File: //usr/share/doc/debian-policy/policy.html/ch-customized-programs.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
<title>11. Customized programs — Debian Policy Manual v4.6.0.1</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="_static/nature.css" />
<script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="12. Documentation" href="ch-docs.html" />
<link rel="prev" title="10. Files" href="ch-files.html" />
</head><body>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="ch-docs.html" title="12. Documentation"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="ch-files.html" title="10. Files"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Debian Policy Manual v4.6.0.1</a> »</li>
<li class="nav-item nav-item-this"><a href=""><span class="section-number">11. </span>Customized programs</a></li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="customized-programs">
<h1><span class="section-number">11. </span>Customized programs<a class="headerlink" href="#customized-programs" title="Permalink to this headline">¶</a></h1>
<section id="architecture-specification-strings">
<span id="s-arch-spec"></span><h2><span class="section-number">11.1. </span>Architecture specification strings<a class="headerlink" href="#architecture-specification-strings" title="Permalink to this headline">¶</a></h2>
<p>If a program needs to specify an <em>architecture specification string</em> in
some place, it should select one of the strings provided by
<code class="docutils literal notranslate"><span class="pre">dpkg-architecture</span> <span class="pre">-L</span></code>. The strings are in the format <code class="docutils literal notranslate"><span class="pre">os-arch</span></code>, though the OS
part is sometimes elided, as when the OS is Linux.</p>
<p>Note that we don’t want to use <code class="docutils literal notranslate"><span class="pre">arch-debian-linux</span></code> to apply to the
rule <code class="docutils literal notranslate"><span class="pre">architecture-vendor-os</span></code> since this would make our programs
incompatible with other Linux distributions. We also don’t use something
like <code class="docutils literal notranslate"><span class="pre">arch-unknown-linux</span></code>, since the <code class="docutils literal notranslate"><span class="pre">unknown</span></code> does not look very
good.</p>
<section id="architecture-wildcards">
<span id="s-arch-wildcard-spec"></span><h3><span class="section-number">11.1.1. </span>Architecture wildcards<a class="headerlink" href="#architecture-wildcards" title="Permalink to this headline">¶</a></h3>
<p>A package may specify an architecture wildcard. Architecture wildcards
are in the format <code class="docutils literal notranslate"><span class="pre">any</span></code> (which matches every architecture),
<code class="docutils literal notranslate"><span class="pre">os</span></code>-any, or any-<code class="docutils literal notranslate"><span class="pre">cpu</span></code>. <a class="footnote-reference brackets" href="#id10" id="id1">1</a></p>
</section>
</section>
<section id="daemons">
<span id="s11-2"></span><h2><span class="section-number">11.2. </span>Daemons<a class="headerlink" href="#daemons" title="Permalink to this headline">¶</a></h2>
<p>The configuration files <code class="docutils literal notranslate"><span class="pre">/etc/services</span></code>, <code class="docutils literal notranslate"><span class="pre">/etc/protocols</span></code>, and
<code class="docutils literal notranslate"><span class="pre">/etc/rpc</span></code> are managed by the <code class="docutils literal notranslate"><span class="pre">netbase</span></code> package and must not be
modified by other packages.</p>
<p>If a package requires a new entry in one of these files, the maintainer
should get in contact with the <code class="docutils literal notranslate"><span class="pre">netbase</span></code> maintainer, who will add the
entries and release a new version of the <code class="docutils literal notranslate"><span class="pre">netbase</span></code> package.</p>
<p>The configuration file <code class="docutils literal notranslate"><span class="pre">/etc/inetd.conf</span></code> must not be modified by the
package’s scripts except via the <code class="docutils literal notranslate"><span class="pre">update-inetd</span></code> script or the
<code class="docutils literal notranslate"><span class="pre">DebianNet.pm</span></code> Perl module. See their documentation for details on how
to add entries.</p>
<p>If a package wants to install an example entry into <code class="docutils literal notranslate"><span class="pre">/etc/inetd.conf</span></code>,
the entry must be preceded with exactly one hash character (<code class="docutils literal notranslate"><span class="pre">#</span></code>). Such
lines are treated as “commented out by user” by the <code class="docutils literal notranslate"><span class="pre">update-inetd</span></code>
script and are not changed or activated during package updates.</p>
</section>
<section id="using-pseudo-ttys-and-modifying-wtmp-utmp-and-lastlog">
<span id="s11-3"></span><h2><span class="section-number">11.3. </span>Using pseudo-ttys and modifying wtmp, utmp and lastlog<a class="headerlink" href="#using-pseudo-ttys-and-modifying-wtmp-utmp-and-lastlog" title="Permalink to this headline">¶</a></h2>
<p>Some programs need to create pseudo-ttys. This should be done using
Unix98 ptys if the C library supports it. The resulting program must not
be installed setuid root, unless that is required for other
functionality.</p>
<p>The files <code class="docutils literal notranslate"><span class="pre">/var/run/utmp</span></code>, <code class="docutils literal notranslate"><span class="pre">/var/log/wtmp</span></code> and <code class="docutils literal notranslate"><span class="pre">/var/log/lastlog</span></code>
must be installed writable by group <code class="docutils literal notranslate"><span class="pre">utmp</span></code>. Programs which need to
modify those files must be installed setgid <code class="docutils literal notranslate"><span class="pre">utmp</span></code>.</p>
</section>
<section id="editors-and-pagers">
<span id="s11-4"></span><h2><span class="section-number">11.4. </span>Editors and pagers<a class="headerlink" href="#editors-and-pagers" title="Permalink to this headline">¶</a></h2>
<p>Some programs have the ability to launch an editor or pager program to
edit or display a text document. Since there are lots of different
editors and pagers available in the Debian distribution, the system
administrator and each user should have the possibility to choose their
preferred editor and pager.</p>
<p>In addition, every program should choose a good default editor/pager if
none is selected by the user or system administrator.</p>
<p>Thus, every program that launches an editor or pager must use the EDITOR
or PAGER environment variable to determine the editor or pager the user
wishes to use. If these variables are not set, the programs
<code class="docutils literal notranslate"><span class="pre">/usr/bin/editor</span></code> and <code class="docutils literal notranslate"><span class="pre">/usr/bin/pager</span></code> should be used, respectively.
These commands may be invoked explicitly (e.g., as <code class="docutils literal notranslate"><span class="pre">/usr/bin/editor</span></code>) or
via a PATH search (e.g., as <code class="docutils literal notranslate"><span class="pre">editor</span></code>).</p>
<p>These two files are managed through the <code class="docutils literal notranslate"><span class="pre">dpkg</span></code> “alternatives”
mechanism. Every package providing an editor or pager must call the
<code class="docutils literal notranslate"><span class="pre">update-alternatives</span></code> script to register as an alternative for
<code class="docutils literal notranslate"><span class="pre">/usr/bin/editor</span></code> or <code class="docutils literal notranslate"><span class="pre">/usr/bin/pager</span></code> as appropriate. The
alternative should have a slave alternative for
<code class="docutils literal notranslate"><span class="pre">/usr/share/man/man1/editor.1.gz</span></code> or
<code class="docutils literal notranslate"><span class="pre">/usr/share/man/man1/pager.1.gz</span></code> pointing to the corresponding manual
page.</p>
<p>If it is very hard to adapt a program to make use of the EDITOR or PAGER
variables, that program may be configured to use
<code class="docutils literal notranslate"><span class="pre">/usr/bin/sensible-editor</span></code> and <code class="docutils literal notranslate"><span class="pre">/usr/bin/sensible-pager</span></code> as the
editor or pager program respectively. These are two scripts provided in
the sensible-utils package that check the EDITOR and PAGER variables and
launch the appropriate program, and fall back to <code class="docutils literal notranslate"><span class="pre">/usr/bin/editor</span></code> and
<code class="docutils literal notranslate"><span class="pre">/usr/bin/pager</span></code> if the variable is not set.</p>
<p>A program may also use the VISUAL environment variable to determine the
user’s choice of editor. If it exists, it should take precedence over
EDITOR. This is in fact what <code class="docutils literal notranslate"><span class="pre">/usr/bin/sensible-editor</span></code> does.</p>
<p>It is not required for a package to depend on <code class="docutils literal notranslate"><span class="pre">editor</span></code> and <code class="docutils literal notranslate"><span class="pre">pager</span></code>,
nor is it required for a package to provide such virtual
packages. <a class="footnote-reference brackets" href="#id11" id="id2">2</a></p>
</section>
<section id="web-servers-and-applications">
<span id="s-web-appl"></span><h2><span class="section-number">11.5. </span>Web servers and applications<a class="headerlink" href="#web-servers-and-applications" title="Permalink to this headline">¶</a></h2>
<p>This section describes the locations and URLs that should be used by all
web servers and web applications in the Debian system.</p>
<ol class="arabic">
<li><p>Cgi-bin executable files are installed in the directory</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="nb">bin</span>
</pre></div>
</div>
<p>or a subdirectory of that directory, and the script</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">lib</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="nb">bin</span><span class="o">/.../</span><span class="n">cgi</span><span class="o">-</span><span class="nb">bin</span><span class="o">-</span><span class="n">name</span>
</pre></div>
</div>
<p>should be referred to as</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="o">/</span><span class="n">cgi</span><span class="o">-</span><span class="nb">bin</span><span class="o">/.../</span><span class="n">cgi</span><span class="o">-</span><span class="nb">bin</span><span class="o">-</span><span class="n">name</span>
</pre></div>
</div>
</li>
<li><p>(Deleted)</p></li>
<li><p>Access to images</p>
<p>Images for a package should be stored in <code class="docutils literal notranslate"><span class="pre">/usr/share/images/package</span></code>
and referred to through an alias <code class="docutils literal notranslate"><span class="pre">/images/</span></code> as:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">localhost</span><span class="o">/</span><span class="n">images</span><span class="o">/</span><span class="n">package</span><span class="o">/</span><span class="n">filename</span>
</pre></div>
</div>
</li>
<li><p>Web Document Root</p>
<p>Web Applications should try to avoid storing files in the Web
Document Root. Instead they should use the /usr/share/doc/package
directory for documents. If access to the web document root is
unavoidable then use</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">www</span><span class="o">/</span><span class="n">html</span>
</pre></div>
</div>
<p>as the Document Root. This might be just a symbolic link to the
location where the system administrator has put the real document
root.</p>
</li>
<li><p>Providing httpd and/or httpd-cgi</p>
<p>All web servers should provide the virtual package <code class="docutils literal notranslate"><span class="pre">httpd</span></code>. If a
web server has CGI support it should provide <code class="docutils literal notranslate"><span class="pre">httpd-cgi</span></code>
additionally.</p>
<p>All web applications which do not contain CGI scripts should depend
on <code class="docutils literal notranslate"><span class="pre">httpd</span></code>, all those web applications which <code class="docutils literal notranslate"><span class="pre">do</span></code> contain CGI
scripts, should depend on <code class="docutils literal notranslate"><span class="pre">httpd-cgi</span></code>.</p>
</li>
</ol>
</section>
<section id="mail-transport-delivery-and-user-agents">
<span id="s-mail-transport-agents"></span><h2><span class="section-number">11.6. </span>Mail transport, delivery and user agents<a class="headerlink" href="#mail-transport-delivery-and-user-agents" title="Permalink to this headline">¶</a></h2>
<p>Debian packages which process electronic mail, whether mail user agents
(MUAs) or mail transport agents (MTAs), must ensure that they are
compatible with the configuration decisions below. Failure to do this
may result in lost mail, broken <code class="docutils literal notranslate"><span class="pre">From:</span></code> lines, and other serious brain
damage!</p>
<p>The mail spool is <code class="docutils literal notranslate"><span class="pre">/var/mail</span></code> and the interface to send a mail message
is <code class="docutils literal notranslate"><span class="pre">/usr/sbin/sendmail</span></code> (as per the FHS). On older systems, the mail
spool may be physically located in <code class="docutils literal notranslate"><span class="pre">/var/spool/mail</span></code>, but all access
to the mail spool should be via the <code class="docutils literal notranslate"><span class="pre">/var/mail</span></code> symlink. The mail
spool is part of the base system and not part of the MTA package.</p>
<p>All Debian MUAs, MTAs, MDAs and other mailbox accessing programs (such
as IMAP daemons) must lock the mailbox in an NFS-safe way. This means
that <code class="docutils literal notranslate"><span class="pre">fcntl()</span></code> locking must be combined with dot locking. To avoid
deadlocks, a program should use <code class="docutils literal notranslate"><span class="pre">fcntl()</span></code> first and dot locking after
this, or alternatively implement the two locking methods in a non
blocking way. <a class="footnote-reference brackets" href="#id12" id="id3">3</a> Using the functions <code class="docutils literal notranslate"><span class="pre">maillock</span></code> and
<code class="docutils literal notranslate"><span class="pre">mailunlock</span></code> provided by the <code class="docutils literal notranslate"><span class="pre">liblockfile*</span></code> packages is the
recommended way to accomplish this.</p>
<p>Mailboxes are generally either mode 600 and owned by user or mode 660
and owned by <code class="docutils literal notranslate"><span class="pre">user:mail</span></code>. <a class="footnote-reference brackets" href="#id13" id="id4">4</a> The local system administrator may
choose a different permission scheme; packages should not make
assumptions about the permission and ownership of mailboxes unless
required (such as when creating a new mailbox). A MUA may remove a
mailbox (unless it has nonstandard permissions) in which case the MTA or
another MUA must recreate it if needed.</p>
<p>The mail spool is 2775 <code class="docutils literal notranslate"><span class="pre">root:mail</span></code>, and MUAs should be setgid mail to
do the locking mentioned above (and must obviously avoid accessing other
users’ mailboxes using this privilege).</p>
<p><code class="docutils literal notranslate"><span class="pre">/etc/aliases</span></code> is the source file for the system mail aliases (e.g.,
postmaster, usenet, etc.), it is the one which the sysadmin and
<code class="docutils literal notranslate"><span class="pre">postinst</span></code> scripts may edit. After <code class="docutils literal notranslate"><span class="pre">/etc/aliases</span></code> is edited the
program or human editing it must call <code class="docutils literal notranslate"><span class="pre">newaliases</span></code>. All MTA packages
must come with a <code class="docutils literal notranslate"><span class="pre">newaliases</span></code> program, even if it does nothing, but
older MTA packages did not do this so programs should not fail if
<code class="docutils literal notranslate"><span class="pre">newaliases</span></code> cannot be found. Note that because of this, all MTA
packages must have <code class="docutils literal notranslate"><span class="pre">Provides</span></code>, <code class="docutils literal notranslate"><span class="pre">Conflicts</span></code> and
<code class="docutils literal notranslate"><span class="pre">Replaces:</span>  <span class="pre">mail-transport-agent</span></code> control fields.</p>
<p>The convention of writing <code class="docutils literal notranslate"><span class="pre">forward</span> <span class="pre">to</span> <span class="pre">address</span></code> in the mailbox itself is not supported. Use a
<code class="docutils literal notranslate"><span class="pre">.forward</span></code> file instead.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">rmail</span></code> program used by UUCP for incoming mail should be
<code class="docutils literal notranslate"><span class="pre">/usr/sbin/rmail</span></code>. Likewise, <code class="docutils literal notranslate"><span class="pre">rsmtp</span></code>, for receiving
batch-SMTP-over-UUCP, should be <code class="docutils literal notranslate"><span class="pre">/usr/sbin/rsmtp</span></code> if it is supported.</p>
<p>If your package needs to know what hostname to use on (for example)
outgoing news and mail messages which are generated locally, you should
use the file <code class="docutils literal notranslate"><span class="pre">/etc/mailname</span></code>. It will contain the portion after the
username and <code class="docutils literal notranslate"><span class="pre">@</span></code> (at) sign for email addresses of users on the machine
(followed by a newline).</p>
<p>Such a package should check for the existence of this file when it is
being configured. If it exists, it should be used without comment,
although an MTA’s configuration script may wish to prompt the user even
if it finds that this file exists. If the file does not exist, the
package should prompt the user for the value (preferably using
<code class="docutils literal notranslate"><span class="pre">debconf</span></code>) and store it in <code class="docutils literal notranslate"><span class="pre">/etc/mailname</span></code> as well as using it in
the package’s configuration. The prompt should make it clear that the
name will not just be used by that package. For example, in this
situation the <code class="docutils literal notranslate"><span class="pre">inn</span></code> package could say something like:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">Please</span> <span class="n">enter</span> <span class="n">the</span> <span class="s2">"mail name"</span> <span class="n">of</span> <span class="n">your</span> <span class="n">system</span><span class="o">.</span> <span class="n">This</span> <span class="ow">is</span> <span class="n">the</span> <span class="n">hostname</span> <span class="n">portion</span>
<span class="n">of</span> <span class="n">the</span> <span class="n">address</span> <span class="n">to</span> <span class="n">be</span> <span class="n">shown</span> <span class="n">on</span> <span class="n">outgoing</span> <span class="n">news</span> <span class="ow">and</span> <span class="n">mail</span> <span class="n">messages</span><span class="o">.</span> <span class="n">The</span>
<span class="n">default</span> <span class="ow">is</span> <span class="n">syshostname</span><span class="p">,</span> <span class="n">your</span> <span class="n">system</span><span class="s1">'s host name.</span>
<span class="n">Mail</span> <span class="n">name</span> <span class="p">[</span><span class="s2">"syshostname"</span><span class="p">]:</span>
</pre></div>
</div>
<p>where syshostname is the output of <code class="docutils literal notranslate"><span class="pre">hostname</span> <span class="pre">--fqdn</span></code>.</p>
</section>
<section id="news-system-configuration">
<span id="s11-7"></span><h2><span class="section-number">11.7. </span>News system configuration<a class="headerlink" href="#news-system-configuration" title="Permalink to this headline">¶</a></h2>
<p>All the configuration files related to the NNTP (news) servers and
clients should be located under <code class="docutils literal notranslate"><span class="pre">/etc/news</span></code>.</p>
<p>There are some configuration issues that apply to a number of news
clients and server packages on the machine. These are:</p>
<dl class="simple">
<dt><code class="docutils literal notranslate"><span class="pre">/etc/news/organization</span></code></dt><dd><p>A string which should appear as the organization header for all
messages posted by NNTP clients on the machine</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">/etc/news/server</span></code></dt><dd><p>Contains the FQDN of the upstream NNTP server, or localhost if the
local machine is an NNTP server.</p>
</dd>
</dl>
<p>Other global files may be added as required for cross-package news
configuration.</p>
</section>
<section id="programs-for-the-x-window-system">
<span id="s11-8"></span><h2><span class="section-number">11.8. </span>Programs for the X Window System<a class="headerlink" href="#programs-for-the-x-window-system" title="Permalink to this headline">¶</a></h2>
<section id="providing-x-support-and-package-priorities">
<span id="s11-8-1"></span><h3><span class="section-number">11.8.1. </span>Providing X support and package priorities<a class="headerlink" href="#providing-x-support-and-package-priorities" title="Permalink to this headline">¶</a></h3>
<p>Programs that can be configured with support for the X Window System
must be configured to do so and must declare any package dependencies
necessary to satisfy their runtime requirements when using the X Window
System. If such a package is of higher priority than the X packages on
which it depends, it is required that either the X-specific components
be split into a separate package, or that an alternative version of the
package, which includes X support, be provided, or that the package’s
priority be lowered.</p>
</section>
<section id="packages-providing-an-x-server">
<span id="s11-8-2"></span><h3><span class="section-number">11.8.2. </span>Packages providing an X server<a class="headerlink" href="#packages-providing-an-x-server" title="Permalink to this headline">¶</a></h3>
<p>Packages that provide an X server that, directly or indirectly,
communicates with real input and display hardware should declare in
their <code class="docutils literal notranslate"><span class="pre">Provides</span></code> control field that they provide the virtual package
<code class="docutils literal notranslate"><span class="pre">xserver</span></code>. <a class="footnote-reference brackets" href="#id14" id="id5">5</a></p>
</section>
<section id="packages-providing-a-terminal-emulator">
<span id="s11-8-3"></span><h3><span class="section-number">11.8.3. </span>Packages providing a terminal emulator<a class="headerlink" href="#packages-providing-a-terminal-emulator" title="Permalink to this headline">¶</a></h3>
<p>Packages that provide a terminal emulator for the X Window System which
meet the criteria listed below should declare in their <code class="docutils literal notranslate"><span class="pre">Provides</span></code>
control field that they provide the virtual package
<code class="docutils literal notranslate"><span class="pre">x-terminal-emulator</span></code>. They should also register themselves as an
alternative for <code class="docutils literal notranslate"><span class="pre">/usr/bin/x-terminal-emulator</span></code>, with a priority of 20.
That alternative should have a slave alternative for
<code class="docutils literal notranslate"><span class="pre">/usr/share/man/man1/x-terminal-emulator.1.gz</span></code> pointing to the
corresponding manual page.</p>
<p>To be an <code class="docutils literal notranslate"><span class="pre">x-terminal-emulator</span></code>, a program must:</p>
<ul class="simple">
<li><p>Be able to emulate a DEC VT100 terminal, or a compatible terminal.</p></li>
<li><p>Support the command-line option <code class="docutils literal notranslate"><span class="pre">-e</span> <span class="pre">command</span></code>, which creates a new
terminal window <a class="footnote-reference brackets" href="#id15" id="id6">6</a> and runs the specified command. <command> may
be multiple arguments, which form the argument list to the executed
program. In other words, the behavior is as though the arguments
were passed directly to <code class="docutils literal notranslate"><span class="pre">execvp</span></code>, bypassing the shell.
(<code class="docutils literal notranslate"><span class="pre">xterm</span></code>’s behavior of falling back on using the shell if <code class="docutils literal notranslate"><span class="pre">-e</span></code>
had a single argument and exec failed is permissible but not
required.)</p></li>
<li><p>Support the command-line option <code class="docutils literal notranslate"><span class="pre">-T</span> <span class="pre">title</span></code>, which creates a new
terminal window with the window title title.</p></li>
</ul>
</section>
<section id="packages-providing-a-window-manager">
<span id="s11-8-4"></span><h3><span class="section-number">11.8.4. </span>Packages providing a window manager<a class="headerlink" href="#packages-providing-a-window-manager" title="Permalink to this headline">¶</a></h3>
<p>Packages that provide a window manager should declare in their
<code class="docutils literal notranslate"><span class="pre">Provides</span></code> control field that they provide the virtual package
<code class="docutils literal notranslate"><span class="pre">x-window-manager</span></code>. They should also register themselves as an
alternative for <code class="docutils literal notranslate"><span class="pre">/usr/bin/x-window-manager</span></code>, with a priority
calculated as follows:</p>
<ul class="simple">
<li><p>Start with a priority of 20.</p></li>
<li><p>If the window manager supports the Debian menu system, add 20 points
if this support is available in the package’s default configuration
(i.e., no configuration files belonging to the system or user have to
be edited to activate the feature); if configuration files must be
modified, add only 10 points.</p></li>
<li><p>If the window manager complies with <a class="reference external" href="https://www.freedesktop.org/wiki/Specifications/wm-spec">The Window Manager Specification
Project</a>,
written by the <a class="reference external" href="https://www.freedesktop.org/wiki/">Free Desktop
Group</a>, add 40 points.</p></li>
<li><p>If the window manager permits the X session to be restarted using a
<em>different</em> window manager (without killing the X server) in its
default configuration, add 10 points; otherwise add none.</p></li>
</ul>
<p>That alternative should have a slave alternative for
<code class="docutils literal notranslate"><span class="pre">/usr/share/man/man1/x-window-manager.1.gz</span></code> pointing to the
corresponding manual page.</p>
</section>
<section id="packages-providing-fonts">
<span id="s11-8-5"></span><h3><span class="section-number">11.8.5. </span>Packages providing fonts<a class="headerlink" href="#packages-providing-fonts" title="Permalink to this headline">¶</a></h3>
<p>Packages that provide fonts for the X Window System <a class="footnote-reference brackets" href="#id16" id="id7">7</a> must do a
number of things to ensure that they are both available without
modification of the X or font server configuration, and that they do not
corrupt files used by other font packages to register information about
themselves.</p>
<ol class="arabic simple">
<li><p>Fonts of any type supported by the X Window System must be in a
separate binary package from any executables, libraries, or
documentation (except that specific to the fonts shipped, such as
their license information). If one or more of the fonts so packaged
are necessary for proper operation of the package with which they
are associated the font package may be Recommended; if the fonts
merely provide an enhancement, a Suggests relationship may be used.
Packages must not Depend on font packages. <a class="footnote-reference brackets" href="#id17" id="id8">8</a></p></li>
<li><p>BDF fonts must be converted to PCF fonts with the <code class="docutils literal notranslate"><span class="pre">bdftopcf</span></code>
utility (available in the <code class="docutils literal notranslate"><span class="pre">xfonts-utils</span></code> package, <code class="docutils literal notranslate"><span class="pre">gzip</span></code>ped,
and placed in a directory that corresponds to their resolution:</p>
<ul class="simple">
<li><p>100 dpi fonts must be placed in <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/100dpi/</span></code>.</p></li>
<li><p>75 dpi fonts must be placed in <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/75dpi/</span></code>.</p></li>
<li><p>Character-cell fonts, cursor fonts, and other low-resolution
fonts must be placed in <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/misc/</span></code>.</p></li>
</ul>
</li>
<li><p>Type 1 fonts must be placed in <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/Type1/</span></code>. If
font metric files are available, they must be placed here as well.</p></li>
<li><p>Subdirectories of <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/</span></code> other than those listed
above must be neither created nor used. (The <code class="docutils literal notranslate"><span class="pre">PEX</span></code>, <code class="docutils literal notranslate"><span class="pre">CID</span></code>,
<code class="docutils literal notranslate"><span class="pre">Speedo</span></code>, and <code class="docutils literal notranslate"><span class="pre">cyrillic</span></code> directories are excepted for historical
reasons, but installation of files into these directories remains
discouraged.)</p></li>
<li><p>Font packages may, instead of placing files directly in the X font
directories listed above, provide symbolic links in that font
directory pointing to the files’ actual location in the filesystem.
Such a location must comply with the FHS.</p></li>
<li><p>Font packages should not contain both 75dpi and 100dpi versions of a
font. If both are available, they should be provided in separate
binary packages with <code class="docutils literal notranslate"><span class="pre">-75dpi</span></code> or <code class="docutils literal notranslate"><span class="pre">-100dpi</span></code> appended to the names
of the packages containing the corresponding fonts.</p></li>
<li><p>Fonts destined for the <code class="docutils literal notranslate"><span class="pre">misc</span></code> subdirectory should not be included
in the same package as 75dpi or 100dpi fonts; instead, they should
be provided in a separate package with <code class="docutils literal notranslate"><span class="pre">-misc</span></code> appended to its
name.</p></li>
<li><p>Font packages must not provide the files <code class="docutils literal notranslate"><span class="pre">fonts.dir</span></code>,
<code class="docutils literal notranslate"><span class="pre">fonts.alias</span></code>, or <code class="docutils literal notranslate"><span class="pre">fonts.scale</span></code> in a font directory:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">fonts.dir</span></code> files must not be provided at all.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">fonts.alias</span></code> and <code class="docutils literal notranslate"><span class="pre">fonts.scale</span></code> files, if needed, should be
provided in the directory
<code class="docutils literal notranslate"><span class="pre">/etc/X11/fonts/fontdir/package.extension</span></code>, where fontdir is
the name of the subdirectory of <code class="docutils literal notranslate"><span class="pre">/usr/share/fonts/X11/</span></code> where
the package’s corresponding fonts are stored (e.g., <code class="docutils literal notranslate"><span class="pre">75dpi</span></code> or
<code class="docutils literal notranslate"><span class="pre">misc</span></code>), package is the name of the package that provides these
fonts, and extension is either <code class="docutils literal notranslate"><span class="pre">scale</span></code> or <code class="docutils literal notranslate"><span class="pre">alias</span></code>, whichever
corresponds to the file contents.</p></li>
</ul>
</li>
<li><p>Font packages must declare a dependency on <code class="docutils literal notranslate"><span class="pre">xfonts-utils</span></code> in their
<code class="docutils literal notranslate"><span class="pre">Depends</span></code> or <code class="docutils literal notranslate"><span class="pre">Pre-Depends</span></code> control field.</p></li>
<li><p>Font packages that provide one or more <code class="docutils literal notranslate"><span class="pre">fonts.scale</span></code> files as
described above must invoke <code class="docutils literal notranslate"><span class="pre">update-fonts-scale</span></code> on each directory
into which they installed fonts <em>before</em> invoking
<code class="docutils literal notranslate"><span class="pre">update-fonts-dir</span></code> on that directory. This invocation must occur
in both the <code class="docutils literal notranslate"><span class="pre">postinst</span></code> (for all arguments) and <code class="docutils literal notranslate"><span class="pre">postrm</span></code> (for all
arguments except <code class="docutils literal notranslate"><span class="pre">upgrade</span></code>) scripts.</p></li>
<li><p>Font packages that provide one or more <code class="docutils literal notranslate"><span class="pre">fonts.alias</span></code> files as
described above must invoke <code class="docutils literal notranslate"><span class="pre">update-fonts-alias</span></code> on each directory
into which they installed fonts. This invocation must occur in both
the <code class="docutils literal notranslate"><span class="pre">postinst</span></code> (for all arguments) and <code class="docutils literal notranslate"><span class="pre">postrm</span></code> (for all
arguments except <code class="docutils literal notranslate"><span class="pre">upgrade</span></code>) scripts.</p></li>
<li><p>Font packages must invoke <code class="docutils literal notranslate"><span class="pre">update-fonts-dir</span></code> on each directory
into which they installed fonts. This invocation must occur in both
the <code class="docutils literal notranslate"><span class="pre">postinst</span></code> (for all arguments) and <code class="docutils literal notranslate"><span class="pre">postrm</span></code> (for all
arguments except <code class="docutils literal notranslate"><span class="pre">upgrade</span></code>) scripts.</p></li>
<li><p>Font packages must not provide alias names for the fonts they
include which collide with alias names already in use by fonts
already packaged.</p></li>
<li><p>Font packages must not provide fonts with the same XLFD registry
name as another font already packaged.</p></li>
</ol>
</section>
<section id="application-defaults-files">
<span id="s-appdefaults"></span><h3><span class="section-number">11.8.6. </span>Application defaults files<a class="headerlink" href="#application-defaults-files" title="Permalink to this headline">¶</a></h3>
<p>Application defaults files must be installed in the directory
<code class="docutils literal notranslate"><span class="pre">/etc/X11/app-defaults/</span></code> (use of a localized subdirectory of
<code class="docutils literal notranslate"><span class="pre">/etc/X11/</span></code> as described in the <em>X Toolkit Intrinsics - C Language
Interface</em> manual is also permitted). They must be registered as
<code class="docutils literal notranslate"><span class="pre">conffile</span></code>s or handled as configuration files.</p>
<p>Customization of programs’ X resources may also be supported with the
provision of a file with the same name as that of the package placed in
the <code class="docutils literal notranslate"><span class="pre">/etc/X11/Xresources/</span></code> directory, which must be registered as a
<code class="docutils literal notranslate"><span class="pre">conffile</span></code> or handled as a configuration file. <a class="footnote-reference brackets" href="#id18" id="id9">9</a></p>
</section>
<section id="installation-directory-issues">
<span id="s11-8-7"></span><h3><span class="section-number">11.8.7. </span>Installation directory issues<a class="headerlink" href="#installation-directory-issues" title="Permalink to this headline">¶</a></h3>
<p>Historically, packages using the X Window System used a separate set of
installation directories from other packages. This practice has been
discontinued and packages using the X Window System should now generally
be installed in the same directories as any other package. Specifically,
packages must not install files under the <code class="docutils literal notranslate"><span class="pre">/usr/X11R6/</span></code> directory and
the <code class="docutils literal notranslate"><span class="pre">/usr/X11R6/</span></code> directory hierarchy should be regarded as obsolete.</p>
<p>Include files previously installed under <code class="docutils literal notranslate"><span class="pre">/usr/X11R6/include/X11/</span></code>
should be installed into <code class="docutils literal notranslate"><span class="pre">/usr/include/X11/</span></code>. For files previously
installed into subdirectories of <code class="docutils literal notranslate"><span class="pre">/usr/X11R6/lib/X11/</span></code>, package
maintainers should determine if subdirectories of <code class="docutils literal notranslate"><span class="pre">/usr/lib/</span></code> and
<code class="docutils literal notranslate"><span class="pre">/usr/share/</span></code> can be used. If not, a subdirectory of <code class="docutils literal notranslate"><span class="pre">/usr/lib/X11/</span></code>
should be used.</p>
<p>Configuration files for window, display, or session managers or other
applications that are tightly integrated with the X Window System may be
placed in a subdirectory of <code class="docutils literal notranslate"><span class="pre">/etc/X11/</span></code> corresponding to the package
name. Other X Window System applications should use the <code class="docutils literal notranslate"><span class="pre">/etc/</span></code>
directory unless otherwise mandated by policy (such as for
<a class="reference internal" href="#s-appdefaults"><span class="std std-ref">Application defaults files</span></a>).</p>
</section>
</section>
<section id="perl-programs-and-modules">
<span id="s-perl"></span><h2><span class="section-number">11.9. </span>Perl programs and modules<a class="headerlink" href="#perl-programs-and-modules" title="Permalink to this headline">¶</a></h2>
<p>Perl programs and modules should follow the current Perl policy.</p>
<p>The Perl policy can be found in the <code class="docutils literal notranslate"><span class="pre">perl-policy</span></code> files in the
<code class="docutils literal notranslate"><span class="pre">debian-policy</span></code> package. It is also available from the Debian web
mirrors at <a class="reference external" href="https://www.debian.org/doc/packaging-manuals/perl-policy/">https://www.debian.org/doc/packaging-manuals/perl-policy/</a>.</p>
</section>
<section id="emacs-lisp-programs">
<span id="s-emacs"></span><h2><span class="section-number">11.10. </span>Emacs lisp programs<a class="headerlink" href="#emacs-lisp-programs" title="Permalink to this headline">¶</a></h2>
<p>Please refer to the “Debian Emacs Policy” for details of how to package
emacs lisp programs.</p>
<p>The Emacs policy is available in <code class="docutils literal notranslate"><span class="pre">debian-emacs-policy.gz</span></code> of the
emacsen-common package. It is also available from the Debian web mirrors
at <a class="reference external" href="https://www.debian.org/doc/packaging-manuals/debian-emacs-policy">https://www.debian.org/doc/packaging-manuals/debian-emacs-policy</a>.</p>
</section>
<section id="games">
<span id="s11-11"></span><h2><span class="section-number">11.11. </span>Games<a class="headerlink" href="#games" title="Permalink to this headline">¶</a></h2>
<p>The permissions on <code class="docutils literal notranslate"><span class="pre">/var/games</span></code> are mode 755, owner <code class="docutils literal notranslate"><span class="pre">root</span></code> and group
<code class="docutils literal notranslate"><span class="pre">root</span></code>.</p>
<p>Each game decides on its own security policy.</p>
<p>Games which require protected, privileged access to high-score files,
saved games, etc., may be made set-<em>group</em>-id (mode 2755) and owned by
<code class="docutils literal notranslate"><span class="pre">root:games</span></code>, and use files and directories with appropriate
permissions (770 <code class="docutils literal notranslate"><span class="pre">root:games</span></code>, for example). They must not be made
set-<em>user</em>-id, as this causes security problems. (If an attacker can
subvert any set-user-id game they can overwrite the executable of any
other, causing other players of these games to run a Trojan horse
program. With a set-group-id game the attacker only gets access to less
important game data, and if they can get at the other players’ accounts
at all it will take considerably more effort.)</p>
<p>Some packages, for example some fortune cookie programs, are configured
by the upstream authors to install with their data files or other static
information made unreadable so that they can only be accessed through
set-id programs provided. You should not do this in a Debian package:
anyone can download the <code class="docutils literal notranslate"><span class="pre">.deb</span></code> file and read the data from it, so
there is no point making the files unreadable. Not making the files
unreadable also means that you don’t have to make so many programs
set-id, which reduces the risk of a security hole.</p>
<p>As described in the FHS, binaries of games should be installed in the
directory <code class="docutils literal notranslate"><span class="pre">/usr/games</span></code>. This also applies to games that use the X
Window System. Manual pages for games (X and non-X games) should be
installed in <code class="docutils literal notranslate"><span class="pre">/usr/share/man/man6</span></code>.</p>
<dl class="footnote brackets">
<dt class="label" id="id10"><span class="brackets"><a class="fn-backref" href="#id1">1</a></span></dt>
<dd><p>Internally, the package system normalizes the GNU triplets and the
Debian arches into Debian arch triplets (which are kind of inverted
GNU triplets), with the first component of the triplet representing
the libc and ABI in use, and then does matching against those
triplets. However, such triplets are an internal implementation
detail that should not be used by packages directly. The libc and ABI
portion is handled internally by the package system based on the os
and cpu.</p>
</dd>
<dt class="label" id="id11"><span class="brackets"><a class="fn-backref" href="#id2">2</a></span></dt>
<dd><p>The Debian base system already provides an editor and a pager
program.</p>
</dd>
<dt class="label" id="id12"><span class="brackets"><a class="fn-backref" href="#id3">3</a></span></dt>
<dd><p>If it is not possible to establish both locks, the system shouldn’t
wait for the second lock to be established, but remove the first
lock, wait a (random) time, and start over locking again.</p>
</dd>
<dt class="label" id="id13"><span class="brackets"><a class="fn-backref" href="#id4">4</a></span></dt>
<dd><p>There are two traditional permission schemes for mail spools: mode
600 with all mail delivery done by processes running as the
destination user, or mode 660 and owned by group mail with mail
delivery done by a process running as a system user in group mail.
Historically, Debian required mode 660 mail spools to enable the
latter model, but that model has become increasingly uncommon and the
principle of least privilege indicates that mail systems that use the
first model should use permissions of 600. If delivery to programs is
permitted, it’s easier to keep the mail system secure if the delivery
agent runs as the destination user. Debian Policy therefore permits
either scheme.</p>
</dd>
<dt class="label" id="id14"><span class="brackets"><a class="fn-backref" href="#id5">5</a></span></dt>
<dd><p>This implements current practice, and provides an actual policy for
usage of the <code class="docutils literal notranslate"><span class="pre">xserver</span></code> virtual package which appears in the virtual
packages list. In a nutshell, X servers that interface directly with
the display and input hardware or via another subsystem (e.g., GGI)
should provide <code class="docutils literal notranslate"><span class="pre">xserver</span></code>. Things like <code class="docutils literal notranslate"><span class="pre">Xvfb</span></code>, <code class="docutils literal notranslate"><span class="pre">Xnest</span></code>, and
<code class="docutils literal notranslate"><span class="pre">Xprt</span></code> should not.</p>
</dd>
<dt class="label" id="id15"><span class="brackets"><a class="fn-backref" href="#id6">6</a></span></dt>
<dd><p>“New terminal window” does not necessarily mean a new top-level X
window directly parented by the window manager; it could, if the
terminal emulator application were so coded, be a new “view” in a
multiple-document interface (MDI).</p>
</dd>
<dt class="label" id="id16"><span class="brackets"><a class="fn-backref" href="#id7">7</a></span></dt>
<dd><p>For the purposes of Debian Policy, a “font for the X Window System”
is one which is accessed via X protocol requests. Fonts for the Linux
console, for PostScript renderer, or any other purpose, do not fit
this definition. Any tool which makes such fonts available to the X
Window System, however, must abide by this font policy.</p>
</dd>
<dt class="label" id="id17"><span class="brackets"><a class="fn-backref" href="#id8">8</a></span></dt>
<dd><p>This is because an X client may be displayed by a remote X server,
in which case X fonts are provided by the remote X server, not
retrieved locally; the Debian package system is empowered to deal
only with the local file system.</p>
</dd>
<dt class="label" id="id18"><span class="brackets"><a class="fn-backref" href="#id9">9</a></span></dt>
<dd><p>Note that this mechanism is not the same as using app-defaults;
app-defaults are tied to the client binary on the local file system,
whereas X resources are stored in the X server and affect all
connecting clients.</p>
</dd>
</dl>
</section>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h3><a href="index.html">Table of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">11. Customized programs</a><ul>
<li><a class="reference internal" href="#architecture-specification-strings">11.1. Architecture specification strings</a><ul>
<li><a class="reference internal" href="#architecture-wildcards">11.1.1. Architecture wildcards</a></li>
</ul>
</li>
<li><a class="reference internal" href="#daemons">11.2. Daemons</a></li>
<li><a class="reference internal" href="#using-pseudo-ttys-and-modifying-wtmp-utmp-and-lastlog">11.3. Using pseudo-ttys and modifying wtmp, utmp and lastlog</a></li>
<li><a class="reference internal" href="#editors-and-pagers">11.4. Editors and pagers</a></li>
<li><a class="reference internal" href="#web-servers-and-applications">11.5. Web servers and applications</a></li>
<li><a class="reference internal" href="#mail-transport-delivery-and-user-agents">11.6. Mail transport, delivery and user agents</a></li>
<li><a class="reference internal" href="#news-system-configuration">11.7. News system configuration</a></li>
<li><a class="reference internal" href="#programs-for-the-x-window-system">11.8. Programs for the X Window System</a><ul>
<li><a class="reference internal" href="#providing-x-support-and-package-priorities">11.8.1. Providing X support and package priorities</a></li>
<li><a class="reference internal" href="#packages-providing-an-x-server">11.8.2. Packages providing an X server</a></li>
<li><a class="reference internal" href="#packages-providing-a-terminal-emulator">11.8.3. Packages providing a terminal emulator</a></li>
<li><a class="reference internal" href="#packages-providing-a-window-manager">11.8.4. Packages providing a window manager</a></li>
<li><a class="reference internal" href="#packages-providing-fonts">11.8.5. Packages providing fonts</a></li>
<li><a class="reference internal" href="#application-defaults-files">11.8.6. Application defaults files</a></li>
<li><a class="reference internal" href="#installation-directory-issues">11.8.7. Installation directory issues</a></li>
</ul>
</li>
<li><a class="reference internal" href="#perl-programs-and-modules">11.9. Perl programs and modules</a></li>
<li><a class="reference internal" href="#emacs-lisp-programs">11.10. Emacs lisp programs</a></li>
<li><a class="reference internal" href="#games">11.11. Games</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="ch-files.html"
title="previous chapter"><span class="section-number">10. </span>Files</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="ch-docs.html"
title="next chapter"><span class="section-number">12. </span>Documentation</a></p>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="_sources/ch-customized-programs.rst.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
<div id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</div>
<script>$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="ch-docs.html" title="12. Documentation"
>next</a> |</li>
<li class="right" >
<a href="ch-files.html" title="10. Files"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">Debian Policy Manual v4.6.0.1</a> »</li>
<li class="nav-item nav-item-this"><a href=""><span class="section-number">11. </span>Customized programs</a></li>
</ul>
</div>
<div class="footer" role="contentinfo">
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 4.2.0.
</div>
</body>
</html>