Posts from 2005–2010 temporarily unavailable.

Debian Policy started off the Debian 11 “bullseye” release cycle with the release of Debian Policy 4.4.0.0. Please consider helping us fix more bugs and prepare more releases (whether or not you’re at DebCamp19!).

Consensus has been reached and help is needed to write a patch:

#425523 Describe error unwind when unpacking a package fails

#452393 Clarify difference between required and important priorities

#582109 document triggers where appropriate

#592610 Clarify when Conflicts + Replaces et al are appropriate

#682347 mark ‘editor’ virtual package name as obsolete

#685506 copyright-format: new Files-Excluded field

#749826 [multiarch] please document the use of Multi-Arch field in debian/c…

#757760 please document build profiles

#770440 policy should mention systemd timers

#823256 Update maintscript arguments with dpkg >= 1.18.5

#905453 Policy does not include a section on NEWS.Debian files

#907051 Say much more about vendoring of libraries

Wording proposed, awaiting review from anyone and/or seconds by DDs:

#786470 [copyright-format] Add an optional “License-Grant” field

#919507 Policy contains no mention of /var/run/reboot-required

#920692 Packages must not install files or directories into /var/cache

#922654 Section 9.1.2 points to a wrong FHS section?

Posted Sat 20 Jul 2019 12:37:39 UTC Tags:

At a sprint over the weekend, Ian Jackson and I designed and implemented a system to make it possible for Debian Developers to upload new versions of packages by simply pushing a specially formatted git tag to salsa (Debian’s GitLab instance). That’s right: the only thing you will have to do to cause new source and binary packages to flow out to the mirror network is sign and push a git tag.

It works like this:

  1. DD signs and pushes a git tag containing some metadata. The tag is placed on the commit you want to release (which is probably the commit where you ran dch -r).

  2. This triggers a GitLab webhook, which passes the public clone URI of your salsa project and the name of the newly pushed tag to a cloud service called tag2upload.

  3. tag2upload verifies the signature on the tag against the Debian keyring,1 produces a .dsc and .changes, signs these, and uploads the result to ftp-master.2

    (tag2upload does not have, nor need, push access to anyone’s repos on salsa. It doesn’t make commits to the maintainer’s branch.)

  4. ftp-master and the autobuilder network push out the source and binary packages in the usual way.

The first step of this should be as easy as possible, so we’ve produced a new script, git debpush, which just wraps git tag and git push to sign and push the specially formatted git tag.

We’ve fully implemented tag2upload, though it’s not running in the cloud yet. However, you can try out this workflow today by running tag2upload on your laptop, as if in response to a webhook. We did this ourselves for a few real uploads to sid during the sprint.

  1. First get the tools installed. tag2upload reuses code from dgit and dgit-infrastructure, and lives in bin:dgit-infrastructure. git debpush is in a completely independent binary package which does not make any use of dgit.3

    % apt-get install git-debpush dgit-infrastructure dgit debian-keyring

    (you need version 9.1 of the first three of these packages, in Debian testing, unstable and buster-backports at the time of writing).

  2. Prepare a source-only upload of some package that you normally push to salsa. When you are ready to upload this, just type git debpush.

    If the package is non-native, you will need to pass a quilt option to inform tag2upload what git branch layout you are using—it has to know this in order to produce a .dsc. See the git-debpush(1) manpage for the supported quilt options.

    The quilt option you select gets stored in the newly created tag, so for your next upload you won’t need it, and git debpush alone will be enough.

    See the git-debpush(1) manpage for more options, but we’ve tried hard to ensure most users won’t need any.

  3. Now you need to simulate salsa’s sending of a webhook to the tag2upload service. This is how you can do that:

    % mkdir -p ~/tmp/t2u
    % cd ~/tmp/t2u
    % DGIT_DRS_EMAIL_NOREPLY=myself@example.org dgit-repos-server \
        debian . /usr/share/keyrings/debian-keyring.gpg,a --tag2upload \
        https://salsa.debian.org/dgit-team/dgit-test-dummy.git debian/1.23
    

    … substituting your own service admin e-mail address, salsa repo URI and new tag name.

    Check the file ~/tmp/t2u/overall.log to see what happened, and perhaps take a quick look at Debian’s upload queue.

A few other notes about trying this out:

  • tag2upload will delete various files and directories in your working directory, so be sure to invoke it in an empty directory like ~/tmp/t2u.

  • You won’t see any console output, and the command might feel a bit slow. Neither of these will matter when tag2upload is running as a cloud service, of course. If there is an error, you’ll get an e-mail.

  • Running the script like this on your laptop will use your default PGP key to sign the .dsc and .changes. The real cloud service will have its own PGP key.

  • The shell invocation given above is complicated, but once the cloud service is deployed, no human is going to ever need to type it!

    What’s important to note is the two pieces of user input the command takes: your salsa repo URI, and the new tag name. The GitLab web hook will provide the tag2upload service with (only) these two parameters.

For some more discussion of this new workflow, see the git-debpush(1) manpage. We hope you have fun trying it out.


  1. Unfortunately, DMs can’t try tag2upload out on their laptops, though they will certainly be able to use the final cloud service version of tag2upload.
  2. Only source-only uploads are supported, but this is by design.
  3. Do not be fooled by the string ‘dgit’ appearing in the generated tags! We are just reusing a tag metadata convention that dgit also uses.
Posted Tue 09 Jul 2019 20:49:41 UTC

There has been very little activity in recent weeks (preparing the Debian buster release is more urgent than the Policy Manual for most contributors), so the list of bugs I posted in February is still valid.

Posted Wed 29 May 2019 23:35:20 UTC Tags:

Here’s are some of the bugs against the Debian Policy Manual. Please consider getting involved.

Consensus has been reached and help is needed to write a patch

#542288 Versions for native packages, NMU’s, and binary only uploads

#556015 Clarify requirements for linked doc directories

#578597 Recommend usage of dpkg-buildflags to initialize CFLAGS and al.

#682347 mark ‘editor’ virtual package name as obsolete

#685506 copyright-format: new Files-Excluded field

#759316 Document the use of /etc/default for cron jobs

#761219 document versioned Provides

#770440 policy should mention systemd timers

#902612 Packages should not touch users’ home directories

#905453 Policy does not include a section on NEWS.Debian files

#907051 Say much more about vendoring of libraries

Wording proposed, awaiting review from anyone and/or seconds by DDs

#786470 [copyright-format] Add an optional “License-Grant” field

#910548 base-files - please consider adding /usr/share/common-licenses/Unic…

#919507 Policy contains no mention of /var/run/reboot-required

#920692 Packages must not install files or directories into /var/cache

Merged for the next release

#897217 Vcs-Hg should support -b too

#917431 virtual packages: logind, default-logind

#920355 Permit branch specifications (”-b”) in Mercurial Vcs-Hg headers

#921963 add link to https://jenkins.debian.net/userContent/debian-policy in…

Posted Tue 26 Feb 2019 23:46:17 UTC Tags:

Here’s are some of the bugs against the Debian Policy Manual. Please consider getting involved.

Consensus has been reached and help is needed to write a patch

#770440 policy should mention systemd timers

#773557 Avoid unsafe RPATH/RUNPATH

#780725 PATH used for building is not specified

#793499 The Installed-Size algorithm is out-of-date

#823256 Update maintscript arguments with dpkg >= 1.18.5

#874019 Note that the ’-e’ argument to x-terminal-emulator works like ’–’

#874206 allow a trailing comma in package relationship fields

#902612 Packages should not touch users’ home directories

#905453 Policy does not include a section on NEWS.Debian files

#906286 repository-format sub-policy

#907051 Say much more about vendoring of libraries

Wording proposed, awaiting review from anyone and/or seconds by DDs

#645696 [copyright-format] clearer definitions and more consistent License:…

#662998 stripping static libraries

#682347 mark ‘editor’ virtual package name as obsolete

#737796 copyright-format: support Files: paragraph with both abbreviated na…

#756835 Extension of the syntax of the Packages-List field.

#786470 [copyright-format] Add an optional “License-Grant” field

#835451 Building as root should be discouraged

#910548 base-files - please consider adding /usr/share/common-licenses/Unic…

#917431 virtual packages: logind, default-logind

#920355 Permit branch specifications (”-b”) in Mercurial Vcs-Hg headers

Posted Sun 27 Jan 2019 04:51:07 UTC Tags:

I would like to push a release of Debian Policy but I want to include the patches in the following two bugs. If you are a DD, please consider reviewing and seconding the patches in these bugs so that I can do that.

EDIT 2018/xii/23: these are both now seconded – thanks gregor!


Posted Sat 22 Dec 2018 17:03:45 UTC Tags:

I have this systemd timer unit

[Unit]
Description=Run i3-rotate-wallpaper daily

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target

which says to start the i3-rotate-wallpaper.service unit at each midnight.

Persistent=true is meant to ensure that the unit is triggered immediately when the system resumes from suspend or is powered on, if at the most recent midnight it was suspended or powered off. The idea is that when I first use my computer each day, the wallpaper gets changed – I delight in seeing the wallpapers I’ve downloaded.

The problem is that Persistent=true only works if the timer has been triggered at least once when the system is not suspended and powered on. But my computer is almost never on at midnight. I don’t want to have to leave it turned on just for the first wallpaper change, or keep track of that when reinstalling the machine’s operating system.

The fix:

% mkdir -p "$HOME/.local/share/systemd/timers"
% touch "$HOME/.local/share/systemd/timers/stamp-i3-rotate-wallpaper.timer"
Posted Sat 22 Dec 2018 17:03:45 UTC Tags:

Here’s are some of the bugs against the Debian Policy Manual. Please consider getting involved.

Consensus has been reached and help is needed to write a patch

#853779 Clarify requirements about update-rc.d and invoke-rc.d usage in mai…

#874019 Note that the ’-e’ argument to x-terminal-emulator works like ’–’

#874206 allow a trailing comma in package relationship fields

#902612 Packages should not touch users’ home directories

#905453 Policy does not include a section on NEWS.Debian files

#906286 repository-format sub-policy

#907051 Say much more about vendoring of libraries

Wording proposed, awaiting review from anyone and/or seconds by DDs

#786470 [copyright-format] Add an optional “License-Grant” field

#845255 Include best practices for packaging database applications

#850156 Please firmly deprecate vendor-specific series files

#897217 Vcs-Hg should support -b too

Merged for the next release (no action needed)

#188731 Also strip .comment and .note sections

#845715 Please document that packages are not allowed to write outside thei…

#912581 Slightly relax the requirement to include verbatim copyright inform…

Posted Mon 03 Dec 2018 19:20:50 UTC Tags:

Aristotle’s distinction in EN between brutishness and vice might be comparable to the distinction in Dungeons & Dragons between chaotic evil and lawful evil, respectively.

I’ve always thought that the forces of lawful evil are more deeply threatening than those of chaotic evil. In the Critical Hit podcast, lawful evil is equated with tyranny.

Of course, at least how I run it, Aristotelian ethics involves no notion of evil, only mistakes about the good.

Posted Thu 27 Sep 2018 20:12:09 UTC

Here’s a summary of some of the bugs against the Debian Policy Manual that are thought to be easy to resolve.

Please consider getting involved, whether or not you’re an existing contributor.

For more information, see our README.

#152955 force-reload should not start the daemon if it is not running

#172436 BROWSER and sensible-browser standardization

#188731 Also strip .comment and .note sections

#212814 Clarify relationship between long and short description

#273093 document interactions of multiple clashing package diversions

#314808 Web applications should use /usr/share/package, not /usr/share/doc/package

#348336 Clarify Policy around shared configuration files

#425523 Describe error unwind when unpacking a package fails

#491647 debian-policy: X font policy unclear around TTF fonts

#495233 debian-policy: README.source content should be more detailed

#649679 [copyright-format] Clarify what distinguishes files and stand-alone license paragraphs.

#682347 mark ‘editor’ virtual package name as obsolete

#685506 copyright-format: new Files-Excluded field

#685746 debian-policy Consider clarifying the use of recommends

#694883 copyright-format: please clarify the recommended form for public domain files

#696185 [copyright-format] Use short names from SPDX.

#697039 expand cron and init requirement to check binary existence to other scripts

#722535 debian-policy: To document: the “Binary-Only” field in Debian changes files.

#759316 Document the use of /etc/default for cron jobs

#770440 debian-policy: policy should mention systemd timers

#780725 PATH used for building is not specified

#794653 Recommend use of dpkg-maintscript-helper where appropriate

#809637 DEP-5 does not support filenames with blanks

#824495 debian-policy: Source packages “can” declare relationships

#833401 debian-policy: virtual packages: dbus-session-bus, dbus-default-session-bus

#845715 debian-policy: Please document that packages are not allowed to write outside their source directories

#850171 debian-policy: Addition of having an ‘EXAMPLES’ section in manual pages debian policy 12.1

#853779 debian-policy: Clarify requirements about update-rc.d and invoke-rc.d usage in maintainer scripts

#904248 Add netbase to build-essential

Posted Thu 27 Sep 2018 20:07:15 UTC Tags: