X-Git-Url: https://git.donarmstrong.com/?p=debian%2Fdebian-policy.git;a=blobdiff_plain;f=policy.sgml;h=404dc7373f80cdc20bf793e064d7163e3885518f;hp=58ef0eafdd882684884f04ab51f42468d5f1893b;hb=HEAD;hpb=a1de01868a49bf7eb4694829495f8ad1e69de800 diff --git a/policy.sgml b/policy.sgml index 58ef0ea..404dc73 100644 --- a/policy.sgml +++ b/policy.sgml @@ -158,6 +158,14 @@ distributed in some other way or is intended for local use only.
+ +
+ udebs (stripped-down binary packages used by the Debian Installer) do
+ not comply with all of the requirements discussed here. See the
+
Essential is defined as the minimal set of functionality that
must be available and usable on the system at all times, even
- when packages are in an unconfigured (but unpacked) state.
+ when packages are in the "Unpacked" state.
Packages are tagged essential for a system using the
Essential control field. The format of the
Essential control field is described in dpkg to stave off boredom on
- the part of a user installing many packages. This means,
- amongst other things, using the --quiet option on
-
@@ -1353,7 +1360,7 @@ zope.
installed together. If
The maintainer name and email address used in the changelog
- should be the details of the person uploading this
- version. They are not necessarily those of the
- usual package maintainer.
The following targets are required and must be implemented
by
+ For packages in the main archive, no required targets + may attempt network access. +
The targets are as follows: @@ -2153,7 +2168,7 @@ zope.
The architectures we build on and build for are determined
by
@@ -2548,7 +2562,9 @@ Package: libc6 the field name is Package and the field value libc6.
- + Empty field values are only permitted in source package control files
+ (
A paragraph must not contain more than one instance of a
particular field name.
@@ -2691,6 +2707,7 @@ Package: libc6
file. These tools are responsible for removing the line
breaks from such fields when using fields from
@@ -2750,6 +2767,7 @@ Package: libc6
The special value byhand for the section in a .changes file indicates that the file in question - is not an ordinary package file and must by installed by + is not an ordinary package file and must be installed by hand by the distribution maintainers. If the section is byhand the priority should be -.
@@ -3831,6 +3849,26 @@ Checksums-Sha256: this value is assumed for paragraphs lacking this field. + ++ Folded field containing a single git commit hash, presented in + full, followed optionally by whitespace and other data to be + defined in future extensions. +
+ +
+ Declares that the source package corresponds exactly to a
+ referenced commit in a Git repository available at the canonical
+ location called dgit-repos, used by
The new package's status is now sane, and recorded as - "unpacked". + "Unpacked".
@@ -4588,7 +4625,7 @@ fi
No attempt is made to unwind after errors during configuration. If the configuration fails, the package is in - a "Failed Config" state, and an error message is generated. + a "Half-Configured" state, and an error message is generated.
@@ -4708,8 +4745,8 @@ fi dependencies on other packages, the package names listed may also include lists of alternative package names, separated by vertical bar (pipe) symbols |. In such a case, - if any one of the alternative packages is installed, that - part of the dependency is considered to be satisfied. + that part of the dependency can be satisfied by any one of + the alternative packages.
@@ -5040,11 +5077,11 @@ Build-Depends: foo [linux-any], bar [any-i386], baz [!linux-any] be unpacked the pre-dependency can be satisfied if the depended-on package is either fully configured, or even if the depended-on - package(s) are only unpacked or in the "Half-Configured" + package(s) are only in the "Unpacked" or the "Half-Configured" state, provided that they have been configured correctly at some point in the past (and not removed or partially removed since). In this case, both the - previously-configured and currently unpacked or + previously-configured and currently "Unpacked" or "Half-Configured" versions must satisfy any version clause in the Pre-Depends field.
@@ -5399,7 +5436,7 @@ Depends: foo-data (>= 1.2-3)
+ The FHS requirement that architecture-independent
+ application-specific static files be located in
+
The optional rules related to user specific
@@ -6930,8 +6981,18 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
+ The requirement for C and C++ headers files to be
+ accessible through the search path
+
@@ -6992,15 +7053,29 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
stable release of Debian supports
+ The
- The following directories in the root filesystem are
- additionally allowed:
+ The requirement for
On GNU/Hurd systems, the following additional @@ -7281,6 +7356,35 @@ rmdir /usr/local/share/emacs 2>/dev/null || true
+ This value must not be used, because it was + the error return sentinel value when uid_t + was 16 bits. +
+
+ Dynamically allocated user accounts. By
+ default
+ (uid_t)(-2) == (gid_t)(-2) must not be + used, because it is used as the anonymous, unauthenticated + user by some NFS implementations. +
+(uid_t)(-1) == (gid_t)(-1) must @@ -8404,7 +8508,17 @@ fi renamed. If a consensus cannot be reached, both programs must be renamed.
- ++ Binary executables must not be statically linked with the GNU C + library, since this prevents the binary from benefiting from + fixes and improvements to the C library without being rebuilt + and complicates security updates. This requirement may be + relaxed for binary executables whose intended purpose is to + diagnose and fix the system in situations where the GNU C + library may not be usable (such as system recovery shells or + utilities like ldconfig) or for binary executables where the + security benefits of static linking outweigh the drawbacks. +
By default, when a package is being built, any binaries
created should include debugging information, as well as
@@ -8813,6 +8927,7 @@ fname () {
would point to
@@ -8845,7 +8960,9 @@ ln -fs ../sbin/sendmail debian/tmp/usr/bin/runq
- A symbolic link pointing to a compressed file should always
+ A symbolic link pointing to a compressed file (in the sense
+ that it is meant to be uncompressed with
@@ -9463,6 +9582,23 @@ done
+ The name of the files installed by binary packages in the system PATH + (namely /bin, /sbin, /usr/bin, + /usr/sbin and /usr/games) must be encoded in + ASCII. +
+ ++ The name of the files and directories installed by binary packages + outside the system PATH must be encoded in UTF-8 and should be + restricted to ASCII when it is possible to do so. +
+Access to HTML documents
- -
- HTML documents for a package are stored in
-
- The web server should restrict access to the document - tree so that only clients on the same host can read - the documents. If the web server does not support such - access controls, then it should not provide access at - all, or ask about providing access during installation. -
+(Deleted)
The
+
+ Info readers requiring the
@@ -10537,45 +10662,77 @@ END-INFO-DIR-ENTRY
-
- Any additional documentation that comes with the package may
- be installed at the discretion of the package maintainer.
- Plain text documentation should be installed in the directory
-
- If a package comes with large amounts of documentation which - many users of the package will not require you should create - a separate binary package to contain it, so that it does not - take up disk space on the machines of users who do not need - or want it installed.
+ Plain text documentation should be compressed with gzip + -9 unless it is small. + + ++ If a package comes with large amounts of documentation that many + users of the package will not require, you should create a + separate binary package to contain it so that it does not take + up disk space on the machines of users who do not need or want + it installed. As a special case of this rule, shared library + documentation of any appreciable size should always be packaged + with the library development package () + or in a separate documentation package, since shared libraries + are frequently installed as dependencies of other packages by + users who have little interest in documentation of the library + itself. The documentation package for the + package package is conventionally + named package-doc + (or package-doc-language-code if there are + separate documentation packages for multiple languages). +
- It is often a good idea to put text information files
- (
+ Any separate package providing documentation must still install
+ standard documentation files in its
+ own
Packages must not require the existence of any files in
@@ -10595,18 +10752,6 @@ END-INFO-DIR-ENTRY
- -
- Former Debian releases placed all additional documentation
- in
- If your package comes with extensive documentation in a
+ If the package comes with extensive documentation in a
markup format that can be converted to various other formats
you should if possible ship HTML versions in a binary
- package, in the directory
-
@@ -10867,12 +11012,6 @@ END-INFO-DIR-ENTRY
- It also documents the interaction between
-
This manual does not go into detail about the options and usage of the package building and installation tools. It @@ -10882,10 +11021,7 @@ END-INFO-DIR-ENTRY
The utility programs which are provided with
@@ -10905,25 +11041,9 @@ END-INFO-DIR-ENTRY
- The binary package has two main sections. The first part
- consists of various control information files and scripts used
- by
- The second part is an archive containing the files and - directories to be installed. -
- -
- In the future binary packages may also contain other
- components, such as checksums and digital signatures. The
- format for the archive is described in full in the
-
-
- It is usually invoked by hand from the top level of the
- built or unbuilt source directory. It may be invoked with
- no arguments; useful arguments include:
-
- Do not sign the .changes file or the
- source package .dsc file, respectively.
- Invoke sign-command instead of finding
- gpg or pgp on the
- When root privilege is required, invoke the command
- root-command. root-command
- should invoke its first argument as a command, from
- the
- Two types of binary-only build and upload - see
-
- This program is usually called by package-independent
- automatic building scripts such as
-
- It is usually called in the top level of a built source
- tree, and when invoked with no arguments will print out a
- straightforward
- This program is used internally by
-
- This program can be used manually, but is also invoked by
- dpkg-buildpackage or
+ Do not attempt to divert a conffile, as