9.The Operating System

9.1.File system hierarchy

9.1.1.File System Structure

The location of all files and directories must comply with theFilesystem Hierarchy Standard (FHS), version 3.0, with the exceptionsnoted below, and except where doing so would violate other terms ofDebian Policy. The following exceptions to the FHS apply:

  1. The FHS requirement that architecture-independentapplication-specific static files be located in/usr/share isrelaxed to a suggestion. In particular, a subdirectory of/usr/lib may be used by a package (or a collection of packages)to hold a mixture of architecture-independent andarchitecture-dependent files. However, when a directory is entirelycomposed of architecture-independent files, it should be located in/usr/share.

  2. The optional rules related to user specific configuration files forapplications are stored in the user’s home directory are relaxed. Itis recommended that such files start with the ‘.’ character (a“dot file”), and if an application needs to create more than one dotfile then the preferred placement is in a subdirectory with a namestarting with a ‘.’ character, (a “dot directory”). In this case itis recommended the configuration files not start with the ‘.’character.

  3. Only the dynamic linker and libc are allowed to install filesin/lib64.

  4. The requirement for object files, internal binaries, and libraries,includinglibc.so.*, to be located directly under/lib{,32}and/usr/lib{,32} is amended, permitting files to instead beinstalled to/lib/triplet and/usr/lib/triplet, wheretriplet is the value returned bydpkg-architecture-qDEB_HOST_MULTIARCH for the architecture of thepackage. Packages must not install files to any triplet path otherthan the one matching the architecture of that package; forinstance, anArchitecture: amd64 package containing 32-bit x86libraries must not install these libraries to/usr/lib/i386-linux-gnu.[1]

    Packages for 64-bit architectures must not install files in/usr/lib64or in a subdirectory of it.

    The requirement for C and C++ headers files to be accessible throughthe search path/usr/include/ is amended, permitting files to beaccessible through the search path/usr/include/triplet wheretriplet is as above.[2]

    Applications may also use a single subdirectory under/usr/lib/triplet.

    The execution time linker/loader, ld*, must still be made availablein the existing location under /lib or /lib64 since this is part ofthe ELF ABI for the architecture.

  5. The requirement that/usr/local/share/man be “synonymous” with/usr/local/man is relaxed to a recommendation

  6. The requirement that window managers with a single configuration filecall itsystem.*wmrc is removed, as is the restriction that thewindow manager subdirectory be named identically to the windowmanager name itself.

  7. The requirement that boot manager configuration files live in/etc, or at least are symlinked there, is relaxed to arecommendation.

  8. /var/run is required to be a symbolic link to/run,and/var/lock is required to be a symbolic link to/run/lock.

  9. The/var/www directory is additionally allowed.

  10. The requirement for/usr/local/share/color to exist if/usr/share/color exists is relaxed to a recommendation.

  11. The requirement for/usr/local/libqual to exist if/libqualor/usr/libqual exists (wherelibqual is a variant oflib such aslib32 orlib64) is removed.

  12. On GNU/Hurd systems, the following additional directories areallowed in the root filesystem:/hurd and/servers.[3]

  13. As an exception to the requirement for there to be no subdirectoriesin/usr/bin, themh mail-handling suite may create/usr/bin/mh/, as was allowed in FHS version 2.3. Othersubdirectories are not allowed.

The version of this document referred here can be found in thedebian-policy package or onFHS (Debiancopy) alongsidethis manual (or, if you have the debian-policy installed, you can tryFHS (local copy)). Thelatest version, which may be a more recent version, may be found onFHS(upstream). Specificquestions about following the standard may be asked on thedebian-devel mailing list, or referred to the FHS mailing list(see theFHS web sitefor more information).

9.1.2.Site-specific programs

As mandated by the FHS, packages must not place any files in/usr/local, either by putting them in the file system archive to beunpacked bydpkg or by manipulating them in their maintainerscripts.

However, the package may create empty directories below/usr/localso that the system administrator knows where to place site-specificfiles. These are not directoriesin/usr/local, but are childrenof directories in/usr/local. These directories(/usr/local/*/dir/) should be removed on package removal if they areempty.

Note that this applies only to directoriesbelow/usr/local, notin/usr/local. Packages must not create sub-directories in thedirectory/usr/local itself, except those listed in FHS, section4.9. However, you may create directories below them as you wish. Youmust not remove any of the directories listed in 4.9, even if youcreated them.

If/etc/staff-group-for-usr-local does not exist,/usr/localand all subdirectories created by packages should have permissions0755 and be owned byroot:root. If/etc/staff-group-for-usr-local exists,/usr/local andsubdirectories should have permissions 2775 (group-writable andset-group-id) and be owned byroot:staff.

Since/usr/local can be mounted read-only from a remote server,/usr/local/*/dir/ directories must be created and removed by thepostinst andprerm maintainer scripts and not be included inthe.deb archive. These scripts must not fail if either of theseoperations fail.

For example, theemacsen-common package could contain something like

if [ ! -e /usr/local/share/emacs ]; then    if mkdir /usr/local/share/emacs 2>/dev/null; then        if test -e /etc/staff-group-for-usr-local ; then            if chown root:staff /usr/local/share/emacs; then                chmod 2775 /usr/local/share/emacs || true            fi        elif chown root:root /usr/local/share/emacs; then            chmod 0755 /usr/local/share/emacs || true        fi    fifi

in itspostinst script, and

rmdir/usr/local/share/emacs/site-lisp2>/dev/null||truermdir/usr/local/share/emacs2>/dev/null||true

in theprerm script. (Note that this form is used to ensure that ifthe script is interrupted, the directory/usr/local/share/emacs willstill be removed.)

If you do create a directory in/usr/local for local additions to apackage, you should ensure that settings in/usr/local takeprecedence over the equivalents in/usr.

However, because/usr/local and its contents are for exclusive useof the local administrator, a package must not rely on the presence orabsence of files or directories in/usr/local for normal operation.

9.1.3.The system-wide mail directory

The system-wide mail directory is/var/mail. This directory is partof the base system and should not be owned by any particular mailagents. The use of the old location/var/spool/mail is deprecated,even though the spool may still be physically located there.

9.1.4./run and/run/lock

The directory/run is cleared at boot, normally by being a mountpoint for a temporary file system. Packages therefore must not assumethat any files or directories under/run other than/run/lockexist unless the package has arranged to create those files ordirectories since the last reboot. Normally, this is done by the packagevia an init script. SeeWriting the scripts for moreinformation.

Packages must not include files or directories under/run, or underthe older/var/run and/var/lock paths. The latter paths willnormally be symlinks or other redirections to/run for backwardscompatibility.

9.2.Users and groups

9.2.1.Introduction

The Debian system can be configured to use either plain or shadowpasswords.

Some user ids (UIDs) and group ids (GIDs) are reserved globally for useby certain packages. Because some packages need to include files whichare owned by these users or groups, or need the ids compiled intobinaries, these ids must be used on any Debian system only for thepurpose for which they are allocated. This is a serious restriction, andwe should avoid getting in the way of local administration policies. Inparticular, many sites allocate users and/or local system groupsstarting at 100.

Apart from this we should have dynamically allocated ids, which shouldby default be arranged in some sensible order, but the behavior shouldbe configurable. When maintainers choose a new hardcoded or dynamicallygenerated username for packages to use, they should start this usernamewith an underscore. This minimizes collisions with locally created useraccounts.

Packages other thanbase-passwd must not modify/etc/passwd,/etc/shadow,/etc/group or/etc/gshadow.

9.2.2.UID and GID classes

The UID and GID numbers are divided into classes as follows:

0-99:

Globally allocated by the Debian project, the same on every Debiansystem. These ids will appear in thepasswd andgroup filesof all Debian systems, new ids in this range being addedautomatically as thebase-passwd package is updated.

Packages which need a single statically allocated uid or gid shoulduse one of these; their maintainers should ask thebase-passwdmaintainer for ids.

100-999:

Dynamically allocated system users and groups. Packages which need auser or group, but can have this user or group allocated dynamicallyand differently on each system, should useadduser--system tocreate the group and/or user.adduser will check for theexistence of the user or group, and if necessary choose an unused idbased on the ranges specified inadduser.conf.

1000-59999:

Dynamically allocated user accounts. By defaultadduser willchoose UIDs and GIDs for user accounts in this range, thoughadduser.conf may be used to modify this behavior.

60000-64999:

Globally allocated by the Debian project, but only created ondemand. The ids are allocated centrally and statically, but theactual accounts are only created on users’ systems on demand.

These ids are for packages which are obscure or which require manystatically-allocated ids. These packages should check for and createthe accounts in/etc/passwd or/etc/group (usingadduserif it has this facility) if necessary. Packages which are likely torequire further allocations should have a “hole” left after them inthe allocation, to give them room to grow.

65000-65533:

Reserved.

65534:

Usernobody. The corresponding gid refers to the groupnogroup.

65535:

This valuemust not be used, because it was the error returnsentinel value whenuid_t was 16 bits.

65536-4294967293:

Dynamically allocated user accounts. By defaultadduser will notallocate UIDs and GIDs in this range, to ease compatibility withlegacy systems whereuid_t is still 16 bits.

4294967294:

(uid_t)(-2)==(gid_t)(-2)must not be used, because it isused as the anonymous, unauthenticated user by some NFSimplementations.

4294967295:

(uid_t)(-1)==(gid_t)(-1)must not be used, because it is theerror return sentinel value.

9.2.3.Non-existent home directories

The canonical non-existent home directory is/nonexistent. Userswho should not have a home directory should have their home directoryset to this value.

The Debian autobuilders set HOME to/nonexistent so that packageswhich try to write to a home directory will fail to build.

9.3.Starting system services

Debian packages that provide system services should arrange for thoseservices to be automatically started and stopped by the init system orservice manager. This section describes how that is done.

9.3.1.Introduction

The default init system and service manager in Debian issystemd.Packages that wish to automatically start and stop system services mustincludesystemd service units to do so, unless the service is onlyintended for use on systems running alternate init systems. Seesystemd.service(5) for details on the syntax of a service unitfile.

In the common case that a package includes a single system service, theservice unit should have the same name as the package plus the.service extension.

Packages including a service unit may optionally include an init script tosupport other init systems. In this case, the init script should have thesame name as thesystemd service unit so thatsystemd will ignoreit and use the service unit instead. Packages may also support other initsystems by including configuration in the native format of those initsystems.

systemd uses dependency and ordering information contained within theenabled unit files to decide which services to run and in which order.Thesysv-rc runlevel system forsysvinit uses symlinks in/etc/rcn.d to decide which scripts to run and in which order at boottime and when the init state (or “runlevel”) is changed. See theREADME.runlevels file shipped withsysv-rc for implementationdetails. Other alternatives might exist.

The sections below describe how to write those scripts and configure thosesymlinks.

9.3.2.Writing the scripts

Init scripts are placed in/etc/init.d. In the common case that apackage starts a single service, they should be named/etc/init.d/package. They should accept one argument, saying what todo:

start

start the service,

stop

stop the service,

restart

stop and restart the service if it’s already running, otherwisestart the service

try-restart

restart the service if it’s already running, otherwise just reportsuccess.

reload

cause the configuration of the service to be reloaded withoutactually stopping and restarting the service,

force-reload

cause the configuration to be reloaded if the service supports this,otherwise restart the service.

status

report the current status of the service

Thestart,stop,restart, andforce-reload options shouldbe supported by all init scripts. Supportingstatus is encouraged.Thereload andtry-restart options are optional.

Theinit.d scripts must ensure that they will behave sensibly (i.e.,returning success and not starting multiple copies of a service) ifinvoked withstart when the service is already running, or withstop when it isn’t, and that they don’t kill unfortunately-nameduser processes. The best way to achieve this is usually to usestart-stop-daemon with the--oknodo option.

Be careful of usingset-e ininit.d scripts. Writing correctinit.d scripts requires accepting various error exit statuses whendaemons are already running or already stopped without aborting theinit.d script, and commoninit.d function libraries are not safeto call withset-e in effect.[4] Forinit.d scripts, it’soften easier to not useset-e and instead check the result of eachcommand separately.

If a service reloads its configuration automatically (as in the case ofcron, for example), thereload option of theinit.d scriptshould behave as if the configuration has been reloaded successfully.

The/etc/init.d scripts must be treated as configuration files,either (if they are present in the package, that is, in the .deb file)by marking them asconffiles, or, (if they do not exist in the.deb) by managing them correctly in the maintainer scripts (seeConfiguration files). This is important since we wantto give the local system administrator the chance to adapt the scriptsto the local system, e.g., to disable a service without de-installingthe package, or to specify some special command line options whenstarting a service, while making sure their changes aren’t lost duringthe next package upgrade.

These scripts should not fail obscurely when the configuration filesremain but the package has been removed, as configuration files remainon the system after the package has been removed. Only whendpkg isexecuted with the--purge option will configuration files beremoved. In particular, as the/etc/init.d/package script itself isusually aconffile, it will remain on the system if the package isremoved but not purged. Therefore, you should include ateststatement at the top of the script, like this:

test-fprogram-executed-later-in-script||exit0

Often there are some variables in theinit.d scripts whose valuescontrol the behavior of the scripts, and which a system administrator islikely to want to change. As the scripts themselves are frequentlyconffiles, modifying them requires that the administrator merge intheir changes each time the package is upgraded and theconffilechanges. To ease the burden on the system administrator, suchconfigurable values should not be placed directly in the script.Instead, they should be placed in a file in/etc/default, whichtypically will have the same base name as theinit.d script. Thisextra file should be sourced by the script when the script runs. It mustcontain only variable settings and comments in POSIX.1-2017sh format. Itmust either be aconffile or a configuration file maintained by thepackage maintainer scripts. SeeConfiguration files formore details.

To ensure that vital configurable values are always available, theinit.d script should set default values for each of the shellvariables it uses, either before sourcing the/etc/default/ file orafterwards using something like the:${VAR:=default} syntax. Also,theinit.d script must behave sensibly and not fail if the/etc/default file is deleted.

Files and directories under/run, including ones referred to via thecompatibility paths/var/run and/var/lock, are normally storedon a temporary filesystem and are normally not persistent across areboot. Theinit.d scripts must handle this correctly. This willtypically mean creating any required subdirectories dynamically when theinit.d script is run. See/run and /run/lock for moreinformation.

9.3.3.Interfacing with init systems

Maintainer scripts for packages including init scripts must useupdate-rc.d as described below to interact with the service managerfor requests such as enabling or disabling services. They should useinvoke-rc.d as described below to invoke init scripts for requestssuch as starting and stopping service.

Directly managing the/etc/rc?.d links and directly invoking the/etc/init.d/ init scripts should be done only by packages providingthe init script subsystem (such asinit-system-helpers).

9.3.3.1.Managing the links

The programupdate-rc.d is provided for package maintainers toarrange for the proper creation and removal of/etc/rcn.d symboliclinks, or their functional equivalent if another method is being used.It is intended for use in package maintainer scripts.

You must not include any/etc/rcn.d symbolic links in the actualarchive or manually create or remove the symbolic links in maintainerscripts; you must use theupdate-rc.d program instead. (The formerwill fail if an alternative method of maintaining runlevel informationis being used.) You must not include the/etc/rcn.d directoriesthemselves in the archive either. (Only theinit-system-helperspackage is permitted to do so.)

To get the default behavior for your package, put in yourpostinstscript:

update-rc.dpackagedefaults

and in yourpostrm:

if["$1"=purge];thenupdate-rc.dpackageremovefi

The default behaviour is to enable autostarting your package’s daemon.The local administrator can override this using the commandupdate-rc.dpackagedisable. If, however, the daemon should notbe autostarted unless the local administrator has explicitly requestedthis, instead add to yourpostinst script:

update-rc.dpackagedefaults-disabled

and add a dependency oninit-system-helpers(>=1.50), whichintroduced thedefaults-disabled option. Then the localadministrator can enable autostarting the daemon using the commandupdate-rc.dpackageenable.

An older practice, which should not be used, was to include a linelikeDISABLED=yes in the package’s/etc/default file. Thepackage’s init script would not start the service until the localsystem administrator changed this toDISABLED=no, or similar. Theproblem with this approach was that it hides from the init systemwhether or not the daemon should actually be started, which leads toinconsistent and confusing behavior:service<package>start couldreturn success but not start the service; services with a dependencyon this service will be started even though the service isn’t running;and init system status commands could incorrectly claim that the servicewas started.

Note that if your package changes runlevels or priority, you may have toremove and recreate the links, since otherwise the old links maypersist. Refer to the documentation ofupdate-rc.d.

For more information about usingupdate-rc.d, please consult its manpage,update-rc.d(8).

It is easiest for packages not to callupdate-rc.d directly, butinstead use debhelper programs that add the requiredupdate-rc.dcalls automatically. Seedh_installinit,dh_installsystemd, etc.

9.3.3.2.Running init scripts

The programinvoke-rc.d is provided to make it easier for packagemaintainers to properly invoke an init script, obeying runlevel and otherlocally-defined constraints that might limit a package’s right to start,stop and otherwise manage services. This program may be used bymaintainers in their packages’ scripts.

The package maintainer scripts must useinvoke-rc.d to invoke the/etc/init.d/* init scripts or equivalent instead of calling themdirectly.

By default,invoke-rc.d will pass any action requests (start, stop,reload, restart…) to the/etc/init.d script, filtering outrequests to start or restart a service out of its intended runlevels.

Most packages will simply use:

invoke-rc.dpackageaction

in theirpostinst andprerm scripts.

A package should register its init script services usingupdate-rc.dbefore it tries to invoke them usinginvoke-rc.d. Invocation ofunregistered services may fail.

For more information about usinginvoke-rc.d, please consult its manpage,invoke-rc.d(8).

It is easiest for packages not to callinvoke-rc.d directly, butinstead use debhelper programs that add the requiredinvoke-rc.dcalls automatically. Seedh_installinit,dh_installsystemd, etc.

9.3.4.Boot-time initialization

This section has been deleted.

9.3.5.Example

Examples on which you can base yoursystemd service units areavailable in the man pagesystemd.unit(5). An example on whichyou can base your init scripts is available in the man pageinit-d-script(5).

9.4.Console messages frominit.d scripts

This section has been deleted.

9.5.Cron jobs

Packages must not modify the configuration file/etc/crontab, andthey must not modify the files in/var/spool/cron/crontabs.

If a package wants to install a job that has to be executed via cron, itshould place a file named as specified inCron job file names into one or more of the followingdirectories:

  • /etc/cron.hourly

  • /etc/cron.daily

  • /etc/cron.weekly

  • /etc/cron.monthly

As these directory names imply, the files within them are executed on anhourly, daily, weekly, or monthly basis, respectively. The exact timesare listed in/etc/crontab.

All files installed in any of these directories must be scripts (e.g.,shell scripts or Perl scripts) so that they can easily be modified bythe local system administrator. In addition, they must be treated asconfiguration files.

If a certain job has to be executed at some other frequency or at aspecific time, the package should install a file in/etc/cron.d witha name as specified inCron job file names. This fileuses the same syntax as/etc/crontab and is processed bycronautomatically. The file must also be treated as a configuration file.(Note that entries in the/etc/cron.d directory are not handled byanacron. Thus, you should only use this directory for jobs which maybe skipped if the system is not running.)

Unlikecrontab files described in the IEEE Std 1003.1-2008 (POSIX.1)available fromThe OpenGroup, the filesin/etc/cron.d and the file/etc/crontab have seven fields;namely:

  1. Minute [0,59]

  2. Hour [0,23]

  3. Day of the month [1,31]

  4. Month of the year [1,12]

  5. Day of the week ([0,6] with 0=Sunday)

  6. Username

  7. Command to be run

Ranges of numbers are allowed. Ranges are two numbers separated with ahyphen. The specified range is inclusive. Lists are allowed. A list is aset of numbers (or ranges) separated by commas. Step values can be usedin conjunction with ranges.

The scripts orcrontab entries in these directories should check ifall necessary programs are installed before they try to execute them.Otherwise, problems will arise when a package was removed but not purgedsince configuration files are kept on the system in this situation.

Anycron daemon must provide/usr/bin/crontab and support normalcrontab entries as specified in POSIX. The daemon must also supportnames for days and months, ranges, and step values. It has to support/etc/crontab, and correctly execute the scripts in/etc/cron.d.The daemon must also correctly execute scripts in/etc/cron.{hourly,daily,weekly,monthly}.

9.5.1.Cron job file names

The file name of a cron job file should normally match the name of thepackage from which it comes.

If a package supplies multiple cron job files files in the samedirectory, the file names should all start with the name of the package(possibly modified as described below) followed by a hyphen (-) anda suitable suffix.

A cron job file name must not include any period or plus characters(. or+) characters as this will cause cron to ignore the file.Underscores (_) should be used instead of. and+characters.

9.6.Menus

Packages shipping applications that comply with minimal requirementsdescribed below for integration with desktop environments shouldregister these applications in the desktop menu, following theFreeDesktop standard, using text files calleddesktop entries. Theirformat is described in theDesktop Entry Specification athttps://standards.freedesktop.org/desktop-entry-spec/latest/ andcomplementary information can be found in theDesktop MenuSpecification athttps://standards.freedesktop.org/menu-spec/latest/.

The desktop entry files are installed by the packages in the directory/usr/share/applications and the FreeDesktop menus are refreshedusingdpkg triggers. It is therefore not necessary to depend onpackages providing FreeDesktop menu systems.

Entries displayed in the FreeDesktop menu should conform to thefollowing minima for relevance and visual integration.

  • Unless hidden by default, the desktop entry must point to a PNG orSVG icon with a transparent background, providing at least the 22×22size, and preferably up to 64×64. The icon should be neutral enoughto integrate well with the default icon themes. It is encouraged toship the icon in the defaulthicolor icon theme directories, or touse an existing icon from thehicolor theme.

  • If the menu entry is not useful in the general case as a standaloneapplication, the desktop entry should set theNoDisplay key totrue, so that it can be configured to be displayed only by those whoneed it.

  • In doubt, the package maintainer should coordinate with themaintainers of menu implementations through thedebian-desktopmailing list in order to avoid problems with categories or badinteractions with other icons. Especially for packages which are partof installation tasks, the contents of theNotShowIn/OnlyShowIn keys should be validated by themaintainers of the relevant environments.

Since the FreeDesktop menu is a cross-distribution standard, the desktopentries written for Debian should be forwarded upstream, where they willbenefit to other users and are more likely to receive extracontributions such as translations.

If a package installs a FreeDesktop desktop entry, it must not alsoinstall a Debian menu entry.

9.7.Multimedia handlers

Media types (formerly known as MIME types, Multipurpose Internet MailExtensions, RFCs 2045-2049) is a mechanism for encoding files and datastreams and providing meta-information about them, in particular theirtype and format (e.g.image/png,text/html,audio/ogg).

Registration of media type handlers allows programs like mail useragents and web browsers to invoke these handlers to view, edit ordisplay media types they don’t support directly.

There are two overlapping systems to associate media types to programswhich can handle them. Themailcap system is found on a large numberof Unix systems. TheFreeDesktop system is aimed at Desktopenvironments. In Debian, FreeDesktop entries are automaticallytranslated in mailcap entries, therefore packages already using desktopentries should not use the mailcap system directly.

9.7.1.Registration of media type handlers with desktop entries

Packages shipping an application able to view, edit or point to files ofa given media type, or open links with a given URI scheme, should listit in theMimeType key of the application’sdesktopentry. For URI schemes, the relevant MIME types arex-scheme-handler/* (e.g.x-scheme-handler/https).

9.7.2.Registration of media type handlers with mailcap entries

Packages that are not using desktop entries for registration shouldinstall a file inmailcap(5) format (RFC 1524) in the directory/usr/lib/mime/packages/. The file name should be the binary package’sname.

The mailcap package provides theupdate-mime program, whichintegrates these registrations in the/etc/mailcap file, using dpkgtriggers.[5]

Packages installing desktop entries should not install mailcap entriesfor the same program, because the mailcap package already readsdesktop entries.

Packages using these facilitiesshould not depend on, recommend, orsuggestmailcap.

9.7.3.Providing media types to files

The media type of a file is discovered by inspecting the file’s extensionor itsmagic(5) pattern, and interrogating a databaseassociating them with media types.

To support new associations between media types and files, theircharacteristic file extensions and magic patterns should be registeredto the IANA (Internet Assigned Numbers Authority). Seehttps://www.iana.org/assignments/media-types and RFC 6838 for details.This information will then propagate to the systems discovering filemedia types in Debian, provided by the shared-mime-info, media-typesand file packages. If registration and propagation can not be waitedfor, support can be asked to the maintainers of the packages mentionedabove.

For files that are produced and read by a single application, it is alsopossible to declare this association to theShared MIME Info system byinstalling in the directory/usr/share/mime/packages a file in theXML format specified athttps://standards.freedesktop.org/shared-mime-info-spec/latest/.

9.8.Keyboard configuration

To achieve a consistent keyboard configuration so that all applicationsinterpret a keyboard event the same way, all programs in the Debiandistribution must be configured to comply with the following guidelines.

The following keys must have the specified interpretations:

<--

delete the character to the left of the cursor

Delete

delete the character to the right of the cursor

Control+H

emacs: the help prefix

The interpretation of any keyboard events should be independent of theterminal that is used, be it a virtual console, an X terminal emulator,an rlogin/telnet session, etc.

The following list explains how the different programs should be set upto achieve this:

  • <-- generatesKB_BackSpace in X.

  • Delete generatesKB_Delete in X.

  • X translations are set up to makeKB_Backspace generate ASCIIDEL, and to makeKB_Delete generateESC[3~ (this is the vt220 escape code for the “deletecharacter” key). This must be done by loading the X resources usingxrdb on all local X displays, not using the application defaults,so that the translation resources used correspond to thexmodmapsettings.

  • The Linux console is configured to make<-- generate DEL, andDelete generateESC[3~.

  • X applications are configured so that< deletes left, andDelete deletes right. Motif applications already work like this.

  • Terminals should havesttyerase^? .

  • Thexterm terminfo entry should haveESC[3~ forkdch1,just as forTERM=linux andTERM=vt220.

  • Emacs is programmed to mapKB_Backspace or thesttyerasecharacter todelete-backward-char, andKB_Delete orkdch1todelete-forward-char, and^H tohelp as always.

  • Other applications use thesttyerase character andkdch1 forthe two delete keys, with ASCII DEL being “delete previous character”andkdch1 being “delete character under cursor”.

This will solve the problem except for the following cases:

  • Some terminals have a<-- key that cannot be made to produceanything except^H. On these terminals Emacs help will beunavailable on^H (assuming that thesttyerase charactertakes precedence in Emacs, and has been set correctly).M-xhelp orF1 (if available) can be used instead.

  • Some operating systems use^H forsttyerase. However, moderntelnet versions and all rlogin versions propagatestty settings,and almost all UNIX versions honoursttyerase. Where thestty settings are not propagated correctly, things can be made towork by usingstty manually.

  • Some systems (including previous Debian versions) usexmodmap toarrange for both<-- andDelete to generateKB_Delete. Wecan change the behavior of their X clients using the same X resourcesthat we use to do it for our own clients, or configure our clientsusing their resources when things are the other way around. Ondisplays configured like thisDelete will not work, but<--will.

  • Some operating systems have differentkdch1 settings in theirterminfo database forxterm and others. On these systems theDelete key will not work correctly when you log in from a systemconforming to our policy, but<-- will.

9.9.Environment variables

Programs installed on the system PATH (/bin,/usr/bin,/sbin,/usr/sbin, or similar directories) must not depend oncustom environment variable settings to get reasonable defaults. This isbecause such environment variables would have to be set in a system-wideconfiguration file such as a file in/etc/profile.d, which is notsupported by all shells.

If a program usually depends on environment variables for itsconfiguration, the program should be changed to fall back to areasonable default configuration if these environment variables are notpresent. If this cannot be done easily (e.g., if the source code of anon-free program is not available), the program must be replaced by asmall “wrapper” shell script that sets the environment variables if theyare not already defined, and calls the original program.

Here is an example of a wrapper script for this purpose:

#!/bin/shBAR=${BAR:-/var/lib/fubar}export BARexec /usr/lib/foo/foo "$@"

9.10.Registering Documents using doc-base

The doc-base package implements a mechanism for handling andpresenting documentation. Debian packages that provides onlinedocumentation (other than just manual pages) may register thesedocuments with doc-base by installing a doc-base control file in/usr/share/doc-base/.

Please refer to the documentation that comes with the doc-base packagefor information and details.

9.11.Alternate init systems

This section has been deleted.

9.11.1.Event-based boot with upstart

Theupstart event-based boot system is no longer maintained inDebian, so this section has been removed.

[1]

This is necessary in order to reserve the directories for use incross-installation of library packages from other architectures, aspart ofmultiarch.

[2]

This is necessary for architecture-dependent headers file to coexistin amultiarch setup.

[3]

These directories are used to store translators and as a set ofstandard names for mount points, respectively.

[4]

/lib/lsb/init-functions, which assists in writing LSB-compliantinit scripts, may fail ifset-e is in effect and echoing status messages to theconsole fails, for example.

[5]

Creating, modifying or removing a file in/usr/lib/mime/packages/ using maintainer scripts will notactivate the trigger. In that case, it can be done by callingdpkg-trigger--no-await/usr/lib/mime/packages from themaintainer script after creating, modifying, or removing the file.

9.12.Signaling that a reboot is required

Programs can signal that a reboot is required bytouching/run/reboot-required. It is conventional to add the name of thepackage(s) requiring the reboot to/run/reboot-required.pkgs. Programs should not add a package nameto/run/reboot-required.pkgs if it is already present there.

The/run/reboot-required mechanism is used when a reboot isneeded to fully apply the changes introduced by packageinstallation or upgrade. Typically it is thepostinstmaintainer script that touches/run/reboot-required, at the endof a successful configuration of the package.

There are no guarantees provided by the/run/reboot-requiredconvention as to when or whether the requested reboot will occur.