X-Git-Url: https://git.donarmstrong.com/?p=debian%2Fdebian-policy.git;a=blobdiff_plain;f=policy.sgml;h=10e626babf857a9c1b25e56444ae3d75f9f12e2c;hp=f512315708535d5dc0691533da2f1ef7a48b8280;hb=bce4b938b4e603a7bceeaf2ad31d007d0a9dcb43;hpb=b6ec3caac4fc2ea5938a069b60558e140766f6c5 diff --git a/policy.sgml b/policy.sgml index f512315..10e626b 100644 --- a/policy.sgml +++ b/policy.sgml @@ -279,6 +279,14 @@ .

+ +

+ Finally, a specification for + machine-readable copyright files is maintained as part of + the debian-policy package using the same + procedure as the other policy documents. Use of this format is + optional. +

@@ -489,9 +497,9 @@ must not require or recommend a package outside of main for compilation or execution (thus, the - package must not declare a "Depends", "Recommends", or - "Build-Depends" relationship on a non-main - package), + package must not declare a "Pre-Depends", "Depends", + "Recommends", "Build-Depends", or "Build-Depends-Indep" + relationship on a non-main package), must not be so buggy that we refuse to support them, @@ -706,21 +714,62 @@

The Debian archive maintainers provide the authoritative list of sections. At present, they are: - admin, cli-mono, comm, database, - devel, debug, doc, editors, - education, electronics, embedded, - fonts, games, gnome, graphics, - gnu-r, gnustep, hamradio, haskell, - httpd, interpreters, introspection, - java, kde, kernel, libs, - libdevel, lisp, localization, - mail, math, metapackages, misc, - net, news, ocaml, oldlibs, - otherosfs, perl, php, python, - ruby, science, shells, sound, - tex, text, utils, vcs, - video, web, x11, xfce, - zope. The additional section debian-installer +admin, +cli-mono, +comm, +database, +debug, +devel, +doc, +editors, +education, +electronics, +embedded, +fonts, +games, +gnome, +gnu-r, +gnustep, +graphics, +hamradio, +haskell, +httpd, +interpreters, +introspection, +java, +kde, +kernel, +libdevel, +libs, +lisp, +localization, +mail, +math, +metapackages, +misc, +net, +news, +ocaml, +oldlibs, +otherosfs, +perl, +php, +python, +ruby, +science, +shells, +sound, +tasks, +tex, +text, +utils, +vcs, +video, +web, +x11, +xfce, +zope. + The additional section debian-installer contains special packages used by the installer and is not used for normal Debian packages.

@@ -840,10 +889,11 @@ Among those files are the package maintainer scripts and control, the binary package control file that contains the control fields for - the package. Other control information files - include the shlibs - file used to store shared library dependency information - and the conffiles file that lists the package's + the package. Other control information files include + the symbols file + or shlibs file + used to store shared library dependency information and + the conffiles file that lists the package's configuration files (described in ).

@@ -1938,47 +1988,33 @@

- build-arch (optional), - build-indep (optional) + build-arch (required), + build-indep (required)

- A package may also provide both of the targets - build-arch and build-indep. - The build-arch target, if provided, should + The build-arch target must perform all the configuration and compilation required for producing all architecture-dependant binary packages (those packages for which the body of the Architecture field in debian/control is not all). Similarly, the build-indep - target, if provided, should perform all the configuration + target must perform all the configuration and compilation required for producing all architecture-independent binary packages (those packages for which the body of the Architecture field in debian/control is all). - The build target should depend on those of the - targets build-arch and build-indep that - are provided in the rules file. - The intent of this split is so that binary-only builds - need not install the dependencies required for - the build-indep target. However, this is not - yet used in practice since dpkg-buildpackage - -B, and therefore the autobuilders, - invoke build rather than build-arch - due to the difficulties in determining whether the - optional build-arch target exists. + The build target + should either depend on those targets or take the same + actions as invoking those targets would perform. + This split allows binary-only builds to not install the + dependencies required for the build-indep + target and skip any resource-intensive build tasks that + are only required when building architecture-independent + binary packages.

-

- If one or both of the targets build-arch and - build-indep are not provided, then invoking - debian/rules with one of the not-provided - targets as arguments should produce a exit status code - of 2. Usually this is provided automatically by make - if the target is missing. -

-

The build-arch and build-indep targets must not do anything that might require root privilege. @@ -2491,18 +2527,21 @@ endif

- Each paragraph consists of a series of data fields; each - field consists of the field name, followed by a colon and - then the data/value associated with that field. The field - name is composed of printable ASCII characters (i.e., - characters that have values between 33 and 126, inclusive) - except colon and must not with a begin with #. The - field ends at the end of the line or at the end of the - last continuation line (see below). Horizontal whitespace - (spaces and tabs) may occur immediately before or after the - value and is ignored there; it is conventional to put a - single space after the colon. For example, a field might - be: + Each paragraph consists of a series of data fields. Each field + consists of the field name followed by a colon and then the + data/value associated with that field. The field name is + composed of US-ASCII characters excluding control characters, + space, and colon (i.e., characters in the ranges 33-57 and + 59-126, inclusive). Field names must not begin with the comment + character, #. +

+ +

+ The field ends at the end of the line or at the end of the last + continuation line (see below). Horizontal whitespace (spaces + and tabs) may occur immediately before or after the value and is + ignored there; it is conventional to put a single space after + the colon. For example, a field might be: Package: libc6 @@ -2610,12 +2649,12 @@ Package: libc6 Source (mandatory) Maintainer (mandatory) Uploaders - DM-Upload-Allowed Section (recommended) Priority (recommended) Build-Depends et al Standards-Version (recommended) Homepage + Vcs-Browser, Vcs-Git, et al.

@@ -2631,6 +2670,7 @@ Package: libc6 Depends et al Description (mandatory) Homepage + Built-Using

@@ -2686,6 +2726,7 @@ Package: libc6 Maintainer (mandatory) Description (mandatory) Homepage + Built-Using

@@ -2696,7 +2737,7 @@ Package: libc6

This file consists of a single paragraph, possibly surrounded by a PGP signature. The fields of that paragraph are listed below. - Their syntax is described above, in . + Their syntax is described above, in . Format (mandatory) @@ -2706,12 +2747,12 @@ Package: libc6 Version (mandatory) Maintainer (mandatory) Uploaders - DM-Upload-Allowed Homepage + Vcs-Browser, Vcs-Git, et al. Standards-Version (recommended) Build-Depends et al Checksums-Sha1 - and Checksums-Sha256 (recommended) + and Checksums-Sha256 (mandatory) Files (mandatory)

@@ -2764,7 +2805,7 @@ Package: libc6 Closes Changes (mandatory) Checksums-Sha1 - and Checksums-Sha256 (recommended) + and Checksums-Sha256 (mandatory) Files (mandatory)

@@ -3698,26 +3739,66 @@ Checksums-Sha256:

- In the .dsc file, these fields should list all + In the .dsc file, these fields list all files that make up the source package. In - the .changes file, these fields should list all + the .changes file, these fields list all files being uploaded. The list of files in these fields must match the list of files in the Files field.

- + DM-Upload-Allowed

- The most recent version of a package uploaded to unstable or - experimental must include the field DM-Upload-Allowed: - yes in the source section of its source control file for - the Debian archive to accept uploads signed with a key in the - Debian Maintainer keyring. See the General - Resolution for more - details. + Obsolete, see below. +

+ + + + Version Control System (VCS) fields + +

+ Debian source packages are increasingly developed using VCSs. The + purpose of the following fields is to indicate a publicly accessible + repository where the Debian source package is developed. + + + Vcs-Browser + +

+ URL of a web interface for browsing the repository. +

+ + + + Vcs-Arch, Vcs-Bzr (Bazaar), Vcs-Cvs, + Vcs-Darcs, Vcs-Git, Vcs-Hg + (Mercurial), Vcs-Mtn (Monotone), Vcs-Svn + (Subversion) + + +

+ The field name identifies the VCS. The field's value uses the + version control system's conventional syntax for describing + repository locations and should be sufficient to locate the + repository used for packaging. Ideally, it also locates the + branch used for development of new versions of the Debian + package. +

+

+ In the case of Git, the value consists of a URL, optionally + followed by the word -b and the name of a branch in + the indicated repository, following the syntax of the + git clone command. If no branch is specified, the + packaging should be on the default branch. +

+

+ More than one different VCS may be specified for the same + package. +

+ +

@@ -3766,6 +3847,28 @@ Checksums-Sha256: + + Obsolete fields + +

+ The following fields have been obsoleted and may be found in packages + conforming with previous versions of the Policy. +

+ + + DM-Upload-Allowed + +

+ Indicates that Debian Maintainers may upload this package to + the Debian archive. The only valid value is yes. This + field was used to regulate uploads by Debian Maintainers, See the + General Resolution for more details. +

+ + + + @@ -4590,13 +4693,13 @@ fi

The relations allowed are <<, <=, - =, >= and >> for - strictly earlier, earlier or equal, exactly equal, later or - equal and strictly later, respectively. The deprecated - forms < and > were used to mean - earlier/later or equal, rather than strictly earlier/later, - so they should not appear in new packages (though - dpkg still supports them). + =, >= and >> for strictly + earlier, earlier or equal, exactly equal, later or equal and + strictly later, respectively. The deprecated + forms < and > were confusingly used to + mean earlier/later or equal, rather than strictly earlier/later, + and must not appear in new packages (though dpkg + still supports them with a warning).

@@ -4628,7 +4731,7 @@ Depends: libc6 (>= 2.2.1), exim | mail-transport-agent Relationships may be restricted to a certain set of architectures. This is indicated in brackets after each individual package name and the optional version specification. - The brackets enclose a list of Debian architecture names + The brackets enclose a non-empty list of Debian architecture names in the format described in , separated by whitespace. Exclamation marks may be prepended to each of the names. (It is not permitted for some names to be @@ -4660,7 +4763,8 @@ Build-Depends: kernel-headers-2.2.10 [!hurd-i386],

- For binary relationship fields, the architecture restriction + For binary relationship fields and the Built-Using + field, the architecture restriction syntax is only supported in the source package control file debian/control. When the corresponding binary package control file is generated, the relationship will either @@ -5384,6 +5488,53 @@ Replaces: mail-transport-agent

+ + + Additional source packages used to build the binary + - Built-Using + + +

+ Some binary packages incorporate parts of other packages when built + but do not have to depend on those packages. Examples include + linking with static libraries or incorporating source code from + another package during the build. In this case, the source packages + of those other packages are a required part of the complete source + (the binary package is not reproducible without them). +

+ +

+ A Built-Using field must list the corresponding source + package for any such binary package incorporated during the build + + Build-Depends in the source package is not adequate since + it (rightfully) does not document the exact version used in the + build. + , + including an "exactly equal" ("=") version relation on the version + that was used to build that binary package + The archive software might reject packages that refer to + non-existent sources. + . +

+ +

+ A package using the source code from the gcc-4.6-source + binary package built from the gcc-4.6 source package would + have this field in its control file: + +Built-Using: gcc-4.6 (= 4.6.0-11) + +

+ +

+ A package including binaries from grub2 and loadlin would + have this field in its control file: + +Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) + +

+ @@ -5476,16 +5627,28 @@ Replaces: mail-transport-agent be placed in a package named librarynamesoversion, where soversion is the version number in - the SONAME of the shared library. - See for detailed information on how to - determine this version. Alternatively, if it would be confusing - to directly append soversion - to libraryname (if, for example, libraryname - itself ends in a number), you should use + the SONAME of the shared library. Alternatively, if it + would be confusing to directly append soversion + to libraryname (if, for + example, libraryname itself ends in a number), you + should use libraryname-soversion instead.

+

+ To determine the soversion, look at + the SONAME of the library, stored in the + ELF SONAME attribute. It is usually of the + form name.so.major-version (for + example, libz.so.1). The version part is the part + which comes after .so., so in that example it + is 1. The soname may instead be of the + form name-major-version.so, such + as libdb-5.1.so, in which case the name would + be libdb and the version would be 5.1. +

+

If you have several shared libraries built from the same source tree, you may lump them all together into a single shared @@ -5521,9 +5684,8 @@ Replaces: mail-transport-agent linked against the old shared library. Correct versioning of dependencies on the newer shared library by binaries that use the new interfaces is handled via - the shlibs - system or via symbols files (see - ). + the symbols + or shlibs system.

@@ -5792,361 +5954,890 @@ Replaces: mail-transport-agent

- - Dependencies between the library and other packages - - the shlibs system + + Dependencies between the library and other + packages

If a package contains a binary or library which links to a - shared library, we must ensure that when the package is - installed on the system, all of the libraries needed are - also installed. This requirement led to the creation of the - shlibs system, which is very simple in its design: - any package which provides a shared library also - provides information on the package dependencies required to - ensure the presence of this library, and any package which - uses a shared library uses this information to - determine the dependencies it requires. The files which - contain the mapping from shared libraries to the necessary - dependency information are called shlibs files. -

- -

- When a package is built which contains any shared libraries, it - must provide a shlibs file for other packages to - use. When a package is built which contains any shared - libraries or compiled binaries, it must run - dpkg-shlibdeps - on these to determine the libraries used and hence the - dependencies needed by this package. -

+ shared library, we must ensure that, when the package is + installed on the system, all of the libraries needed are also + installed. These dependencies must be added to the binary + package when it is built, since they may change based on which + version of a shared library the binary or library was linked + with even if there are no changes to the source of the binary + (for example, symbol versions change, macros become functions or + vice versa, or the binary package may determine at compile-time + whether new library interfaces are available and can be called). + To allow these dependencies to be constructed, shared libraries + must provide either a symbols file or + a shlibs file. These provide information on the + package dependencies required to ensure the presence of + interfaces provided by this library. Any package with binaries + or libraries linking to a shared library must use these files to + determine the required dependencies when it is built. Other + packages which use a shared library (for example using + dlopen()) should compute appropriate dependencies + using these files at build time as well. +

+ +

+ The two mechanisms differ in the degree of detail that they + provide. A symbols file documents, for each symbol + exported by a library, the minimal version of the package any + binary using this symbol will need. This is typically the + version of the package in which the symbol was introduced. This + information permits detailed analysis of the symbols used by a + particular package and construction of an accurate dependency, + but it requires the package maintainer to track more information + about the shared library. +

+ +

+ A shlibs file, in contrast, only documents the last + time the library ABI changed in any way. It only provides + information about the library as a whole, not individual + symbols. When a package is built using a shared library with + only a shlibs file, the generated dependency will + require a version of the shared library equal to or newer than + the version of the last ABI change. This generates + unnecessarily restrictive dependencies compared + to symbols files if none of the symbols used by the + package have changed. This, in turn, may make upgrades + needlessly complex and unnecessarily restrict use of the package + on systems with older versions of the shared libraries. +

+ +

+ shlibs files also only support a limited range of + library SONAMEs, making it difficult to use shlibs + files in some unusual corner cases. + A shlibs file represents an SONAME as a library + name and version number, such as libfoo VERSION, + instead of recording the actual SONAME. If the SONAME doesn't + match one of the two expected formats + (libfoo-VERSION.so or libfoo.so.VERSION), it + cannot be represented. + +

+ +

+ symbols files are therefore recommended for most + shared library packages since they provide more accurate + dependencies. For most C libraries, the additional detail + required by symbols files is not too difficult to + maintain. However, maintaining exhaustive symbols information + for a C++ library can be quite onerous, so shlibs + files may be more appropriate for most C++ libraries. Libraries + with a corresponding udeb must also provide + a shlibs file, since the udeb infrastructure does + not use symbols files. +

+ + + Generating dependencies on shared libraries + +

+ When a package that contains any shared libraries or compiled + binaries is built, it must run dpkg-shlibdeps on + each shared library and compiled binary to determine the + libraries used and hence the dependencies needed by the + package. dpkg-shlibdeps will use a program like objdump or readelf to find - the libraries directly needed by the binaries or shared - libraries in the package. + the libraries and the symbols in those libraries directly + needed by the binaries or shared libraries in the package. + + To do this, put a call to dpkg-shlibdeps into + your debian/rules file in the source package. + List all of the compiled binaries, libraries, or loadable + modules in your package. + The easiest way to call dpkg-shlibdeps + correctly is to use a package helper framework such + as debhelper. If you are + using debhelper, + the dh_shlibdeps program will do this work for + you. It will also correctly handle multi-binary packages. + + dpkg-shlibdeps will use the symbols + or shlibs files installed by the shared libraries + to generate dependency information. The package must then + provide a substitution variable into which the discovered + dependency information can be placed. +

+ +

+ If you are creating a udeb for use in the Debian Installer, + you will need to specify that dpkg-shlibdeps + should use the dependency line of type udeb by adding + the -tudeb option + dh_shlibdeps from the debhelper suite + will automatically add this option if it knows it is + processing a udeb. + . If there is no dependency line of + type udeb in the shlibs + file, dpkg-shlibdeps will fall back to the + regular dependency line. +

+ +

+ dpkg-shlibdeps puts the dependency information + into the debian/substvars file by default, which + is then used by dpkg-gencontrol. You will need + to place a ${shlibs:Depends} variable in + the Depends field in the control file of every binary + package built by this source package that contains compiled + binaries, libraries, or loadable modules. If you have + multiple binary packages, you will need to + call dpkg-shlibdeps on each one which contains + compiled libraries or binaries. For example, you could use + the -T option to the dpkg utilities to + specify a different substvars file for each + binary package. + Again, dh_shlibdeps + and dh_gencontrol will handle everything except + the addition of the variable to the control file for you if + you're using debhelper, including + generating separate substvars files for each + binary package and calling dpkg-gencontrol with + the appropriate flags. + +

+ +

+ For more details on dpkg-shlibdeps, + see . +

+ +

+ We say that a binary foo directly uses a + library libbar if it is explicitly linked with that + library (that is, the library is listed in the + ELF NEEDED attribute, caused by adding -lbar + to the link line when the binary is created). Other libraries + that are needed by libbar are + linked indirectly to foo, and the dynamic + linker will load them automatically when it + loads libbar. A package should depend on the + libraries it directly uses, but not the libraries it only uses + indirectly. The dependencies for the libraries used + directly will automatically pull in the indirectly-used + libraries. dpkg-shlibdeps will handle this logic + automatically, but package maintainers need to be aware of + this distinction between directly and indirectly using a + library if they have to override its results for some reason. + + A good example of where this helps is the following. We + could update libimlib with a new version that + supports a new revision of a graphics format called dgf (but + retaining the same major version number) and depends on a + new library package libdgf4 instead of + the older libdgf3. If we + used ldd to add dependencies for every library + directly or indirectly linked with a binary, every package + that uses libimlib would need to be recompiled so + it would also depend on libdgf4 in order + to retire the older libdgf3 package. + Since dependencies are only added based on + ELF NEEDED attribute, packages + using libimlib can rely on libimlib itself + having the dependency on an appropriate version + of libdgf and do not need rebuilding. + +

+ + + + Shared library ABI changes + +

+ Maintaining a shared library package using + either symbols or shlibs files + requires being aware of the exposed ABI of the shared library + and any changes to it. Both symbols + and shlibs files record every change to the ABI + of the shared library; symbols files do so per + public symbol, whereas shlibs files record only + the last change for the entire library. +

+ +

+ There are two types of ABI changes: ones that are + backward-compatible and ones that are not. An ABI change is + backward-compatible if any reasonable program or library that + was linked with the previous version of the shared library + will still work correctly with the new version of the shared + library. + An example of an "unreasonable" program is one that uses + library interfaces that are documented as internal and + unsupported. If the only programs or libraries affected by + a change are "unreasonable" ones, other techniques, such as + declaring Breaks relationships with affected + packages or treating their usage of the library as bugs in + those packages, may be appropriate instead of changing the + SONAME. However, the default approach is to change the + SONAME for any change to the ABI that could break a program. + + Adding new symbols to the shared library is a + backward-compatible change. Removing symbols from the shared + library is not. Changing the behavior of a symbol may or may + not be backward-compatible depending on the change; for + example, changing a function to accept a new enum constant not + previously used by the library is generally + backward-compatible, but changing the members of a struct that + is passed into library functions is generally not unless the + library takes special precautions to accept old versions of + the data structure. +

+ +

+ ABI changes that are not backward-compatible normally require + changing the SONAME of the library and therefore the + shared library package name, which forces rebuilding all + packages using that shared library to update their + dependencies and allow them to use the new version of the + shared library. For more information, + see . The remainder of this + section will deal with backward-compatible changes. +

+ +

+ Backward-compatible changes require either updating or + recording the minimal-version for that symbol + in symbols files or updating the version in + the dependencies in shlibs files. For + more information on how to do this in the two formats, see + and . Below are general + rules that apply to both files. +

+ +

+ The easy case is when a public symbol is added. Simply add + the version at which the symbol was introduced + (for symbols files) or update the dependency + version (for shlibs) files. But special care + should be taken to update dependency versions when the + behavior of a public symbol changes. This is easy to neglect, + since there is no automated method of determining such + changes, but failing to update versions in this case may + result in binary packages with too-weak dependencies that will + fail at runtime, possibly in ways that can cause security + vulnerabilities. If the package maintainer believes that a + symbol behavior change may have occurred but isn't sure, it's + safer to update the version rather than leave it unmodified. + This may result in unnecessarily strict dependencies, but it + ensures that packages whose dependencies are satisfied will + work properly. +

+ +

+ A common example of when a change to the dependency version + is required is a function that takes an enum or struct + argument that controls what the function does. For example: + + enum library_op { OP_FOO, OP_BAR }; + int library_do_operation(enum library_op); + + If a new operation, OP_BAZ, is added, + the minimal-version + of library_do_operation (for symbols + files) or the version in the dependency for the shared library + (for shlibs files) must be increased to the + version at which OP_BAZ was introduced. Otherwise, a + binary built against the new version of the library (having + detected at compile-time that the library + supports OP_BAZ) may be installed with a shared + library that doesn't support OP_BAZ and will fail at + runtime when it tries to pass OP_BAZ into this + function. +

+ +

+ Dependency versions in either symbols + or shlibs files normally should not contain the + Debian revision of the package, since the library behavior is + normally fixed for a particular upstream version and any + Debian packaging of that upstream version will have the same + behavior. In the rare case that the library behavior was + changed in a particular Debian revision, appending ~ + to the end of the version that includes the Debian revision is + recommended, since this allows backports of the shared library + package using the normal backport versioning convention to + satisfy the dependency. +

+ + + + The symbols system + +

+ In the following sections, we will first describe where the + various symbols files are to be found, then + the symbols file format, and finally how to + create symbols files if your package contains a + shared library. +

+ + + The symbols files present on the + system + +

+ symbols files for a shared library are normally + provided by the shared library package as a control file, + but there are several override paths that are checked first + in case that information is wrong or missing. The following + list gives them in the order in which they are read + by dpkg-shlibdeps The first one that contains + the required information is used. + + +

debian/*/DEBIAN/symbols

+ +

+ During the package build, if the package itself + contains shared libraries with symbols + files, they will be generated in these staging + directories by dpkg-gensymbols + (see ). symbols + files found in the build tree take precedence + over symbols files from other binary + packages. +

+ +

+ These files must exist + before dpkg-shlibdeps is run or the + dependencies of binaries and libraries from a source + package on other libraries from that same source + package will not be correct. In practice, this means + that dpkg-gensymbols must be run + before dpkg-shlibdeps during the package + build. + An example may clarify. Suppose the source + package foo generates two binary + packages, libfoo2 and foo-runtime. + When building the binary packages, the contents of + the packages are staged in the + directories debian/libfoo2 + and debian/foo-runtime respectively. + (debian/tmp could be used instead of + one of these.) Since libfoo2 provides + the libfoo shared library, it will contain + a symbols file, which will be installed + in debian/libfoo2/DEBIAN/symbols, + eventually to be included as a control file in that + package. When dpkg-shlibdeps is run on + the + executable debian/foo-runtime/usr/bin/foo-prog, + it will examine + the debian/libfoo2/DEBIAN/symbols file + to determine whether foo-prog's library + dependencies are satisfied by any of the libraries + provided by libfoo2. Since those binaries + were linked against the just-built shared library as + part of the build process, the symbols + file for the newly-built libfoo2 must take + precedence over a symbols file for any + other libfoo2 package already installed on + the system. + +

+ + + +

+ /etc/dpkg/symbols/package.symbols.arch + and /etc/dpkg/symbols/package.symbols +

+ +

+ Per-system overrides of shared library dependencies. + These files normally do not exist. They are + maintained by the local system administrator and must + not be created by any Debian package. +

+ + + +

symbols control files for packages + installed on the system

+ +

+ The symbols control files for all the + packages currently installed on the system are + searched last. This will be the most common source of + shared library dependency information. These are + normally found + in /var/lib/dpkg/info/*.symbols, but + packages should not rely on this and instead should + use dpkg-query --control-path package + symbols if for some reason these files need to be + examined. +

+ +

- We say that a binary foo directly uses - a library libbar if it is explicitly linked - with that library (that is, the library is listed in the ELF - NEEDED attribute, caused by adding -lbar - to the link line when the binary is created). Other - libraries that are needed by libbar are linked - indirectly to foo, and the dynamic - linker will load them automatically when it loads - libbar. A package should depend on the libraries - it directly uses, but not the libraries it indirectly uses. - The dependencies for those libraries will automatically pull - in the other libraries. + Be aware that if a debian/shlibs.local exists + in the source package, it will override + any symbols files. This is the only case where + a shlibs is used despite symbols + files being present. See + and for more information.

+ + + + The symbols File Format

- A good example of where this helps is the following. We - could update libimlib with a new version that - supports a new graphics format called dgf (but retaining the - same major version number) and depends on libdgf. - If we used ldd to add dependencies for every - library directly or indirectly linked with a binary, every - package that uses libimlib would need to be - recompiled so it would also depend on libdgf or it - wouldn't run due to missing symbols. Since dependencies are - only added based on ELF NEEDED attribute, packages - using libimlib can rely on libimlib itself - having the dependency on libdgf and so they would - not need rebuilding. + The following documents the format of + the symbols control file as included in binary + packages. These files are built from + template symbols files in the source package + by dpkg-gensymbols. The template files support + a richer syntax that allows dpkg-gensymbols to + do some of the tedious work involved in + maintaining symbols files, such as handling C++ + symbols or optional symbols that may not exist on particular + architectures. When writing symbols files for + a shared library package, refer + to for the + richer syntax.

- -

-

- In the following sections, we will first describe where the - various shlibs files are to be found, then how to - use dpkg-shlibdeps, and finally the shlibs - file format and how to create them if your package contains a - shared library. -

+

+ A symbols may contain one or more entries, one + for each shared library contained in the package + corresponding to that symbols. Each entry has + the following format: +

- - The shlibs files present on the system +

+ + library-soname main-dependency-template + [| alternative-dependency-template] + [...] + [* field-name: field-value] + [...] + symbol minimal-version[ id-of-dependency-template ] + +

-

- There are several places where shlibs files are - found. The following list gives them in the order in which - they are read by - dpkg-shlibdeps. - (The first one which gives the required information is used.) -

+

+ To explain this format, we'll use the the zlib1g + package as an example, which (at the time of writing) + installs the shared + library /usr/lib/libz.so.1.2.3.4. Mandatory + lines will be described first, followed by optional lines. +

-

- - -

debian/shlibs.local

+

+ library-soname must contain exactly the value of + the ELF SONAME attribute of the shared library. In + our example, this is libz.so.1. + This can be determined by using the command + + readelf -d /usr/lib/libz.so.1.2.3.4 | grep SONAME + + +

-

- This lists overrides for this package. This file should - normally not be used, but may be needed temporarily in - unusual situations to work around bugs in other packages, - or in unusual cases where the normally declared dependency - information in the installed shlibs file for - a library cannot be used. This file overrides information - obtained from any other source. -

- +

+ main-dependency-template has the same syntax as a + dependency field in a binary package control file, except + that the string #MINVER# is replaced by a version + restriction like (>= version) or by + nothing if an unversioned dependency is deemed sufficient. + The version restriction will be based on which symbols from + the shared library are referenced and the version at which + they were introduced (see below). In nearly all + cases, main-dependency-template will + be package #MINVER#, + where package is the name of the binary package + containing the shared library. This adds a simple, + possibly-versioned dependency on the shared library package. + In some rare cases, such as when multiple packages provide + the same shared library ABI, the dependency template may + need to be more complex. +

- -

/etc/dpkg/shlibs.override

+

+ In our example, the first line of + the zlib1g symbols file would be: + + libz.so.1 zlib1g #MINVER# + +

-

- This lists global overrides. This list is normally - empty. It is maintained by the local system - administrator. -

- +

+ Each public symbol exported by the shared library must have + a corresponding symbol line, indented by one + space. symbol is the exported symbol (which, for + C++, means the mangled symbol) followed by @ and + the symbol version, or the string Base if there is + no symbol version. minimal-version is the most + recent version of the shared library that changed the + behavior of that symbol, whether by adding it, changing its + function signature (the parameters, their types, or the + return type), or changing its behavior in a way that is + visible to a caller. + id-of-dependency-template is an optional + field that references + an alternative-dependency-template; see below for + a full description. +

- -

DEBIAN/shlibs files in the "build directory"

+

+ For example, libz.so.1 contains the + symbols compress + and compressBound. compress has no symbol + version and last changed its behavior in upstream + version 1:1.1.4. compressBound has the + symbol version ZLIB_1.2.0, was introduced in + upstream version 1:1.2.0, and has not changed its + behavior. Its symbols file therefore contains + the lines: + + compress@Base 1:1.1.4 + compressBound@ZLIB_1.2.0 1:1.2.0 + + Packages using only compress would then get a + dependency on zlib1g (>= 1:1.1.4), but packages + using compressBound would get a dependency + on zlib1g (>= 1:1.2.0). +

-

- When packages are being built, - any debian/shlibs files are copied into the - control information file area of the temporary build - directory and given the name shlibs. These - files give details of any shared libraries included in the - same package. - An example may help here. Let us say that the source - package foo generates two binary - packages, libfoo2 and foo-runtime. - When building the binary packages, the two packages are - created in the directories debian/libfoo2 - and debian/foo-runtime respectively. - (debian/tmp could be used instead of one of - these.) Since libfoo2 provides the - libfoo shared library, it will require a - shlibs file, which will be installed in - debian/libfoo2/DEBIAN/shlibs, eventually to - become /var/lib/dpkg/info/libfoo2.shlibs. - When dpkg-shlibdeps is run on the - executable debian/foo-runtime/usr/bin/foo-prog, - it will examine - the debian/libfoo2/DEBIAN/shlibs file to - determine whether foo-prog's library - dependencies are satisfied by any of the libraries - provided by libfoo2. For this reason, - dpkg-shlibdeps must only be run once all of - the individual binary packages' shlibs files - have been installed into the build directory. - -

- +

+ One or more alternative-dependency-template lines + may be provided. These are used in cases where some symbols + in the shared library should use one dependency template + while others should use a different template. The + alternative dependency templates are used only if a symbol + line contains the id-of-dependency-template + field. The first alternative dependency template is + numbered 1, the second 2, and so forth. + An example of where this may be needed is with a library + that implements the libGL interface. All GL + implementations provide the same set of base interfaces, + and then may provide some additional interfaces only used + by programs that require that specific GL implementation. + So, for example, libgl1-mesa-glx may use the + following symbols file: + + libGL.so.1 libgl1 + | libgl1-mesa-glx #MINVER# + publicGlSymbol@Base 6.3-1 + [...] + implementationSpecificSymbol@Base 6.5.2-7 1 + [...] + + Binaries or shared libraries using + only publicGlSymbol would depend only + on libgl1 (which may be provided by multiple + packages), but ones + using implementationSpecificSymbol would get a + dependency on libgl1-mesa-glx (>= 6.5.2-7) + +

- -

/var/lib/dpkg/info/*.shlibs

+

+ Finally, the entry for the library may contain one or more + metadata fields. Currently, the only + supported field-name + is Build-Depends-Package, whose value lists + the library development + package on which packages using this shared library + declare a build dependency. If this field is + present, dpkg-shlibdeps uses it to ensure that + the resulting binary package dependency on the shared + library is at least as strict as the source package + dependency on the shared library development + package. + This field should normally not be necessary, since if the + behavior of any symbol has changed, the corresponding + symbol minimal-version should have been + increased. But including it makes the symbols + system more robust by tightening the dependency in cases + where the package using the shared library specifically + requires at least a particular version of the shared + library development package for some reason. + + For our example, the zlib1g symbols + file would contain: + + * Build-Depends-Package: zlib1g-dev + +

-

- These are the shlibs files corresponding to - all of the packages installed on the system, and are - maintained by the relevant package maintainers. -

- +

+ Also see . +

+ - -

/etc/dpkg/shlibs.default

+ + Providing a symbols file -

- This file lists any shared libraries whose packages - have failed to provide correct shlibs files. - It was used when the shlibs setup was first - introduced, but it is now normally empty. It is - maintained by the dpkg maintainer. -

- - -

- +

+ If your package provides a shared library, you should + arrange to include a symbols control file + following the format described above in that package. You + must include either a symbols control file or + a shlibs control file. +

+ +

+ Normally, this is done by creating a symbols in + the source package + named debian/package.symbols + or debian/symbols, possibly + with .arch appended if the symbols + information varies by architecture. This file may use the + extended syntax documented in . Then, call dpkg-gensymbols as + part of the package build process. It will + create symbols files in the package staging + area based on the binaries and libraries in the package + staging area and the symbols files in the + source package. + If you are + using debhelper, dh_makeshlibs will + take care of calling either dpkg-gensymbols + or generating a shlibs file as appropriate. + +

- - How to use dpkg-shlibdeps and the - shlibs files +

+ Packages that provide symbols files must keep + them up-to-date to ensure correct dependencies in packages + that use the shared libraries. This means updating + the symbols file whenever a new public symbol + is added, changing the minimal-version field + whenever a symbol changes behavior or signature in a + backward-compatible way (see ), + and changing the library-soname + and main-dependency-template, and probably all of + the minimal-version fields, when the library + changes SONAME. Removing a public symbol from + the symbols file because it's no longer + provided by the library normally requires changing + the SONAME of the library. + See for more information + on SONAMEs. +

+ + -

- Put a call to - dpkg-shlibdeps - into your debian/rules file. If your package - contains only compiled binaries and libraries (but no scripts), - you can use a command such as: - -dpkg-shlibdeps debian/tmp/usr/bin/* debian/tmp/usr/sbin/* \ - debian/tmp/usr/lib/* - - Otherwise, you will need to explicitly list the compiled - binaries and libraries. - If you are using debhelper, the - dh_shlibdeps program will do this work for you. - It will also correctly handle multi-binary packages. - -

+ + The shlibs system -

- This command puts the dependency information into the - debian/substvars file, which is then used by - dpkg-gencontrol. You will need to place a - ${shlibs:Depends} variable in the Depends - field in the control file for this to work. -

+

+ The shlibs system is a simpler alternative to + the symbols system for declaring dependencies for + shared libraries. It may be more appropriate for C++ + libraries and other cases where tracking individual symbols is + too difficult. It predated the symbols system and is + therefore frequently seen in older packages. It is also + required for udebs, which do not support symbols. +

-

- If you have multiple binary packages, you will need to call - dpkg-shlibdeps on each one which contains - compiled libraries or binaries. In such a case, you will - need to use the -T option to the dpkg - utilities to specify a different substvars file. -

+

+ In the following sections, we will first describe where the + various shlibs files are to be found, then how to + use dpkg-shlibdeps, and finally + the shlibs file format and how to create them. +

-

- If you are creating a udeb for use in the Debian Installer, - you will need to specify that dpkg-shlibdeps - should use the dependency line of type udeb by - adding the -tudeb option - dh_shlibdeps from the debhelper suite - will automatically add this option if it knows it is - processing a udeb. - . If there is no dependency line of - type udeb in the shlibs - file, dpkg-shlibdeps will fall back to the regular - dependency line. -

+ + The shlibs files present on the + system -

- For more details on dpkg-shlibdeps, please see - and - . -

- +

+ There are several places where shlibs files are + found. The following list gives them in the order in which + they are read by dpkg-shlibdeps. (The first + one which gives the required information is used.) + + +

debian/shlibs.local

+ +

+ This lists overrides for this package. This file + should normally not be used, but may be needed + temporarily in unusual situations to work around bugs + in other packages, or in unusual cases where the + normally declared dependency information in the + installed shlibs file for a library + cannot be used. This file overrides information + obtained from any other source. +

+ - - The shlibs File Format + +

/etc/dpkg/shlibs.override

-

- Each shlibs file has the same format. Lines - beginning with # are considered to be comments and - are ignored. Each line is of the form: - -[type: ]library-name soname-version dependencies ... - -

+

+ This lists global overrides. This list is normally + empty. It is maintained by the local system + administrator. +

+ -

- We will explain this by reference to the example of the - zlib1g package, which (at the time of writing) - installs the shared library /usr/lib/libz.so.1.1.3. -

+ +

DEBIAN/shlibs files in the "build + directory"

+ +

+ These files are generated as part of the package build + process and staged for inclusion as control files in + the binary packages being built. They provide details + of any shared libraries included in the same package. +

+ -

- type is an optional element that indicates the type - of package for which the line is valid. The only type currently - in use is udeb. The colon and space after the type are - required. -

+ +

shlibs control files for packages + installed on the system

+ +

+ The shlibs control files for all the + packages currently installed on the system. These are + normally found + in /var/lib/dpkg/info/*.symbols, but + packages should not rely on this and instead should + use dpkg-query --control-path package + shlibs if for some reason these files need to be + examined. +

+ -

- library-name is the name of the shared library, - in this case libz. (This must match the name part - of the soname, see below.) -

+ +

/etc/dpkg/shlibs.default

+ +

+ This file lists any shared libraries whose packages + have failed to provide correct shlibs + files. It was used when the shlibs setup + was first introduced, but it is now normally empty. + It is maintained by the dpkg maintainer. +

+ + +

-

- soname-version is the version part of the soname of - the library. The soname is the thing that must exactly match - for the library to be recognized by the dynamic linker, and is - usually of the form - name.so.major-version, in our - example, libz.so.1. - This can be determined using the command - -objdump -p /usr/lib/libz.so.1.1.3 | grep SONAME - - - The version part is the part which comes after - .so., so in our case, it is 1. The soname may - instead be of the form - name-major-version.so, such - as libdb-4.8.so, in which case the name would - be libdb and the version would be 4.8. -

+

+ If a symbols file for a shared library package + is available, dpkg-shlibdeps will always use it + in preference to a shlibs, with the exception + of debian/shlibs.local. The latter overrides + any other shlibs or symbols files. +

+ -

- dependencies has the same syntax as a dependency - field in a binary package control file. It should give - details of which packages are required to satisfy a binary - built against the version of the library contained in the - package. See for details. -

+ + The shlibs File Format -

- In our example, if the first version of the zlib1g - package which contained a minor number of at least - 1.3 was 1:1.1.3-1, then the - shlibs entry for this library could say: - -libz 1 zlib1g (>= 1:1.1.3) - - The version-specific dependency is to avoid warnings from - the dynamic linker about using older shared libraries with - newer binaries. -

+

+ Each shlibs file has the same format. Lines + beginning with # are considered to be comments and + are ignored. Each line is of the form: + + [type: ]library-name soname-version dependencies ... + +

-

- As zlib1g also provides a udeb containing the shared library, - there would also be a second line: - -udeb: libz 1 zlib1g-udeb (>= 1:1.1.3) - -

- +

+ We will explain this by reference to the example of the + zlib1g package, which (at the time of writing) + installs the shared + library /usr/lib/libz.so.1.2.3.4. +

- - Providing a shlibs file +

+ type is an optional element that indicates the + type of package for which the line is valid. The only type + currently in use is udeb. The colon and space + after the type are required. +

-

- If your package provides a shared library, you need to create - a shlibs file following the format described above. - It is usual to call this file debian/shlibs (but if - you have multiple binary packages, you might want to call it - debian/shlibs.package instead). Then - let debian/rules install it in the control - information file area: - -install -m644 debian/shlibs debian/tmp/DEBIAN - - or, in the case of a multi-binary package: - -install -m644 debian/shlibs.package debian/package/DEBIAN/shlibs - - An alternative way of doing this is to create the - shlibs file in the control information file area - directly from debian/rules without using - a debian/shlibs file at all, - This is what dh_makeshlibs in - the debhelper suite does. If your package - also has a udeb that provides a shared - library, dh_makeshlibs can automatically generate - the udeb: lines if you specify the name of the udeb - with the --add-udeb option. - - since the debian/shlibs file itself is ignored by - dpkg-shlibdeps. -

+

+ library-name is the name of the shared library, + in this case libz. (This must match the name part + of the soname, see below.) +

-

- As dpkg-shlibdeps reads the - DEBIAN/shlibs files in all of the binary packages - being built from this source package, all of the - DEBIAN/shlibs files should be installed before - dpkg-shlibdeps is called on any of the binary - packages. -

- +

+ soname-version is the version part of the + ELF SONAME attribute of the library, determined the + same way that the soversion component of the + recommended shared library package name is determined. + See for the details. +

+ +

+ dependencies has the same syntax as a dependency + field in a binary package control file. It should give + details of which packages are required to satisfy a binary + built against the version of the library contained in the + package. See for details on the + syntax, and for details on how + to maintain the dependency version constraint. +

+ +

+ In our example, if the last change to the zlib1g + package that could change behavior for a client of that + library was in version 1:1.2.3.3.dfsg-1, then + the shlibs entry for this library could say: + + libz 1 zlib1g (>= 1:1.2.3.3.dfsg) + + This version restriction must be new enough that any binary + built against the current version of the library will work + with any version of the shared library that satisfies that + dependency. +

+ +

+ As zlib1g also provides a udeb containing the shared + library, there would also be a second line: + + udeb: libz 1 zlib1g-udeb (>= 1:1.2.3.3.dfsg) + +

+ + + + Providing a shlibs file + +

+ To provide a shlibs file for a shared library + binary package, create a shlibs file following + the format described above and place it in + the DEBIAN directory for that package during + the build. It will then be included as a control file for + that package + This is what dh_makeshlibs in + the debhelper suite does. If your + package also has a udeb that provides a shared + library, dh_makeshlibs can automatically + generate the udeb: lines if you specify the name + of the udeb with the --add-udeb option. + . +

+ +

+ Since dpkg-shlibdeps reads + the DEBIAN/shlibs files in all of the binary + packages being built from this source package, all of + the DEBIAN/shlibs files should be installed + before dpkg-shlibdeps is called on any of the + binary packages. +

+ + @@ -6161,11 +6852,11 @@ install -m644 debian/shlibs.package debian/package/DEBIAN/ File System Structure

- The location of all installed files and directories must - comply with the Filesystem Hierarchy Standard (FHS), - version 2.3, with the exceptions noted below, and except - where doing so would violate other terms of Debian - Policy. The following exceptions to the FHS apply: + The location of all files and directories must comply with the + Filesystem Hierarchy Standard (FHS), version 2.3, with the + exceptions noted below, and except where doing so would + violate other terms of Debian Policy. The following + exceptions to the FHS apply: @@ -6246,33 +6937,39 @@ install -m644 debian/shlibs.package debian/package/DEBIAN/ symlinked there, is relaxed to a recommendation.

+ +

+ The additional directory /run in the root + file system is allowed. /run + replaces /var/run, and the + subdirectory /run/lock + replaces /var/lock, with + the /var directories replaced by symlinks + for backwards compatibility. /run + and /run/lock must follow all of the + requirements in the FHS for /var/run + and /var/lock, respectively, such as file + naming conventions, file format requirements, or the + requirement that files be cleared during the boot + process. Files and directories residing + in /run should be stored on a temporary + file system. +

+

+ Packages must not assume the /run + directory exists or is usable without a dependency + on initscripts (>= 2.88dsf-13.3) until the + stable release of Debian supports /run. +

+

The following directories in the root filesystem are - additionally allowed: /run, - - The purpose of the /run hierarchy is storage of ephemeral - system state, that is, state information that should - not be preserved across a reboot. - Files and directories residing in /run - should be stored on a temporary filesystem. - The /run directory is a - replacement for /var/run; its - subdirectory /run/lock is a replacement for - /var/lock. - /run/ and /run/lock/ have been introduced - by most distributions and are on track to be - endorsed by the FHS. - Additionally, the subdirectory /run/shm - is a replacement for /dev/shm. - - /sys and /selinux. - - The /sys and /selinux - directories are mount points where - virtual filesystems are mounted which provide access - to kernel information. - + additionally allowed: /sys and + /selinux. These directories + are used as mount points to mount virtual filesystems + to get access to kernel information. +

@@ -6407,6 +7104,29 @@ rmdir /usr/local/share/emacs 2>/dev/null || true though the spool may still be physically located there.

+ + + /run and /run/lock + +

+ The directory /run is cleared at boot, normally + by being a mount point for a temporary file system. Packages + therefore must not assume that any files or directories + under /run other than /run/lock + exist unless the package has arranged to create those files or + directories since the last reboot. Normally, this is done by + the package via an init script. See + for more information. +

+ +

+ Packages must not include files or directories + under /run, or under the + older /var/run and /var/lock paths. + The latter paths will normally be symlinks or other + redirections to /run for backwards compatibility. +

+ @@ -6781,17 +7501,14 @@ test -f program-executed-later-in-script || exit 0

- Files and directories under /run, including those - in directories /var/run and /var/lock - which are symlinks or bind mounts to subdirectories of - /run, are normally stored on a temporary + Files and directories under /run, including ones + referred to via the compatibility paths /var/run + and /var/lock, are normally stored on a temporary filesystem and are normally not persistent across a reboot. - Consequently, packages cannot assume that these files or - directories are present at system boot time. - Files and directories under /run must not be - included in packages; such files or directories - must be created dynamically, for example, in the - init.d script. + The init.d scripts must handle this correctly. + This will typically mean creating any required subdirectories + dynamically when the init.d script is run. + See for more information.

@@ -7332,33 +8049,28 @@ Reloading description configuration...done.

- Packages which provide the ability to view/show/play, - compose, edit or print MIME types should register themselves - as such following the current MIME support policy. + Packages which provide programs to view/show/play, compose, edit or + print MIME types should register them as such by placing a file in + format (RFC 1524) in the directory + /usr/lib/mime/packages/. The file name should be the + binary package's name.

The mime-support package provides the - update-mime program which allows packages to - register programs that can show, compose, edit or print - MIME types. -

- -

- Packages containing such programs must register them - with update-mime as documented in . They should not depend - on, recommend, or suggest mime-support. Instead, - they should just put something like the following in the - postinst and postrm scripts: - - - if [ -x /usr/sbin/update-mime ]; then - update-mime - fi - + update-mime program, which integrates these + registrations in the /etc/mailcap file, using dpkg + triggers + Creating, modifying or removing a file in + /usr/lib/mime/packages/ using maintainer scripts will + not activate the trigger. In that case, it can be done by calling + dpkg-trigger --no-await /usr/lib/mime/packages from + the maintainer script after creating, modifying, or removing + the file. + . + Packages using this facility should not depend on, + recommend, or suggest mime-support.

- @@ -7572,6 +8284,74 @@ exec /usr/lib/foo/foo "$@"

+ + Alternate init systems +

+ A number of other init systems are available now in Debian that + can be used in place of sysvinit. Alternative + init implementations must support running SysV init scripts as + described at for compatibility. +

+

+ Packages may integrate with these replacement init systems by + providing implementation-specific configuration information about + how and when to start a service or in what order to run certain + tasks at boot time. However, any package integrating with other + init systems must also be backwards-compatible with + sysvinit by providing a SysV-style init script + with the same name as and equivalent functionality to any + init-specific job, as this is the only start-up configuration + method guaranteed to be supported by all init implementations. An + exception to this rule is scripts or jobs provided by the init + implementation itself; such jobs may be required for an + implementation-specific equivalent of the /etc/rcS.d/ + scripts and may not have a one-to-one correspondence with the init + scripts. +

+ + Event-based boot with upstart + +

+ Packages may integrate with the upstart event-based + boot system by installing job files in the + /etc/init directory. SysV init scripts for which + an equivalent upstart job is available must query the output of + the command initctl version for the string + upstart and avoid running in favor of the native + upstart job, using a test such as this: + +if [ "$1" = start ] && which initctl >/dev/null && initctl version | grep -q upstart +then + exit 1 +fi + +

+

+ Because packages shipping upstart jobs may be installed on + systems that are not using upstart, maintainer scripts must + still use the common update-rc.d and + invoke-rc.d interfaces for configuring runlevels + and for starting and stopping services. These maintainer + scripts must not call the upstart start, + restart, reload, or stop + interfaces directly. Instead, implementations of + invoke-rc.d must detect when upstart is running and + when an upstart job with the same name as an init script is + present, and perform the requested action using the upstart job + instead of the init script. +

+

+ Dependency-based boot managers for SysV init scripts, such as + startpar, may avoid running a given init script + entirely when an equivalent upstart job is present, to avoid + unnecessary forking of no-op init scripts. In this case, the + boot manager should integrate with upstart to detect when the + upstart job in question is started or stopped to know when the + dependency has been satisfied. +

+ + + @@ -7723,8 +8503,9 @@ INSTALL = install -s # (or use strip on the files in debian/tmp) Although not enforced by the build tools, shared libraries must be linked against all libraries that they use symbols from in the same way that binaries are. This ensures the correct - functioning of the shlibs - system and guarantees that all libraries can be safely opened + functioning of the symbols + and shlibs + systems and guarantees that all libraries can be safely opened with dlopen(). Packagers may wish to use the gcc option -Wl,-z,defs when building a shared library. Since this option enforces symbol resolution at build time, @@ -7940,10 +8721,13 @@ fname () {

You may wish to restrict your script to SUSv3 features plus the above set when possible so that it may use /bin/sh - as its interpreter. If your script works with dash - (originally called ash), it probably complies with - the above requirements, but if you are in doubt, use - /bin/bash. + as its interpreter. Checking your script + with checkbashisms from + the devscripts package or running your script + with an alternate shell such as posh may help + uncover violations of the above requirements. If in doubt + whether a script complies with these requirements, + use /bin/bash.

@@ -9893,7 +10677,31 @@ END-INFO-DIR-ENTRY You should not use the copyright file as a general README file. If your package has such a file it should be installed in /usr/share/doc/package/README or - README.Debian or some other appropriate place.

+ README.Debian or some other appropriate place. +

+ +

+ All copyright files must be encoded in UTF-8. +

+ + + Machine-readable copyright information + +

+ A specification for a standard, machine-readable format + for debian/copyright files is maintained as part + of the debian-policy package. This + document may be found in the copyright-format + files in the debian-policy package. It is + also available from the Debian web mirrors at + . +

+ +

+ Use of this format is optional. +

+ @@ -10423,10 +11231,10 @@ END-INFO-DIR-ENTRY the PATH if necessary, and pass its second and subsequent arguments to the command it calls. If no root-command is supplied - then dpkg-buildpackage will take no - special action to gain root privilege, so that for - most packages it will have to be invoked as root to - start with.

+ then dpkg-buildpackage will use + the fakeroot command, which is sufficient + to build most packages without actually requiring root + privileges.

 -b, -B @@ -10509,82 +11317,10 @@ END-INFO-DIR-ENTRY

- This program is usually called from debian/rules - just before dpkg-gencontrol (see ), in the top level of the source tree. -

- -

- Its arguments are executables and shared libraries - -

- They may be specified either in the locations in the - source tree where they are created or in the locations - in the temporary build tree where they are installed - prior to binary package creation. -

- for which shared library dependencies should - be included in the binary package's control file. -

- -

- If some of the found shared libraries should only - warrant a Recommends or Suggests, or if - some warrant a Pre-Depends, this can be achieved - by using the -ddependency-field option - before those executable(s). (Each -d option - takes effect until the next -d.) -

- -

- dpkg-shlibdeps does not directly cause the - output control file to be modified. Instead by default it - adds to the debian/substvars file variable - settings like shlibs:Depends. These variable - settings must be referenced in dependency fields in the - appropriate per-binary-package sections of the source - control file. -

- -

- For example, a package that generates an essential part - which requires dependencies, and optional parts that - which only require a recommendation, would separate those - two sets of dependencies into two different fields. - At the time of writing, an example for this was the - - It can say in its debian/rules: - - dpkg-shlibdeps -dDepends program anotherprogram ... \ - -dRecommends optionalpart anotheroptionalpart - - and then in its main control file debian/control: - - ... - Depends: ${shlibs:Depends} - Recommends: ${shlibs:Recommends} - ... - -

- -

- Sources which produce several binary packages with - different shared library dependency requirements can use - the -pvarnameprefix option to override - the default shlibs: prefix (one invocation of - dpkg-shlibdeps per setting of this option). - They can thus produce several sets of dependency - variables, each of the form - varnameprefix:dependencyfield, - which can be referred to in the appropriate parts of the - binary package control files. + See .

- dpkg-distaddfile - adds a file to @@ -11349,7 +12085,7 @@ END-INFO-DIR-ENTRY dpkg-divert --package smailwrapper --remove --rename \ --divert /usr/sbin/smail.real /usr/sbin/smail fi - where 1.02-2 is the version at which the + where 1.0-2 is the version at which the diversion was first added to the package. The postrm should not remove the diversion on upgrades both because there's no reason to remove the diversion only to immediately re-add it and since the