1 <!doctype debiandoc system [
2 <!-- include version information so we don't have to hard code it
5 <!entity % versiondata SYSTEM "version.ent"> %versiondata;
9 Debian GNU/Linux Developer's Reference.
10 Copyright (C)1997,1998 Christian Schwarz;
11 released under the terms of the GNU
12 General Public License, version 2 or (at your option) any later.
17 Topics to be included someday:
18 - bugs in upstream versions should be reported upstream!
24 <title>Debian Developer's Reference
25 <author>Christian Schwarz <email/schwarz@debian.org/
26 <author>based on earlier documents by Ian Jackson <email/ijackson@gnu.ai.mit.edu/
27 <version>version &version;, &date;
29 <copyright>Copyright ©1997,1998 Christian Schwarz.
32 This manual is free software; you may redistribute it and/or modify it
33 under the terms of the GNU General Public License as published by the
34 Free Software Foundation; either version 2, or (at your option) any
38 This is distributed in the hope that it will be useful, but
39 <em>without any warranty</em>; without even the implied warranty of
40 merchantability or fitness for a particular purpose. See the GNU
41 General Public License for more details.
44 A copy of the GNU General Public License is available as
45 <tt>/usr/doc/copyright/GPL</tt> in the Debian GNU/Linux
46 distribution or on the World Wide Web at
47 <tt>http://www.gnu.org/copyleft/gpl.html</tt>. You can also obtain it
48 by writing to the Free Software Foundation, Inc., 59 Temple Place -
49 Suite 330, Boston, MA 02111-1307, USA.
54 <chapt>Applying to Become a Maintainer<p>
59 So, you've read all the documentation, you understand what
60 everything in the <prgn/hello/ example package is for, and
61 you're about to Debianise your favourite package. How do
62 you actually become a Debian developer so that your work can
63 be incorporated into the Project?
66 Firstly, subscribe to <prgn/debian-devel/ if you haven't
67 already. Send the word <tt/subscribe/ in the <em/Subject/
68 of a mail to <email/debian-devel-REQUEST@lists.debian.org/.
69 In case of problems contact the list administrator at
70 <email/listmaster@lists.debian.org/.
73 You should subscribe and lurk for a bit before doing any
74 coding, and you should post about your intentions to work on
75 something to avoid duplicated effort.
78 If you do not have a PGP key yet generate one. You should
79 probably read the PGP manual, as it has much important
80 information which is critical to its security. Many more
81 security failures are due to human error than to software
82 failure or high-powered spy techniques.
85 Due to export restrictions by the United States government
86 some Debian packages, including PGP, have been moved to an
87 ftp site outside of the United States. You can find the
88 current locations of those packages on
89 <ftpsite/ftp.debian.org/ in the
90 <ftppath>/pub/debian/README.non-US</> file.
93 If you live in a country where use of cryptography even for
94 authentication is forbidden then please contact us so we can
95 make special arrangements. This does not apply in France,
96 where I believe only encryption and not authentication is
100 <sect>Registering as a Debian developer
103 Before you decide to work in the Debian Project you have to
104 read the ``Debian Social Contract'' (available on
105 <tt/www.debian.org/).
107 After that, you should send a message to
108 <email/new-maintainer@debian.org/ to register as an
109 'offical' Debian developer so that you will be able to
110 upload your packages.
112 The message should say what you've done and who you are, and
113 should ask for an account on master and to be subscribed to
114 debian-private (the developers-only mailing list). It should
115 contain your PGP or RSA public key (extracted using `pgp
116 -kxa', in the case of PGP) for the database of keys which is
117 distributed on the FTP server
118 (<tt>doc/debian-keyring.tar.gz</tt>). Please be sure to
119 sign your request message with your chosen PGP or RSA
120 key. In addition, you have to mention that you've read the
121 ``Debian Social Contract'' (see above) and you are expected
122 to know where to find the ``Debian Policy Manual'' and the
123 ``Debian Packaging Manual.''
125 Please be sure to include your preferred login name on
126 master (seven characters or less), as well as the E-mail
127 address at which you'd prefer to be subscribed to
128 debian-private (typically this will be either your primary
129 mail address or your new debian.org address).
131 You should also include some mechanism by which we can
132 verify your real-life identity. For example, any of the
133 following mechanisms would suffice:
136 <item>A PGP or RSA key signed by any well-known signature,
137 such as any current Debian developer.
138 <item>A scanned (or physically mailed) copy of any formal
139 documents certifying your identity (such as a birth
140 certificate, national ID card, U.S. Driver's License,
141 etc.). Please sign the image with your PGP or RSA key.
144 The following mechanisms are discouraged, but are acceptable if
145 neither of the first two mechanisms is practical:
147 <item>A pointer to a phone listing at which you could be
148 reached (at our expense). This phone listing should
149 be verifiable independently through external means
150 such as a national directory-listing service or other
151 authoritative source.
152 <item>Any other mechanism by which you can establish your
153 real-life identity with reasonable certainty.
156 We're sorry about the inconvenience of requiring proof of
157 identity, but for the moment, such measures are
158 unfortunately the only way we can ensure the security and
159 reliability of our distribution.
162 Once this information is received and processed, you should
163 be contacted with information about your new Debian
164 maintainer account. If you don't hear anything within 7-10
165 days, please re-send your original message--the
166 new-maintainer volunteers are typically overworked, and
167 mistakes do occasionally happen.
173 There is a mailing list called <tt/debian-mentors/ which has
174 been set up for newbie maintainers who seek help with
175 initial packaging and other developer-related issues.
177 Every new developer is invited to subscribe to that list
178 (see <ref id="mailing-lists"> for details).
180 Those who prefer one-on-one help (e.g., via private emails)
181 should also post to that list and an experienced developer
182 will volunteer to help.
186 <chapt>Internet Servers<p>
188 <sect id="mailing-lists">Mailing lists<p>
190 The mailing list server is at <tt/lists.debian.org/. Mail
191 <tt/debian-<var/foo/-REQUEST@lists.debian.org/, where
192 <tt/debian-<var/foo// is the name of the list, with the word
193 <tt/subscribe/ in the Subject to subscribe or
194 <tt/unsubscribe/ to unsubscribe.
196 When replying to messages on the mailing list, please do not
197 send a carbon copy (<tt/CC/--this does not mean `courtesy
198 copy') to the original poster. Anyone who posts to a
199 mailing list should read it to see the responses.
201 In addition, all messages should usually only be sent to one
202 of the following mailing lists: <tt/debian-devel/,
203 <tt/debian-policy/, <tt/debian-user/, <tt/debian-announce/,
204 <tt/debian-devel-announce/.
206 As ever on the net, please trim down the quoting of articles
207 you're replying to. In general, please adhere to the usual
208 conventions for posting messages.
211 <sect>The master server
214 <sect>The FTP servers
217 <sect>The WWW servers
220 <chapt>The Debian Archive<p>
225 The Debian GNU/Linux distribution consists of a lot of
226 Debian packages (<tt/.deb/'s, currently more than 1000) and
227 a few additional files (documentation, installation disk
230 Here is an example directory tree of a complete Debian
235 main/binary-all/admin/
236 main/binary-all/base/
237 main/binary-all/comm/
238 main/binary-all/devel/
257 non-free/binary-i386/
258 non-free/binary-m86k/
263 As you can see, the top-level directory of the distribution
264 contains three directories, namely <em>main</>,
265 <em>contrib</>, and <em>non-free</>. These directories are
266 called <em>sections</>.
268 In each section, there is a directory with the source
269 packages (source), a directory for each supported
270 architecture (binary-i386, binary-m86k, etc.), and a
271 directory for architecture independent packages
274 The <em/main/ section contains additional directories which
275 holds the disk images and some essential pieces of
276 documentation required for installing the Debian
277 distribution on a specific architecture (disks-i386,
280 The <em/binary/ and <em/source/ directories are divided
281 further into <em/sub-sections/.
287 The <em>main section</> is what makes up the <em>Debian
288 GNU/Linux distribution</>. This is because the packages in
289 the other two sections do not fully comply with all our
292 For example, every package in the main distribution must
293 fully comply with the <em>Debian Free Software Guidelines</>
294 (DFSG) and with all other policy requirements as described
295 in the <em>Debian Policy Manual</em>. (The DFSG is our
296 definition of ``free software.'' Check out the Debian Policy
299 The packages which do not apply to the DFSG are placed in
300 the <em>non-free</> section. These packages are not
301 considered as part of the Debian distribution, though we
302 support their use, and we provide infrastructure (such as
303 our bug-tracking system and mailing lists) for non-free
306 Packages in the <em>contrib</> section have to apply to
307 the DFSG, but fail other requirements.
309 (The Debian Policy Manual contains a more exact definition
310 of the three sections. This is just meant to be an
313 The separation of the three sections at the top-level of
314 the archive is important for all people who want to
315 distribute Debian, either via FTP servers on the Internet
316 or on CD-ROMs: by distributing only the <em/main/ and
317 <em/contrib/ sections, one can avoid any legal risks,
318 since some packages in the <em/non-free/ section do not
319 allow commercial distribution, for example.
321 On the other hand, a CD-ROM vendor could easily check the
322 individual package licenses of the packages in <em/non-free/
323 and include as many on the CD-ROMs as he's allowed. (Since
324 this varies from vendor to vendor very much, this job can't
325 be done by the Debian developers.)
331 In the first days, the Linux kernel was only available for
332 the Intel i386 (or greater) platforms, and so was
333 Debian. But when Linux became more and more popular, the
334 kernel was ported to other architectures, too.
336 The Linux 2.0 kernel supports Intel, DEC Alphas, SUN Sparcs,
337 M68000 machines (like Atari and Amiga), MIPS, and
340 Debian GNU/Linux 1.3 is only available for Intel
341 platforms. One of the goals for Debian 2.0 is to support
342 some of the other architectures, too.
348 The sections <em/main/, <em/contrib/, and <em/non-free/ are
349 split into <em/sub sections/, to simplify the installation
350 process and the maintainance of the archive.
356 There are two types of Debian packages, namely <em/source/
357 and <em/binary/ packages.
359 Source packages consist of either two or three files: a
360 <tt/.dsc/ file, and either one <tt/.tar.gz/ file or a
361 <tt/.orig.tar.gz/ and a <tt/.diff.gz/ file.
363 If a package is developed specially for Debian and is not
364 distributed outside of Debian, there is just one
365 <tt/.tar.gz/ file which contains the sources of the program.
367 If a package is distributed elsewhere too, the
368 <tt/.orig.tar.gz/ file stores the so-called <em/upstream
369 source code/, that is the source code that's distributed
370 from the <em/upstream maintainer/ (author). In this case,
371 the <tt/.diff.gz/ contains the changes made by the Debian
374 The <tt/.dsc/ lists all components of the source package
375 together with checksums (md5sums) and some additional info
376 about the package (maintainer, version, etc.).
379 <sect>Distribution directories
382 If you have a look at the Debian FTP server or one of its
383 mirrors, you'll discover that there is one additional
384 directory level on top of the directory tree, as described
385 in the previous chapter. These directories are the
386 <em/distribution directories/.
388 There is always a distribution called <em/stable/ and one
389 called <em/unstable/. This reflects the development process
390 of the Debian project:
392 The ``development'' is done in the <em/unstable/
393 distribution (that's why this distribution is sometimes
394 called <em/development distribution/). Every Debian
395 developer can update his/her packages in this distribution
396 at any time. Thus, the contents of this distribution changes
397 from day to day and since no special effort is done to test
398 this distribution it's sometimes ``unstable.''
400 After about two months of development, the <em/unstable/
401 distribution is copied in a new distribution directory,
402 called <em/frozen/. After that, no changes are allowed to
403 the frozen distribution, except bug fixes. (That's why it's
406 After another month or a little longer, the <em/frozen/
407 distribution is renamed to <em/stable/, overriding the old
408 <em/stable/ distribution, which is removed at that time.
410 This development cycle is based on the assumption, that the
411 once `unstable' distribution finally becomes `stable' after
412 passing one month of testing. Unfortunately, a few bugs
413 still remain--that's why the stable distribution is updated
414 every few weeks. However, these updates are tested very
415 carefully and have to be acknowledged individually to reduce
416 the risk of introducing new bugs.
418 Note, that development is continued during the ``freeze''
419 period, since a new ``unstable'' distribution will be
420 created at that time.
422 In summary, there is always a <em/stable/ and an
423 <em/unstable/ distribution available and the <em/frozen/
424 distribution shows up for a month from time to time.
427 <sect>Release code names
429 Every released Debian distribution has a <em/code name/:
430 Debian 1.1 is called <em/buzz/, Debian 1.2 <em/rex/, Debian
431 1.3 <em/bo/, Debian 2.0 <em/hamm/, etc.
433 Since the Debian has an open development (i.e. everyone can
434 participate and follow the development) even the
435 ``development versions'' (unstable) are distributed via the
436 Internet on the Debian FTP server. This FTP server is
437 mirrored by lots of other systems. Thus, if we'd call the
438 directory which contains the development version simply
439 `unstable', then we would have to rename it to `stable' when
440 the version is released, which would cause all FTP mirrors
441 to re-get the whole distribution (which is already very
444 On the other hand, if we would call the distribution
445 directories <em>Debian-x.y</em> from the beginning, people
446 would think that Debian release <em>x.y</> is
447 available. (This happened in the past, where a CD-ROM vendor
448 built a Debian 1.0 CD-ROM based on a pre-1.0 development
449 version. That's the reason why the first official Debian
450 release was 1.1, and not 1.0.)
452 Thus, the names of the distribution directories in the
453 archive should stay the same during the development period
454 and after the release but there may be symbolic links, which
457 That's why the distribution directories use the <em/code
458 names/ and there are symbolic links <em/stable/,
459 <em/unstable/, <em/frozen/, etc. which point to the
460 appriopriate release directories.
463 <chapt>Package uploads<p>
465 <sect>Announcing new packages
467 If you want to create a new package for the Debian
468 distribution, you have to send a short email to
469 <em/debian-devel/ describing your plans before you upload
472 This has the following advantages:
475 <item>It helps the (potentially new) maintainer to tap
476 into the experience of people on the list, and lets
477 them know if any one else is working on it already
479 <item>It lets other people thinking about working on the
480 package know that there already is a volunteer, and
481 efforts may be shared
483 <item>It lets the rest of the maintainers know more about
484 the package than the one line description and the
485 changelog entry "Initial version" that generally gets
486 posted to debian-devel-changes by default
488 <item>It is helpful to the people who live off unstable
489 (and form our first line of testers); we should
490 encourage these people
492 <item>I think the announcements gives us a better feel of
493 what is going on, and what is new, in the project.
495 <item>We should not dismiss anybody who installs from
496 unstable and helps us debug our packages as "fools,
497 fools, you installed from unstable; you deserve what
498 you get"--we derive a certain benefit from the alpha
501 <item>If we appreciate alpha testers, than any name
502 changes have to be backwards compatible with the
503 people who already installed the old package (conflict
504 and replace old package name at a minimum)
507 <sect>Uploading a package
510 <sect1>Generating the changes file
513 When a package is uploaded to the Debian FTP archive, it
514 must be accompanied by a <tt/.changes/ file which gives
515 directions for its handling. This is usually generated by
516 <prgn/dpkg-genchanges/.
519 This file is a control file with the following fields:
525 <item><tt/Architecture/
527 <item><tt/Distribution/
529 <item><tt/Maintainer/
530 <item><tt/Description/
536 All of them are mandatory for a Debian upload. See the
537 list of control fields in the <em/Debian Packaging Manual/
538 for the contents of these fields.
541 The first time a version is uploaded which corresponds to
542 a particular upstream version the original source tar file
543 should be uploaded and included in the <tt/.changes/ file;
544 subsequent times the very same tar file should be used to
545 build the new diffs and <tt/.dsc/ files, and it need not
549 By default <prgn/dpkg-genchanges/ and
550 <prgn/dpkg-buildpackage/ will include the original source
551 tar-file if and only if the Debian revision part of the
552 source version number is <tt/0/ or <tt/1/, indicating a
553 new upstream version. This behaviour may be modified by
554 using <tt/-sa/ to always include it or <tt/-sd/ to always
558 If no original source is included in the upload then the
559 original source tar-file used by <prgn/dpkg-source/ when
560 constructing the <tt/.dsc/ file and diff to be uploaded
561 <em/must/ be byte-for-byte identical with the one already
562 in the archive. If there is some reason why this is not
563 the case then the new version of the original source
564 should be uploaded, possibly by using the <tt/-sa/ flag.
567 <sect1>Transferring the files to master
569 To upload a package, you need a personal account on the
570 master server. Just log in via ftp and transfer the
572 `<tt>/home/Debian/ftp/private/project/Incoming</tt>.'
573 (You cannot upload to Incoming on master using anonymous
574 FTP--you must use your user-name and password.)
576 You may also find the Debian package '<tt>dupload</tt>'
577 useful in uploading new packages to master. See the
578 '<tt>dupload</tt>' documentation for more information.
581 <sect1>Uploads via Chiark
583 If you have a slow network connection to the master
584 system, there are two alternatives: You can upload files
585 to Incoming via a cron-driven upload queue in Europe on
586 ftp.chiark.greenend.org.uk. For details connect to chiark
587 using anonymous FTP and read
588 <tt>/pub/debian/private/project/README.how-to-upload</tt>.
590 The program <tt/dupload/ support uploads to chiark, please
591 refer to the documentation that comes with the program,
595 <sect1>Uploads via Erlangen
597 Another cron-driven upload queue is available in Germany:
598 Just upload the files via anonymous FTP to
599 <tt>ftp://ftp.uni-erlangen.de/pub/Linux/debian/UploadQueue</>.
601 The upload must be a complete Debian upload, as you would
602 put it into master's incoming, i.e. a <tt/.changes/ files
603 along with the other files mentioned in the
604 <tt/.changes/. The queue daemon also checks that the
605 <tt/.changes/ is correctly PGP-signed by a Debian
606 developer, so that no bogus files can find their way to
607 master via the queue. Please also make sure that the
608 <tt/Maintainer:/ field in the <tt/.changes/ contains
609 *your* e-mail address. The address found there is used for
610 all replies, just as on master.
612 There's no need to move your files into a second directory
613 after the upload as on chiark. And, in any case, you
614 should get some mail reply from the queue daemon what
615 happened to your upload. Hopefully it should have been
616 moved to master, but in case of errors you're notified,
619 The program <tt/dupload/ support uploads to erlangen,
620 please refer to the documentation that comes with the
621 program, for details.
624 <sect1>Uploading to the non-us server
626 To upload a package to the <em/non-us/ server you just
627 have to transfer the files via anonymous ftp to
628 <tt>ftp://nonus.debian.org/pub/debian-non-US/Incoming</tt>.
629 Note, that the <tt>.changes</tt> file must have a valid
630 PGP signature from one of the keys of the developers
634 <sect>Announcing package uploads
636 When a package is uploaded an announcement should be posted
637 to one of the debian-changes lists. The announcement should
638 give the (source) package name and version number, and a
639 very short summary of the changes, in the <prgn/Subject/
640 field, and should contain the PGP-signed <tt/.changes/ file.
641 Some additional explanatory text may be added before the
642 start of the <tt/.changes/ file.
644 If a package is released with the <tt/Distribution:/ set to
645 <tt/stable/, the announcement is sent to
646 <email/debian-changes@lists.debian.org/.
648 If a package is released with <tt/Distribution:/ set to
649 <tt/unstable/, <tt/experimental/, or <tt/frozen/ (when
650 present), the announcement should be posted to
651 <email/debian-devel-changes@lists.debian.org/ instead.
654 <sect>Interim releases
656 Under certain circumstances it is necessary for someone
657 other than the usual package maintainer to make a release of
658 a package. For example, a porter for another architecture
659 may have to make some small changes to the source package
660 and does not wish to wait with uploading their release until
661 the main maintainer has incorporated the patch, or a serious
662 security problem may have come to light requiring immediate
665 When a security bug is detected a fixed package should be
666 uploaded as soon as possible. In this case, the Debian
667 Security Managers should get in contact with the package
668 maintainer to make sure a fixed package is uploaded within a
669 reasonable time (less than 48 hours). If the package
670 maintainer cannot provide a fixed package fast enough or if
671 he/she cannot be reached in time, the Security Manager
672 may upload a fixed package.
674 When someone other than the usual maintainer releases a
675 package they should add a new component to the
676 <var/debian-revision/ component of the version number--that
677 is, the portion after the (last) hyphen. This extra
678 component will start at <tt/1/. This is to avoid `stealing'
679 one of the usual maintainer's version numbers, possibly
680 disrupting their work. If there is no <var/debian-revision/
681 component in the version number then one should be created,
684 If it is absolutely necessary for someone other than the
685 usual maintainer to make a release based on a new upstream
686 version then the person making the release should start with
687 the <var/debian-revision/ value <tt/0.1/. The usual
688 maintainer of a package should start their
689 <var/debian-revision/ numbering at <tt/1/.
691 Maintainers other than the usual package maintainer should
692 make as few changes to the package as possible, and they
693 should always send a unified context diff (<tt/diff -u/)
694 detailing their changes to the bug tracking system properly
695 flagged with the correct package so that the usual
696 maintainer is kept aware of the situation. If the
697 non-maintainer upload fixes some bugs, the bug reports
698 should not be closed. However, the person making the
699 non-maintainer release should send a short message to the
700 bug tracking system to all the fixed bugs explaining that
701 they have been fixed. This way, the maintainer and other
702 people will get notified about that.
704 The normal maintainer should do at least one of
706 <item> apply the diff,
708 <item> read the diff and decide on each part of it
711 <item> if the maintainer decides not to apply the patch
712 but to release a new version, read the description of the
713 changes to the next upstream version and ensure that they
714 fix each problem that was fixed in the non-maintainer
718 In addition, the normal maintainer should <em/always/
719 include an entry in the changelog file documenting the
720 non-maintainer upload.
723 <sect>Maintainer changes
725 Periodically, a listing of packages in need of new
726 maintainers will be sent to the <tt>debian-devel</>
727 list. This list is also available at
728 <ftpsite>ftp.debian.org</> in
729 <ftppath>/debian/doc/package-developer/prospective-packages.html</>
730 If you wish to take over maintenance of any of those
731 packages, or if you can no longer maintain the packages you
732 have, or you simply want to know if any one is working on a
733 new package, send a message to
734 <email/override-change@debian.org/.
736 If you take over an old package, you probably want to be
737 listed as the package's official maintainer in the bug
738 system. This will happen automatically once you upload a new
739 version with an updated <tt/Maintainer:/ field. If you do
740 not expect to upload a new version for a while, send an
741 email to <email/override-change@debian.org/ so that bug
742 reports will go to you.
745 <chapt>Handling bug reports<p>
747 <sect>Reporting lots of bugs at once
749 If you report more then 10 bugs on the same topic at once,
750 it is recommended that you send a message to debian-devel
751 describing your intention before submitting the report. This
752 will allow other developers to verify that the bug is a real
753 problem. In addition, it will prevent the situation where
754 several maintainers start filing the same bug report
757 Note, that when sending lots of bugs on the same subject,
758 you should send the bug report to
759 <tt/maintonly@bugs.debian.org/ so that the bug report is not
760 forwarded to the bug distribution mailing list.