Revision as of 20:22, 3 April 2010 (view source) Nashif (Talk | contribs) (→BuildRoot tag) ← Older edit		Revision as of 07:49, 28 April 2010 (view source) Jfding (Talk | contribs) (→Writing a package from scratch) Newer edit →
Line 160:		Line 160:
	== Writing a package from scratch ==		== Writing a package from scratch ==
-	See Spectacle	+	See [[Spectacle]]
-		+
	== Modifying existing Packages ==		== Modifying existing Packages ==

---

Revision as of 07:49, 28 April 2010

Contents 1 Packaging Guidelines 1.1 Package Naming 1.2 Version and Release 1.2.1 Version 1.2.2 Release 1.3 Tags 1.3.1 Summary Tag 1.3.2 Group Tag 1.3.3 BuildRoot tag 1.3.4 PreReq 1.3.5 Explicit Requires 1.3.6 BuildRequires 1.3.7 Patches 1.4 Writing a package from scratch 1.5 Modifying existing Packages 1.6 Changelogs 1.6.1 General information 1.6.2 Bug Numbers in the change log 1.6.3 CVE numbers in change log 1.6.4 Spec File changes 1.6.5 Source Code changes

Packaging Guidelines

Guidelines below were adapted for MeeGo from Moblin, OpenSUSE, Fedora and other distributions.

Package Naming

• Dash '-' must be used as the delimiter for name parts.
• Do NOT use an underscore '_', a plus '+', or a period '.' as a delimiter.
• The spec file should be named using the %{name}.spec scheme which should also correspond to the package name within a project in the build system.

Version and Release

Version

The Version field in the spec file is where you should put the current version of the software being packaged. There are four cases where the version contains non-numeric characters:

• Pre-release packages: Packages released as "pre-release" versions, prior to a "final" version. Example tags include "alpha", "beta", "rc", "cvs", "git".
• Post-release packages: Packages released after a "final" version. These packages contain the same numeric version as the "final" version, but have an additional non-numeric identifier.
• Snapshot packages: Packages built from SCM snapshots. These packages could be either "pre" or "post" release packages.

Release

This field is handled by the build system to be able to manage automated builds. The initial setting in the spec file is used by the build system but in many cases it does not need to be changed.

There is no need for the %{dist} macro in the release field. This is also handled directly by the build system.

The release number is set to zero with any version update. It is increased by one with any change in the package.

Tags

• The Packager tag should not be used in spec files. The identities of the packagers are evident from the changelog entries. By not using the Packager tag, you also avoid seeing bad binaries rebuilt by someone else with your name in the header. See also the Maximum RPM definition of the Packager tag at www.rpm.org . If you need to include information about the packager in the rpms you built, use %packager in your ~/.rpmmacros instead.
• The Vendor tag should not be used. It is set automatically by the build system.

• Usually, the PreReq tag should be replaced by plain Requires. For more info, see Maximum RPM snapshot's fine grained dependencies chapter .
• The Source tag documents where to find the upstream sources for the rpm. In most cases this should be a complete URL to the upstream tarball.

Summary Tag

The summary is a single line string describing the package. The maximum length is 80 characters. It should fit all standard situations and not assume any special context. It should be helpful alone, in alphabetically sorted or unsorted lists of some selected packages, and in alphabetically sorted or unsorted lists of all packages.

It should describe the package's main function and point out any special properties of the package to support the user comparing similar packages. For example, the two words "Web Browser" summarize any web browser, but using additional adjectives (like minimalistic, complex, GNOME, KDE, text-based, fast, or author's) helps characterize a specific package.

The RPM spec file contains only the English version to keep the RPM database small.

• The Summary tag value should not end in a period. If this bothers you from a grammatical point of view, sit down, take a deep breath, and get over it.

Group Tag

Valid RPM Groups are:

Amusements/Games
Amusements/Graphics
Applications/Archiving
Applications/Communications
Applications/Databases
Applications/Editors
Applications/Emulators
Applications/Engineering
Applications/File
Applications/Internet
Applications/Multimedia
Applications/Productivity
Applications/Publishing
Applications/System
Applications/Text
Development/Debuggers
Development/Languages
Development/Libraries
Development/System
Development/Tools
Documentation
System/Boot
System/Console
System/I18n/Chinese
System/I18n/Japanese
System/I18n/Korean
System/Packages
System/Base
System/Daemons
System/Kernel
System/Libraries
System/Shells
System/X11
System/X11/Fonts
System/X11/Icons
System/GUI/XFCE
System/GUI/Other
System/GUI/GNOME

BuildRoot tag

The BuildRoot value MUST be below %{_tmppath}/ and MUST contain at least %{name}, %{version} and %{release}.

The recommended values for the BuildRoot tag are (in descending order of preference) :

%{_tmppath}/%{name}-%{version}-%{release}-root

The BuildRoot tag can be omitted in packages targeting MeeGo only and is handled directly by rpm in MeeGo, for packages that need to run on other distros with older rpm it should be added for backward compatibility.

PreReq

Packages should not use the PreReq tag. Once upon a time, in dependency loops PreReq used to "win" over the conventional Requires when RPM determined the installation order in a transaction. This is no longer the case.

Explicit Requires

Packages must not contain explicit Requires on libraries except when absolutely necessary. When explicit library Requires are necessary, there should be a spec file comment justifying it.

We generally rely on rpmbuild to automatically add dependencies on library SONAMEs. Modern package management tools are capable of resolving such dependencies to determine the required packages. Explicit dependencies on specific package names may aid the inexperienced user, who attempts at installing RPM packages manually, however, history has shown that such dependencies add confusion when library/files are moved from one package to another, when packages get renamed, when one out of multiple alternative packages would suffice, and when versioned explicit dependencies become out-of-date and inaccurate. Additionally, in some cases, old explicit dependencies on package names require unnecessary updates/rebuilds.

Exemplary rationale for a versioned explicit dependency:

  # The automatic dependency on libfubar.so.1 is insufficient,
  # as we strictly need at least the release that fixes two segfaults.
  Requires: libfubar >= 0:1.2.3-7

Packagers should revisit an explicit dependency as appropriate to avoid it becoming inaccurate and superfluous.

BuildRequires

In package development and testing, please verify that your package is not missing any necessary build dependencies. Having proper build requirements saves the time of all developers and testers as well as build systems because they will not need to search for missing build requirements manually. It is also a safety feature that prevents builds with that would not otherwise fail, but would be missing crucial features. For example, a graphical application may exclude PNG support after its configure script detects that libpng is not installed.

Before adding BuildRequires to any package, please be comfortable with Requires .

Patches

Each problem should be solved in a separate patch. To allow easy maintenance of patches, every patch should have a header providing the following information:

• Authors' names
• Detailed description of the fixed problem
• URL of the original source of the patch if any

The name of a patch file consists of:

• The name and version of the source tarball from which the patched file is derived
• Some words that characterize the patch content
• The filename suffix .patch

Patches are in the unified format (diff -u) and should be applied with 1 strip level in the spec file (%patch -p1). The only exceptions are the patches obtained from an another primary source site. The original name, suffix, and format is preserved in this case.

Each patch should be compressed with bzip2 if its size is greater than 100kB. The macros %name and %version should be used whenever possible.

Example:

Source:   %{name}-%{version}.tar.bz2
Patch0:   %{name}-%{version}-autoconf.patch
Patch1:   %{name}-%{version}-gcc31.patch

For the patches to be applied, the patches should be mentioned under %setup. For the above example, this could be done as

%setup -q
%patch0 -p1
%patch1 -p1

Writing a package from scratch

See Spectacle

Modifying existing Packages

If you base a new package on an existing non-MeeGo package, make sure you verify its correctness of the package and the spec file and to understand exactly what has been done to package the software exactly. Do not submit a package without knowing what those strange, but innocent-looking commands do.

In particular, you should

• verify any sources and patches and remove patches or sources that:
  • are related to platforms we do not support (example: sparc, ia64, ppc, ...)
  • Implement features we do not support (example: selinux)
  • Read every patch and understand what it does, if it is needed, put an explanation in the header justifying why the patch is needed.
• verify that the license stated in the spec file matches the actual license of the software,
• skim the summary and description for typos and oddities (see Summary and description ),
• make sure that the correct build root is used,
• ensure that macro usage is consistent and that the macros are available in MeeGo (see Macros ).

Keep old changelog entries to credit the original authors. Entries that are several years old or refer to ancient versions of the software may be erased. If you end up doing radical changes and re-write most of the spec file anyway, feel free to start the changelog from scratch. In other words, use your best judgement.

Changelogs

This section describes the MeeGo policy for RPM changelogs. (Original changelogs included in the original source are not affected by this policy.)

Please consider that a "normal end user with some technical skills" should be able to read and understand an RPM changelog. Changelog entries have to be in chronological order. Newer change log entries are listed above older entries, with the first entry being the most recent.

General information

• MeeGo uses a separate file for package changes. This file is called like the spec file, but has *.changes instead of *.spec as ending remarkably similar to a debian changes file.
• Entries in the changes file have the following structure:

Tue Apr 22 20:54:26 CEST 2009 - your@email.com

-

In short, the changes file is identical in format and purpose to debian's changes file.

Bug Numbers in the change log

During maintenance of a distribution, every change has to be marked with the correct bug number. Normally this has to be an number from https://bugzilla.meego.com/. Adding an entry with bugzilla number to the changelog should result in a short description of the bug-summary and the bug number. For example:

- Removed invalid desktop Category "Application" (MB#4654).
- Symlink icon to pixmaps dir (MB#2108)
- Added gnome-ui-properties to control-center (MB#1960).

CVE numbers in change log

Same as for bugzilla numbers: Add a short description (normally the CVE summary should be enough), the Bugzilla and the CVE number to the changelog entry. Examples:

- Add gdk-pixbuf-226710.patch (MB#226710, and CVE-2007-0010).
- More XPM fixes: CVE-2005-2975 xpm too many colors DoS (MB#129642)
- fix ~/.dmrc symlink attack (MB#180704, CVE-2006-2449)

Spec File changes

Be as precise as possible! This is especially important if you remove something from the spec file.

• Removing original source code must be declared in spec file with a comment ("useful for FreeBSD only" for example) - not necessary to repeat the comment in specfile.
• Extra commands (for example during %install) can be illustrated with a short comment in spec file
• Adding/Removing packages from Requires/Provides must be described in the changelog

Source Code changes

Document the most important changes but limit verbosity.

• look into the source changelog and pick up the most important changes for the distribution (changes for other operation systems are not important). What has changed in the new version, usually in the level of detail of a NEWS file, the change log files are usually too long. More than 10-15 lines shouldn't be necessary to describe the most important changes.
• arrange the original changes behind the version update information. Example:

 - Update to 1.3.2:
   + fixes memory leak in import function
   + new API command: unlock_client()
   + the following bugs are closed by this new upstream release:
   ++ ............ [MGN:332]
   ++ .............[MGN:337]
 - split of devel package

• If upstream does not provide a meaningful change log, then only do best effort. Don't waste too much time over it.
• If the upstream tarball really has not changed except for the version number, just the version number in the change log would be fine. Same goes for packages just containing some graphics or theming (unless upstream already provides something that fits). If the upstream changes just consists of "updated translation" or "several bug fixes" even that can be sufficient for a changelog entry (unless these bug fixes contain something you find worth mentioning).