+ found. The following list gives them in the order in which
+ they are read by <prgn>dpkg-shlibdeps</prgn>. (The first
+ one which gives the required information is used.)
+ <list>
+ <item>
+ <p><file>debian/shlibs.local</file></p>
+
+ <p>
+ This lists overrides for this package. This file
+ should normally not be used, but may be needed
+ temporarily in unusual situations to work around bugs
+ in other packages, or in unusual cases where the
+ normally declared dependency information in the
+ installed <file>shlibs</file> file for a library
+ cannot be used. This file overrides information
+ obtained from any other source.
+ </p>
+ </item>
- <p>
- As <prgn>dpkg-shlibdeps</prgn> reads the
- <file>DEBIAN/shlibs</file> files in all of the binary packages
- being built from this source package, all of the
- <file>DEBIAN/shlibs</file> files should be installed before
- <prgn>dpkg-shlibdeps</prgn> is called on any of the binary
- packages.
- </p>
- </sect1>
+ <item>
+ <p><file>/etc/dpkg/shlibs.override</file></p>
+
+ <p>
+ This lists global overrides. This list is normally
+ empty. It is maintained by the local system
+ administrator.
+ </p>
+ </item>
+
+ <item>
+ <p><file>DEBIAN/shlibs</file> files in the "build
+ directory"</p>
+
+ <p>
+ These files are generated as part of the package build
+ process and staged for inclusion as control files in
+ the binary packages being built. They provide details
+ of any shared libraries included in the same package.
+ </p>
+ </item>
+
+ <item>
+ <p><file>shlibs</file> control files for packages
+ installed on the system</p>
+
+ <p>
+ The <file>shlibs</file> control files for all the
+ packages currently installed on the system. These are
+ normally found
+ in <file>/var/lib/dpkg/info/*.symbols</file>, but
+ packages should not rely on this and instead should
+ use <tt>dpkg-query --control-path <var>package</var>
+ shlibs</tt> if for some reason these files need to be
+ examined.
+ </p>
+ </item>
+
+ <item>
+ <p><file>/etc/dpkg/shlibs.default</file></p>
+
+ <p>
+ This file lists any shared libraries whose packages
+ have failed to provide correct <file>shlibs</file>
+ files. It was used when the <file>shlibs</file> setup
+ was first introduced, but it is now normally empty.
+ It is maintained by the <tt>dpkg</tt> maintainer.
+ </p>
+ </item>
+ </list>
+ </p>
+
+ <p>
+ If a <file>symbols</file> file for a shared library package
+ is available, <prgn>dpkg-shlibdeps</prgn> will always use it
+ in preference to a <file>shlibs</file>, with the exception
+ of <file>debian/shlibs.local</file>. The latter overrides
+ any other <file>shlibs</file> or <file>symbols</file> files.
+ </p>
+ </sect2>
+
+ <sect2 id="shlibs">
+ <heading>The <file>shlibs</file> File Format</heading>
+
+ <p>
+ Each <file>shlibs</file> file has the same format. Lines
+ beginning with <tt>#</tt> are considered to be comments and
+ are ignored. Each line is of the form:
+ <example compact="compact">
+ [<var>type</var>: ]<var>library-name</var> <var>soname-version</var> <var>dependencies ...</var>
+ </example>
+ </p>
+
+ <p>
+ We will explain this by reference to the example of the
+ <tt>zlib1g</tt> package, which (at the time of writing)
+ installs the shared
+ library <file>/usr/lib/libz.so.1.2.3.4</file>.
+ </p>
+
+ <p>
+ <var>type</var> is an optional element that indicates the
+ type of package for which the line is valid. The only type
+ currently in use is <tt>udeb</tt>. The colon and space
+ after the type are required.
+ </p>
+
+ <p>
+ <var>library-name</var> is the name of the shared library,
+ in this case <tt>libz</tt>. (This must match the name part
+ of the soname, see below.)
+ </p>
+
+ <p>
+ <var>soname-version</var> is the version part of the
+ ELF <tt>SONAME</tt> attribute of the library, determined the
+ same way that the <var>soversion</var> component of the
+ recommended shared library package name is determined.
+ See <ref id="sharedlibs-runtime"> for the details.
+ </p>
+
+ <p>
+ <var>dependencies</var> has the same syntax as a dependency
+ field in a binary package control file. It should give
+ details of which packages are required to satisfy a binary
+ built against the version of the library contained in the
+ package. See <ref id="depsyntax"> for details on the
+ syntax, and <ref id="sharedlibs-updates"> for details on how
+ to maintain the dependency version constraint.
+ </p>
+
+ <p>
+ In our example, if the last change to the <tt>zlib1g</tt>
+ package that could change behavior for a client of that
+ library was in version <tt>1:1.2.3.3.dfsg-1</tt>, then
+ the <tt>shlibs</tt> entry for this library could say:
+ <example compact="compact">
+ libz 1 zlib1g (>= 1:1.2.3.3.dfsg)
+ </example>
+ This version restriction must be new enough that any binary
+ built against the current version of the library will work
+ with any version of the shared library that satisfies that
+ dependency.
+ </p>
+
+ <p>
+ As zlib1g also provides a udeb containing the shared
+ library, there would also be a second line:
+ <example compact="compact">
+ udeb: libz 1 zlib1g-udeb (>= 1:1.2.3.3.dfsg)
+ </example>
+ </p>
+ </sect2>
+
+ <sect2>
+ <heading>Providing a <file>shlibs</file> file</heading>
+
+ <p>
+ To provide a <file>shlibs</file> file for a shared library
+ binary package, create a <file>shlibs</file> file following
+ the format described above and place it in
+ the <file>DEBIAN</file> directory for that package during
+ the build. It will then be included as a control file for
+ that package<footnote>
+ This is what <prgn>dh_makeshlibs</prgn> in
+ the <package>debhelper</package> suite does. If your
+ package also has a udeb that provides a shared
+ library, <prgn>dh_makeshlibs</prgn> can automatically
+ generate the <tt>udeb:</tt> lines if you specify the name
+ of the udeb with the <tt>--add-udeb</tt> option.
+ </footnote>.
+ </p>
+
+ <p>
+ Since <prgn>dpkg-shlibdeps</prgn> reads
+ the <file>DEBIAN/shlibs</file> files in all of the binary
+ packages being built from this source package, all of
+ the <file>DEBIAN/shlibs</file> files should be installed
+ before <prgn>dpkg-shlibdeps</prgn> is called on any of the
+ binary packages.
+ </p>
+ </sect2>
+ </sect1>
</sect>
</chapt>
<heading>File System Structure</heading>
<p>
- The location of all installed files and directories must
- comply with the Filesystem Hierarchy Standard (FHS),
- version 2.3, with the exceptions noted below, and except
- where doing so would violate other terms of Debian
- Policy. The following exceptions to the FHS apply:
+ The location of all files and directories must comply with the
+ Filesystem Hierarchy Standard (FHS), version 2.3, with the
+ exceptions noted below, and except where doing so would
+ violate other terms of Debian Policy. The following
+ exceptions to the FHS apply:
<enumlist>
<item>
<file>/lib/<var>triplet</var></file> and
<file>/usr/lib/<var>triplet</var></file>, where
<tt><var>triplet</var></tt> is the value returned by
- <tt>dpkg-architecture -qDEB_HOST_GNU_TYPE</tt> for the
+ <tt>dpkg-architecture -qDEB_HOST_MULTIARCH</tt> for the
architecture of the package. Packages may <em>not</em>
install files to any <var>triplet</var> path other
than the one matching the architecture of that package;
for instance, an <tt>Architecture: amd64</tt> package
containing 32-bit x86 libraries may not install these
- libraries to <file>/usr/lib/i486-linux-gnu</file>.
+ libraries to <file>/usr/lib/i386-linux-gnu</file>.
<footnote>
This is necessary in order to reserve the directories for
use in cross-installation of library packages from other
symlinked there, is relaxed to a recommendation.
</p>
</item>
+ <item>
+ <p>
+ The additional directory <file>/run</file> in the root
+ file system is allowed. <file>/run</file>
+ replaces <file>/var/run</file>, and the
+ subdirectory <file>/run/lock</file>
+ replaces <file>/var/lock</file>, with
+ the <file>/var</file> directories replaced by symlinks
+ for backwards compatibility. <file>/run</file>
+ and <file>/run/lock</file> must follow all of the
+ requirements in the FHS for <file>/var/run</file>
+ and <file>/var/lock</file>, respectively, such as file
+ naming conventions, file format requirements, or the
+ requirement that files be cleared during the boot
+ process. Files and directories residing
+ in <file>/run</file> should be stored on a temporary
+ file system.
+ </p>
+ <p>
+ Packages must not assume the <file>/run</file>
+ directory exists or is usable without a dependency
+ on <tt>initscripts (>= 2.88dsf-13.3)</tt> until the
+ stable release of Debian supports <file>/run</file>.
+ </p>
+ </item>
<item>
<p>
The following directories in the root filesystem are
For example, the <tt>emacsen-common</tt> package could
contain something like
<example compact="compact">
-if [ ! -e /usr/local/share/emacs ]
-then
- if mkdir /usr/local/share/emacs 2>/dev/null
- then
- chown root:staff /usr/local/share/emacs
- chmod 2775 /usr/local/share/emacs
+if [ ! -e /usr/local/share/emacs ]; then
+ if mkdir /usr/local/share/emacs 2>/dev/null; then
+ if chown root:staff /usr/local/share/emacs; then
+ chmod 2775 /usr/local/share/emacs || true
+ fi
fi
fi
</example>
though the spool may still be physically located there.
</p>
</sect1>
+
+ <sect1 id="fhs-run">
+ <heading><file>/run</file> and <file>/run/lock</file></heading>
+
+ <p>
+ The directory <file>/run</file> is cleared at boot, normally
+ by being a mount point for a temporary file system. Packages
+ therefore must not assume that any files or directories
+ under <file>/run</file> other than <file>/run/lock</file>
+ exist unless the package has arranged to create those files or
+ directories since the last reboot. Normally, this is done by
+ the package via an init script. See <ref id="writing-init">
+ for more information.
+ </p>
+
+ <p>
+ Packages must not include files or directories
+ under <file>/run</file>, or under the
+ older <file>/var/run</file> and <file>/var/lock</file> paths.
+ The latter paths will normally be symlinks or other
+ redirections to <file>/run</file> for backwards compatibility.
+ </p>
+ </sect1>
</sect>
<sect>
</p>
<p>
- <file>/var/run</file> and <file>/var/lock</file> may be mounted
- as temporary filesystems<footnote>
- For example, using the <tt>RAMRUN</tt> and <tt>RAMLOCK</tt>
- options in <file>/etc/default/rcS</file>.
- </footnote>, so the <file>init.d</file> scripts must handle this
- correctly. This will typically amount to creating any required
- subdirectories dynamically when the <file>init.d</file> script
- is run, rather than including them in the package and relying on
- <prgn>dpkg</prgn> to create them.
+ Files and directories under <file>/run</file>, including ones
+ referred to via the compatibility paths <file>/var/run</file>
+ and <file>/var/lock</file>, are normally stored on a temporary
+ filesystem and are normally not persistent across a reboot.
+ The <file>init.d</file> scripts must handle this correctly.
+ This will typically mean creating any required subdirectories
+ dynamically when the <file>init.d</file> script is run.
+ See <ref id="fhs-run"> for more information.
</p>
</sect1>
</p>
</sect>
- <sect>
+ <sect id="cron-jobs">
<heading>Cron jobs</heading>
<p>
Packages must not modify the configuration file
<file>/etc/crontab</file>, and they must not modify the files in
- <file>/var/spool/cron/crontabs</file>.</p>
+ <file>/var/spool/cron/crontabs</file>.
+ </p>
<p>
- If a package wants to install a job that has to be executed
- via cron, it should place a file with the name of the
- package in one or more of the following directories:
+ If a package wants to install a job that has to be executed via
+ cron, it should place a file named as specified
+ in <ref id="cron-files"> into one or more of the following
+ directories:
<example compact="compact">
/etc/cron.hourly
/etc/cron.daily
As these directory names imply, the files within them are
executed on an hourly, daily, weekly, or monthly basis,
respectively. The exact times are listed in
- <file>/etc/crontab</file>.</p>
+ <file>/etc/crontab</file>.
+ </p>
<p>
All files installed in any of these directories must be
<p>
If a certain job has to be executed at some other frequency or
- at a specific time, the package should install a file
- <file>/etc/cron.d/<var>package</var></file>. This file uses the
- same syntax as <file>/etc/crontab</file> and is processed by
- <prgn>cron</prgn> automatically. The file must also be
+ at a specific time, the package should install a file in
+ <file>/etc/cron.d</file> with a name as specified
+ in <ref id="cron-files">. This file uses the same syntax
+ as <file>/etc/crontab</file> and is processed
+ by <prgn>cron</prgn> automatically. The file must also be
treated as a configuration file. (Note that entries in the
<file>/etc/cron.d</file> directory are not handled by
<prgn>anacron</prgn>. Thus, you should only use this
directory for jobs which may be skipped if the system is not
- running.)</p>
+ running.)
+ </p>
+
<p>
Unlike <file>crontab</file> files described in the IEEE Std
1003.1-2008 (POSIX.1) available from
execute scripts in
<file>/etc/cron.{hourly,daily,weekly,monthly}</file>.
</p>
+
+ <sect1 id="cron-files">
+ <heading>Cron job file names</heading>
+
+ <p>
+ The file name of a cron job file should normally match the
+ name of the package from which it comes.
+ </p>
+
+ <p>
+ If a package supplies multiple cron job files files in the
+ same directory, the file names should all start with the name
+ of the package (possibly modified as described below) followed
+ by a hyphen (<tt>-</tt>) and a suitable suffix.
+ </p>
+
+ <p>
+ A cron job file name must not include any period or plus
+ characters (<tt>.</tt> or <tt>+</tt>) characters as this will
+ cause cron to ignore the file. Underscores (<tt>_</tt>)
+ should be used instead of <tt>.</tt> and <tt>+</tt>
+ characters.
+ </p>
+ </sect1>
</sect>
<sect id="menus">
MIME (Multipurpose Internet Mail Extensions, RFCs 2045-2049)
is a mechanism for encoding files and data streams and
providing meta-information about them, in particular their
- type (e.g. audio or video) and format (e.g. PNG, HTML,
+ type (e.g. audio or video) and format (e.g. PNG, HTML,
MP3).
</p>
</p>
<p>
- Packages which provide the ability to view/show/play,
- compose, edit or print MIME types should register themselves
- as such following the current MIME support policy.
+ Packages which provide programs to view/show/play, compose, edit or
+ print MIME types should register them as such by placing a file in
+ <manref name="mailcap" section="5"> format (RFC 1524) in the directory
+ <file>/usr/lib/mime/packages/</file>. The file name should be the
+ binary package's name.
</p>
<p>
- The MIME support policy can be found in the <tt>mime-policy</tt>
- files in the <tt>debian-policy</tt> package.
- It is also available from the Debian web mirrors at
- <tt><url name="/doc/packaging-manuals/mime-policy/"
- id="http://www.debian.org/doc/packaging-manuals/mime-policy/"></tt>.
+ The <package>mime-support</package> package provides the
+ <prgn>update-mime</prgn> program, which integrates these
+ registrations in the <file>/etc/mailcap</file> file, using dpkg
+ triggers<footnote>
+ Creating, modifying or removing a file in
+ <file>/usr/lib/mime/packages/</file> using maintainer scripts will
+ not activate the trigger. In that case, it can be done by calling
+ <tt>dpkg-trigger --no-await /usr/lib/mime/packages</tt> from
+ the maintainer script after creating, modifying, or removing
+ the file.
+ </footnote>.
+ Packages using this facility <em>should not</em> depend on,
+ recommend, or suggest <prgn>mime-support</prgn>.
</p>
-
</sect>
<sect>
package that provides online documentation (other than just
manual pages) to register these documents with
<package>doc-base</package> by installing a
- <package>doc-base</package> control file via the
- <prgn/install-docs/ script at installation time and
- de-register the manuals again when the package is removed.
+ <package>doc-base</package> control file in
+ <file>/usr/share/doc-base/</file>.
</p>
<p>
Please refer to the documentation that comes with the
</p>
</sect>
+ <sect id="alternateinit">
+ <heading>Alternate init systems</heading>
+ <p>
+ A number of other init systems are available now in Debian that
+ can be used in place of <package>sysvinit</package>. Alternative
+ init implementations must support running SysV init scripts as
+ described at <ref id="sysvinit"> for compatibility.
+ </p>
+ <p>
+ Packages may integrate with these replacement init systems by
+ providing implementation-specific configuration information about
+ how and when to start a service or in what order to run certain
+ tasks at boot time. However, any package integrating with other
+ init systems must also be backwards-compatible with
+ <package>sysvinit</package> by providing a SysV-style init script
+ with the same name as and equivalent functionality to any
+ init-specific job, as this is the only start-up configuration
+ method guaranteed to be supported by all init implementations. An
+ exception to this rule is scripts or jobs provided by the init
+ implementation itself; such jobs may be required for an
+ implementation-specific equivalent of the <file>/etc/rcS.d/</file>
+ scripts and may not have a one-to-one correspondence with the init
+ scripts.
+ </p>
+ <sect1 id="upstart">
+ <heading>Event-based boot with upstart</heading>
+
+ <p>
+ Packages may integrate with the <prgn>upstart</prgn> event-based
+ boot system by installing job files in the
+ <file>/etc/init</file> directory. SysV init scripts for which
+ an equivalent upstart job is available must query the output of
+ the command <prgn>initctl version</prgn> for the string
+ <tt>upstart</tt> and avoid running in favor of the native
+ upstart job, using a test such as this:
+ <example compact="compact">
+if [ "$1" = start ] && which initctl >/dev/null && initctl version | grep -q upstart
+then
+ exit 1
+fi
+ </example>
+ </p>
+ <p>
+ Because packages shipping upstart jobs may be installed on
+ systems that are not using upstart, maintainer scripts must
+ still use the common <prgn>update-rc.d</prgn> and
+ <prgn>invoke-rc.d</prgn> interfaces for configuring runlevels
+ and for starting and stopping services. These maintainer
+ scripts must not call the upstart <prgn>start</prgn>,
+ <prgn>restart</prgn>, <prgn>reload</prgn>, or <prgn>stop</prgn>
+ interfaces directly. Instead, implementations of
+ <prgn>invoke-rc.d</prgn> must detect when upstart is running and
+ when an upstart job with the same name as an init script is
+ present, and perform the requested action using the upstart job
+ instead of the init script.
+ </p>
+ <p>
+ Dependency-based boot managers for SysV init scripts, such as
+ <prgn>startpar</prgn>, may avoid running a given init script
+ entirely when an equivalent upstart job is present, to avoid
+ unnecessary forking of no-op init scripts. In this case, the
+ boot manager should integrate with upstart to detect when the
+ upstart job in question is started or stopped to know when the
+ dependency has been satisfied.
+ </p>
+ </sect1>
+ </sect>
+
</chapt>
Although not enforced by the build tools, shared libraries
must be linked against all libraries that they use symbols from
in the same way that binaries are. This ensures the correct
- functioning of the <qref id="sharedlibs-shlibdeps">shlibs</qref>
- system and guarantees that all libraries can be safely opened
+ functioning of the <qref id="sharedlibs-symbols">symbols</qref>
+ and <qref id="sharedlibs-shlibdeps">shlibs</qref>
+ systems and guarantees that all libraries can be safely opened
with <tt>dlopen()</tt>. Packagers may wish to use the gcc
option <tt>-Wl,-z,defs</tt> when building a shared library.
Since this option enforces symbol resolution at build time,
<p>
You may wish to restrict your script to SUSv3 features plus the
above set when possible so that it may use <file>/bin/sh</file>
- as its interpreter. If your script works with <prgn>dash</prgn>
- (originally called <prgn>ash</prgn>), it probably complies with
- the above requirements, but if you are in doubt, use
- <file>/bin/bash</file>.
+ as its interpreter. Checking your script
+ with <prgn>checkbashisms</prgn> from
+ the <package>devscripts</package> package or running your script
+ with an alternate shell such as <prgn>posh</prgn> may help
+ uncover violations of the above requirements. If in doubt
+ whether a script complies with these requirements,
+ use <file>/bin/bash</file>.
</p>
<p>
<heading>Symbolic links</heading>
<p>
- In general, symbolic links within a top-level directory
- should be relative, and symbolic links pointing from one
- top-level directory into another should be absolute. (A
- top-level directory is a sub-directory of the root
- directory <file>/</file>.)
+ In general, symbolic links within a top-level directory should
+ be relative, and symbolic links pointing from one top-level
+ directory to or into another should be absolute. (A top-level
+ directory is a sub-directory of the root
+ directory <file>/</file>.) For example, a symbolic link
+ from <file>/usr/lib/foo</file> to <file>/usr/share/bar</file>
+ should be relative (<file>../share/bar</file>), but a symbolic
+ link from <file>/var/run</file> to <file>/run</file> should be
+ absolute.<footnote>
+ This is necessary to allow top-level directories to be
+ symlinks. If linking <file>/var/run</file>
+ to <file>/run</file> were done with the relative symbolic
+ link <file>../run</file>, but <file>/var</file> were a
+ symbolic link to <file>/srv/disk1</file>, the symbolic link
+ would point to <file>/srv/run</file> rather than the intended
+ target.
+ </footnote>
</p>
<p>
<item>
If the window manager complies with <url
- id="http://www.freedesktop.org/Standards/wm-spec"
+ id="http://www.freedesktop.org/wiki/Specifications/wm-spec"
name="The Window Manager Specification Project">,
- written by the <url id="http://www.freedesktop.org/"
+ written by the <url id="http://www.freedesktop.org/wiki/"
name="Free Desktop Group">, add 40 points.
</item>
policy (such as for <ref id="appdefaults">).
</p>
</sect1>
-
- <sect1>
- <heading>The OSF/Motif and OpenMotif libraries</heading>
-
- <p>
- <em>Programs that require the non-DFSG-compliant OSF/Motif or
- OpenMotif libraries</em><footnote>
- OSF/Motif and OpenMotif are collectively referred to as
- "Motif" in this policy document.
- </footnote>
- should be compiled against and tested with LessTif (a free
- re-implementation of Motif) instead. If the maintainer
- judges that the program or programs do not work
- sufficiently well with LessTif to be distributed and
- supported, but do so when compiled against Motif, then two
- versions of the package should be created; one linked
- statically against Motif and with <tt>-smotif</tt>
- appended to the package name, and one linked dynamically
- against Motif and with <tt>-dmotif</tt> appended to the
- package name.
- </p>
-
- <p>
- Both Motif-linked versions are dependent
- upon non-DFSG-compliant software and thus cannot be
- uploaded to the <em>main</em> distribution; if the
- software is itself DFSG-compliant it may be uploaded to
- the <em>contrib</em> distribution. While known existing
- versions of Motif permit unlimited redistribution of
- binaries linked against the library (whether statically or
- dynamically), it is the package maintainer's
- responsibility to determine whether this is permitted by
- the license of the copy of Motif in their possession.
- </p>
- </sect1>
</sect>
<sect id="perl">
maintainer of the package is allowed to write this bug report
themselves, if they so desire). Do not close the bug report
until a proper man page is available.<footnote>
- It is not very hard to write a man page. See the
+ It is not very hard to write a man page. See the
<url id="http://www.schweikhardt.net/man_page_howto.html"
name="Man-Page-HOWTO">,
- <manref name="man" section="7">, the examples
- created by <prgn>debmake</prgn> or <prgn>dh_make</prgn>,
-
the helper program <prgn>help2man</prgn>, or the
- directory <file>/usr/share/doc/man-db/examples</file>.
+ <manref name="man" section="7">, the examples created
+ by <prgn>dh_make</prgn>, the helper
+ program <prgn>help2man</prgn>, or the
+ directory <file>/usr/share/doc/man-db/examples</file>.
</footnote>
</p>
<p>
In addition, the copyright file must say where the upstream
- sources (if any) were obtained. It should name the original
- authors of the package and the Debian maintainer(s) who were
- involved with its creation.
+ sources (if any) were obtained, and should name the original
+ authors.
</p>
<p>
<file>/usr/share/doc/<var>package</var></file> may be a symbolic
link to another directory in <file>/usr/share/doc</file> only if
the two packages both come from the same source and the
- first package Depends on the second. These rules are
- important because copyrights must be extractable by
+ first package Depends on the second. These rules are important
+ because <file>copyright</file> files must be extractable by
mechanical means.
</p>
You should not use the copyright file as a general <file>README</file>
file. If your package has such a file it should be
installed in <file>/usr/share/doc/<var>package</var>/README</file> or
- <file>README.Debian</file> or some other appropriate place.</p>
+ <file>README.Debian</file> or some other appropriate place.
+ </p>
+
+ <p>
+ All copyright files must be encoded in UTF-8.
+ </p>
+
+ <sect1 id="copyrightformat">
+ <heading>Machine-readable copyright information</heading>
+
+ <p>
+ A specification for a standard, machine-readable format
+ for <file>debian/copyright</file> files is maintained as part
+ of the <package>debian-policy</package> package. This
+ document may be found in the <file>copyright-format</file>
+ files in the <package>debian-policy</package> package. It is
+ also available from the Debian web mirrors at
+ <tt><url name="/doc/packaging-manuals/copyright-format/1.0/"
+ id="http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/"></tt>.
+ </p>
+
+ <p>
+ Use of this format is optional.
+ </p>
+ </sect1>
</sect>
<sect>
</p>
<p>
- The Debian version of the FSF's GNU hello program is provided
- as an example for people wishing to create Debian
- packages. The Debian <prgn>debmake</prgn> package is
- recommended as a very helpful tool in creating and maintaining
- Debian packages. However, while the tools and examples are
- helpful, they do not replace the need to read and follow the
- Policy and Programmer's Manual.</p>
+ The Debian version of the FSF's GNU hello program is provided as
+ an example for people wishing to create Debian packages. However,
+ while the examples are helpful, they do not replace the need to
+ read and follow the Policy and Programmer's Manual.</p>
</appendix>
<appendix id="pkg-binarypkg">
<p>
The <prgn>DEBIAN</prgn> directory will not appear in the
file system archive of the package, and so won't be installed
- by <prgn>dpkg</prgn> when the package is installed.
+ by <prgn>dpkg</prgn> when the package is unpacked.
</p>
<p>
the <prgn>PATH</prgn> if necessary, and pass its
second and subsequent arguments to the command it
calls. If no <var>root-command</var> is supplied
- then <var>dpkg-buildpackage</var> will take no
- special action to gain root privilege, so that for
- most packages it will have to be invoked as root to
- start with.</p>
+ then <var>dpkg-buildpackage</var> will use
+ the <prgn>fakeroot</prgn> command, which is sufficient
+ to build most packages without actually requiring root
+ privileges.</p>
</item>
<tag><tt>-b</tt>, <tt>-B</tt></tag>
<item>
</heading>
<p>
- This program is usually called from <file>debian/rules</file>
- just before <prgn>dpkg-gencontrol</prgn> (see <ref
- id="pkg-sourcetree">), in the top level of the source tree.
- </p>
-
- <p>
- Its arguments are executables and shared libraries
- <footnote>
- <p>
- They may be specified either in the locations in the
- source tree where they are created or in the locations
- in the temporary build tree where they are installed
- prior to binary package creation.
- </p>
- </footnote> for which shared library dependencies should
- be included in the binary package's control file.
- </p>
-
- <p>
- If some of the found shared libraries should only
- warrant a <tt>Recommends</tt> or <tt>Suggests</tt>, or if
- some warrant a <tt>Pre-Depends</tt>, this can be achieved
- by using the <tt>-d<var>dependency-field</var></tt> option
- before those executable(s). (Each <tt>-d</tt> option
- takes effect until the next <tt>-d</tt>.)
- </p>
-
- <p>
- <prgn>dpkg-shlibdeps</prgn> does not directly cause the
- output control file to be modified. Instead by default it
- adds to the <file>debian/substvars</file> file variable
- settings like <tt>shlibs:Depends</tt>. These variable
- settings must be referenced in dependency fields in the
- appropriate per-binary-package sections of the source
- control file.
- </p>
-
- <p>
- For example, a package that generates an essential part
- which requires dependencies, and optional parts that
- which only require a recommendation, would separate those
- two sets of dependencies into two different fields.<footnote>
- At the time of writing, an example for this was the
- <package/xmms/ package, with Depends used for the xmms
- executable, Recommends for the plug-ins and Suggests for
- even more optional features provided by unzip.
- </footnote>
- It can say in its <file>debian/rules</file>:
- <example>
- dpkg-shlibdeps -dDepends <var>program anotherprogram ...</var> \
- -dRecommends <var>optionalpart anotheroptionalpart</var>
- </example>
- and then in its main control file <file>debian/control</file>:
- <example>
- <var>...</var>
- Depends: ${shlibs:Depends}
- Recommends: ${shlibs:Recommends}
- <var>...</var>
- </example>
- </p>
-
- <p>
- Sources which produce several binary packages with
- different shared library dependency requirements can use
- the <tt>-p<var>varnameprefix</var></tt> option to override
- the default <tt>shlibs:</tt> prefix (one invocation of
- <prgn>dpkg-shlibdeps</prgn> per setting of this option).
- They can thus produce several sets of dependency
- variables, each of the form
- <tt><var>varnameprefix</var>:<var>dependencyfield</var></tt>,
- which can be referred to in the appropriate parts of the
- binary package control files.
+ See <manref name="dpkg-shlibdeps" section="1">.
</p>
</sect1>
-
<sect1 id="pkg-dpkg-distaddfile">
<heading>
<prgn>dpkg-distaddfile</prgn> - adds a file to
dpkg-divert --package smailwrapper --remove --rename \
--divert /usr/sbin/smail.real /usr/sbin/smail
fi
- </example> where <tt>1.02-2</tt> is the version at which the
+ </example> where <tt>1.0-2</tt> is the version at which the
diversion was first added to the package. The postrm should not
remove the diversion on upgrades both because there's no reason to
remove the diversion only to immediately re-add it and since the
<!-- Local variables: -->
<!-- indent-tabs-mode: t -->
<!-- End: -->
-<!-- vim:set ai et sts=2 sw=2 tw=76: -->
+<!-- vim:set ai sts=2 sw=2 tw=76: -->
projects / debian / debian-policy.git / blobdiff