Difference between revisions of "Debian package source"

From Lazarus wiki
Jump to navigationJump to search
(rules)
(→‎copyright: note on French legislation)
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
One a [[Debian upstream]] is ready, it is possible to make a package source from it. This is the role of the maintainer.
+
Once a [[Debian upstream]] is ready, it is possible to make a source package from it. This is the role of the maintainer.
  
 
=== Requesting help ===
 
=== Requesting help ===
  
You can request one with an RFP bug: https://wiki.debian.org/RFP
+
You can request that someone would make the source package with an RFP bug: https://wiki.debian.org/RFP
  
 
It will be useful to the maintainer to know about the dependencies necessary to compile a Lazarus project:
 
It will be useful to the maintainer to know about the dependencies necessary to compile a Lazarus project:
 
* <tt>fpc, lcl, lazarus</tt> for all projects
 
* <tt>fpc, lcl, lazarus</tt> for all projects
 
* <tt>libqt5pas-dev</tt> if the project uses Qt5
 
* <tt>libqt5pas-dev</tt> if the project uses Qt5
 +
 +
Though in practice, it is likely that you will have to make the package source yourself. Debian provides a number of tools to build and test a source package, as well as documentation on the process (see Further reading below).
  
 
=== debian directory ===
 
=== debian directory ===
Line 64: Line 66:
 
==== copyright ====
 
==== copyright ====
  
Basically a copyright file contains a reference to all copyrights in the source code, as well as a global copyright for the package and for the debian folder. The first part of the file looks like this:
+
Basically a copyright file contains a reference to all copyrights in the source code, as well as a global copyright for the package and for the debian folder. If you include custom packages in your upstream (that are statically linked), you need to specify the copyright for them as well. The first part of the file looks like this:
  
 
  Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 
  Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Line 83: Line 85:
 
  License: LGPL-2+
 
  License: LGPL-2+
  
Then the file contains a new line and the description of the licenses:
+
Then the file contains an empty line and the description of the licenses. Those descriptions are also separated by empty lines.
 +
 
 +
Make sure you look for all mention of copyright in the source code (using grep or search in files). Even if the code is opensource, it is better to provide the full name of the person that created the files in the first place and the year. This can be needed for legal purposes as writing the copyright statement in a digital file counts as declaring the copyright. It is valid up to 70 years after the death of the copyright owner. This is based on the American legislation though other legislations may apply as well. For example, in French legislation, there is no need to declare a copyright, just being identified as the author is sufficient.
 +
 
 +
File format documentation: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 +
 
 +
Complete list of licenses: https://spdx.org/licenses/ and https://spdx.org/licenses/exceptions-index.html
 +
 
 +
===== LGPL-2 =====
 +
 
 +
This is the license for libraries that can be used with commercial projects. With Lazarus, you need to add the linking exception, but it is not part of the SPDX list, so I would add it in the license description (second paragraph).
 +
 
 
  License: LGPL-2
 
  License: LGPL-2
 
   This program is free software; you can redistribute it and/or modify
 
   This program is free software; you can redistribute it and/or modify
 
   it under the terms of the GNU Lesser General Public License as published
 
   it under the terms of the GNU Lesser General Public License as published
   by the Free Software Foundation; version 2.
+
   by the Free Software Foundation; version 2, with the following modification:
 +
  .
 +
  As a special exception, the copyright holders of this library give you
 +
  permission to link this library with independent modules to produce an
 +
  executable, regardless of the license terms of these independent modules,
 +
  and to copy and distribute the resulting executable under terms of your choice,
 +
  provided that you also meet, for each linked independent module, the terms
 +
  and conditions of the license of that module. An independent module is a
 +
  module which is not derived from or based on this library. If you modify this
 +
  library, you may extend this exception to your version of the library, but
 +
  you are not obligated to do so. If you do not wish to do so, delete this
 +
  exception statement from your version.
 
   .
 
   .
 
   This program is distributed in the hope that it will be useful,
 
   This program is distributed in the hope that it will be useful,
Line 101: Line 125:
 
   License version 2 can be found in the file
 
   License version 2 can be found in the file
 
   '/usr/share/common-licenses/LGPL-2'.
 
   '/usr/share/common-licenses/LGPL-2'.
+
 
 +
===== LGPL-2+ =====
 +
 
 +
Same as above, but not limited to version 2.
 +
 
 
  License: LGPL-2+
 
  License: LGPL-2+
 
   This program is free software; you can redistribute it and/or modify
 
   This program is free software; you can redistribute it and/or modify
 
   it under the terms of the GNU Lesser General Public License as published
 
   it under the terms of the GNU Lesser General Public License as published
 
   by the Free Software Foundation; either version 2 of the License, or
 
   by the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.  
+
   (at your option) any later version, with the following modification:
 +
  .
 +
  As a special exception, the copyright holders of this library give you
 +
  permission to link this library with independent modules to produce an
 +
  executable, regardless of the license terms of these independent modules,
 +
  and to copy and distribute the resulting executable under terms of your choice,
 +
  provided that you also meet, for each linked independent module, the terms
 +
  and conditions of the license of that module. An independent module is a
 +
  module which is not derived from or based on this library. If you modify this
 +
  library, you may extend this exception to your version of the library, but
 +
  you are not obligated to do so. If you do not wish to do so, delete this
 +
  exception statement from your version.
 
   .
 
   .
 
   This program is distributed in the hope that it will be useful,
 
   This program is distributed in the hope that it will be useful,
Line 120: Line 159:
 
   License version 2 can be found in the file
 
   License version 2 can be found in the file
 
   '/usr/share/common-licenses/LGPL-2'.
 
   '/usr/share/common-licenses/LGPL-2'.
   
+
 
 +
===== LGPL-3-linking-exception =====
 +
 
 +
The version 3 has a specific name when there is the linking exception.
 +
 
 +
  License: LGPL-3-linking-exception
 +
  This program is free software; you can redistribute it and/or modify
 +
  it under the terms of the GNU Lesser General Public License as published
 +
  by the Free Software Foundation; version 3, with the following modification:
 +
  .
 +
  As a special exception, the copyright holders of this library give you
 +
  permission to link this library with independent modules to produce an
 +
  executable, regardless of the license terms of these independent modules,
 +
  and to copy and distribute the resulting executable under terms of your choice,
 +
  provided that you also meet, for each linked independent module, the terms
 +
  and conditions of the license of that module. An independent module is a
 +
  module which is not derived from or based on this library. If you modify this
 +
  library, you may extend this exception to your version of the library, but
 +
  you are not obligated to do so. If you do not wish to do so, delete this
 +
  exception statement from your version.
 +
  .
 +
  This program is distributed in the hope that it will be useful,
 +
  but WITHOUT ANY WARRANTY; without even the implied warranty of
 +
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 +
  GNU Lesser General Public License for more details.
 +
  .
 +
  You should have received a copy of the GNU Lesser General Public License
 +
  along with this program; if not, write to the Free Software Foundation,
 +
  Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 +
  .
 +
  On Debian systems, the full text of the GNU Lesser General Public
 +
  License version 3 can be found in the file
 +
  '/usr/share/common-licenses/LGPL-3'.
 +
 
 +
===== GPL-3+ =====
 +
 
 +
This is the recommended license when possible.
 +
 
 
  License: GPL-3+
 
  License: GPL-3+
 
   This program is free software; you can redistribute it and/or modify
 
   This program is free software; you can redistribute it and/or modify
Line 137: Line 213:
 
   .
 
   .
 
   On Debian systems, the full text of the GNU General Public
 
   On Debian systems, the full text of the GNU General Public
   License  
+
   License version 3 can be found in the file
 
+
  '/usr/share/common-licenses/GPL-3'.
Make sure you look for all mention of copyright in the source code (using grep or search in files).
 
 
 
See documentation: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 
  
 
==== rules ====
 
==== rules ====
Line 155: Line 228:
  
 
The <tt>--no-parallel</tt> flag is needed to avoid potential problems with parallel builds.
 
The <tt>--no-parallel</tt> flag is needed to avoid potential problems with parallel builds.
 +
 +
==== watch ====
 +
 +
The <tt>watch</tt> file explains how to check for latest version. For example, on GitHub, that would be:
 +
version=4
 +
opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/myproject-$1\.tar\.gz/ \
 +
  https://github.com/myorg/myproject/tags .*/v?(\d\S+)\.tar\.gz
 +
 +
The version 4 is the for the file format, not your program. You need to change the ''myorg'' and ''myproject'' to your actual project.
 +
 +
See documentation: https://wiki.debian.org/debian/watch
 +
 +
==== source/format ====
 +
 +
At the moment of this writing, it is:
 +
3.0 (quilt)
 +
 +
==== upstream/metadata ====
 +
 +
For a project on GitHub, that would be:
 +
Bug-Database: https://github.com/myorg/myproject/issues
 +
Bug-Submit: https://github.com/myorg/myproject/issues/new
 +
Repository: https://github.com/myorg/myproject.git
 +
Repository-Browse: https://github.com/myorg/myproject
 +
 +
You may need to change those path according to the tools you are using.
 +
 +
=== Further reading ===
 +
 +
* https://wiki.debian.org/BuildingTutorial
 +
* https://www.debian.org/doc/manuals/maint-guide/first.en.html
 +
* https://lintian.debian.org/tags.html

Revision as of 16:36, 2 December 2020

Once a Debian upstream is ready, it is possible to make a source package from it. This is the role of the maintainer.

Requesting help

You can request that someone would make the source package with an RFP bug: https://wiki.debian.org/RFP

It will be useful to the maintainer to know about the dependencies necessary to compile a Lazarus project:

  • fpc, lcl, lazarus for all projects
  • libqt5pas-dev if the project uses Qt5

Though in practice, it is likely that you will have to make the package source yourself. Debian provides a number of tools to build and test a source package, as well as documentation on the process (see Further reading below).

debian directory

If you will do the role of the maintainer, or if you would like to check required dependencies, you will need to add the debian folder (in lowercase). Here is the minimal structure:

debian
  ├─ changelog        # changes with previous version
  ├─ control          # description of Debian packages
  ├─ copyright        # copyright information of the source code
  ├─ rules            # build script
  ├─ watch            # file to check for latest version
  ├─ source
  │   └─ format       # format of this package source
  └─ upstream
      └─ metadata     # upstream repository information

changelog

The first changelog of your program should be something like (spaces are important):

myproject (1.0-1) unstable; urgency=medium

  * Initial release. (Closes: #ITP_NUMBER)

 -- Firstname Lastname <email@server.com>  Sun, 1 Nov 2020 15:01:00 +0100

Of course you need to specify myproject, ITP_NUMBER, Firstname, Lastname, email and date. The version of the upstream program here is supposed to be 1.0 but it can be otherwise. The "-1" specifies the version of the package source as there a may be newer version of the package source but based on the same upstream version, in order to fix bugs for example.

You may not have an ITP number yet, as it is a number you will get when you make the request for your package to be added to Debian. If you would like to be the maintainer, here is an example of e-mail to send. In this case the ITP number is 972503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972503

control

This file gives all the information on the Debian packages, what is needed to build it, etc. This format is a bit different from the one found inside the .deb files.

Source: myproject
Section: graphics
Priority: optional
Maintainer: Firstname Lastname <email@server.com>
Build-Depends: fpc, lcl, lazarus, libqt5pas-dev, debhelper-compat (= 13)
Rules-Requires-Root: no
Standards-Version: 4.5.0
Homepage: https://mywebsite/myproject
Vcs-Git: https://github.com/myorg/myproject.git
Vcs-Browser: https://github.com/myorg/myproject

Package: myproject
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Conflicts: myoldproject
Description: Short description
 More details, blablabla

Here we suppose it is a graphics application using qt5 and with its repository on GitHub. If the project does not use qt5, you can remove the build-dependency libqt5pas-dev.

Note that the empty line is important. It introduces one package and there can be multiple packages in one package source, for example one for each widgetset and one common package.

copyright

Basically a copyright file contains a reference to all copyrights in the source code, as well as a global copyright for the package and for the debian folder. If you include custom packages in your upstream (that are statically linked), you need to specify the copyright for them as well. The first part of the file looks like this:

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: mypackage
Upstream-Contact: Firstname Lastname <email@server.com>
Source: https://github.com/myorg/myproject

Files: *
Copyright: 2011-2020 Firstname Lastname <email@server.com>
License: GPL-3+

Files: debian/*
Copyright: 2011-2020 Maintainer <email@server.com>
License: GPL-3+

Files: custompackage1/*
Copyright: 2012 Author <mail@server.com>
License: LGPL-2+

Then the file contains an empty line and the description of the licenses. Those descriptions are also separated by empty lines.

Make sure you look for all mention of copyright in the source code (using grep or search in files). Even if the code is opensource, it is better to provide the full name of the person that created the files in the first place and the year. This can be needed for legal purposes as writing the copyright statement in a digital file counts as declaring the copyright. It is valid up to 70 years after the death of the copyright owner. This is based on the American legislation though other legislations may apply as well. For example, in French legislation, there is no need to declare a copyright, just being identified as the author is sufficient.

File format documentation: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

Complete list of licenses: https://spdx.org/licenses/ and https://spdx.org/licenses/exceptions-index.html

LGPL-2

This is the license for libraries that can be used with commercial projects. With Lazarus, you need to add the linking exception, but it is not part of the SPDX list, so I would add it in the license description (second paragraph).

License: LGPL-2
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published
 by the Free Software Foundation; version 2, with the following modification:
 .
 As a special exception, the copyright holders of this library give you
 permission to link this library with independent modules to produce an
 executable, regardless of the license terms of these independent modules,
 and to copy and distribute the resulting executable under terms of your choice,
 provided that you also meet, for each linked independent module, the terms
 and conditions of the license of that module. An independent module is a
 module which is not derived from or based on this library. If you modify this
 library, you may extend this exception to your version of the library, but
 you are not obligated to do so. If you do not wish to do so, delete this
 exception statement from your version.
 .
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU Lesser General Public License for more details.
 .
 You should have received a copy of the GNU Lesser General Public License
 along with this program; if not, write to the Free Software Foundation,
 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 .
 On Debian systems, the full text of the GNU Lesser General Public
 License version 2 can be found in the file
 '/usr/share/common-licenses/LGPL-2'.
LGPL-2+

Same as above, but not limited to version 2.

License: LGPL-2+
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published
 by the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version, with the following modification:
 .
 As a special exception, the copyright holders of this library give you
 permission to link this library with independent modules to produce an
 executable, regardless of the license terms of these independent modules,
 and to copy and distribute the resulting executable under terms of your choice,
 provided that you also meet, for each linked independent module, the terms
 and conditions of the license of that module. An independent module is a
 module which is not derived from or based on this library. If you modify this
 library, you may extend this exception to your version of the library, but
 you are not obligated to do so. If you do not wish to do so, delete this
 exception statement from your version.
 .
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU Lesser General Public License for more details.
 .
 You should have received a copy of the GNU Lesser General Public License
 along with this program; if not, write to the Free Software Foundation,
 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 .
 On Debian systems, the full text of the GNU Lesser General Public
 License version 2 can be found in the file
 '/usr/share/common-licenses/LGPL-2'.
LGPL-3-linking-exception

The version 3 has a specific name when there is the linking exception.

License: LGPL-3-linking-exception
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published
 by the Free Software Foundation; version 3, with the following modification:
 .
 As a special exception, the copyright holders of this library give you
 permission to link this library with independent modules to produce an
 executable, regardless of the license terms of these independent modules,
 and to copy and distribute the resulting executable under terms of your choice,
 provided that you also meet, for each linked independent module, the terms
 and conditions of the license of that module. An independent module is a
 module which is not derived from or based on this library. If you modify this
 library, you may extend this exception to your version of the library, but
 you are not obligated to do so. If you do not wish to do so, delete this
 exception statement from your version.
 .
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU Lesser General Public License for more details.
 .
 You should have received a copy of the GNU Lesser General Public License
 along with this program; if not, write to the Free Software Foundation,
 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 .
 On Debian systems, the full text of the GNU Lesser General Public
 License version 3 can be found in the file
 '/usr/share/common-licenses/LGPL-3'.
GPL-3+

This is the recommended license when possible.

License: GPL-3+
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 3 of the License, or
 (at your option) any later version. 
 .
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 .
 You should have received a copy of the GNU General Public License along
 with this program; if not, write to the Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 .
 On Debian systems, the full text of the GNU General Public
 License version 3 can be found in the file
 '/usr/share/common-licenses/GPL-3'.

rules

The rules file contains build instructions. If you are building a simple package, it will be the following:

#!/usr/bin/make -f

# see FEATURE AREAS in dpkg-buildflags(1)
export DEB_BUILD_MAINT_OPTIONS = hardening=+all

%:
	dh $@ --no-parallel

The --no-parallel flag is needed to avoid potential problems with parallel builds.

watch

The watch file explains how to check for latest version. For example, on GitHub, that would be:

version=4
opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/myproject-$1\.tar\.gz/ \
  https://github.com/myorg/myproject/tags .*/v?(\d\S+)\.tar\.gz

The version 4 is the for the file format, not your program. You need to change the myorg and myproject to your actual project.

See documentation: https://wiki.debian.org/debian/watch

source/format

At the moment of this writing, it is:

3.0 (quilt)

upstream/metadata

For a project on GitHub, that would be:

Bug-Database: https://github.com/myorg/myproject/issues
Bug-Submit: https://github.com/myorg/myproject/issues/new
Repository: https://github.com/myorg/myproject.git
Repository-Browse: https://github.com/myorg/myproject

You may need to change those path according to the tools you are using.

Further reading