Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads
- To: Simon McVittie <smcv@debian.org>
- Cc: 542288@bugs.debian.org
- Subject: Bug#542288: debian-policy: Version numbering: native packages, NMU's, and binary only uploads
- From: Russ Allbery <rra@debian.org>
- Date: Fri, 02 Apr 2021 10:22:33 -0700
- Message-id: <[🔎] 87o8ew4n52.fsf@hope.eyrie.org>
- Reply-to: Russ Allbery <rra@debian.org>, 542288@bugs.debian.org
- In-reply-to: <YGcG/Flni9VYt0o4@momentum.pseudorandom.co.uk> (Simon McVittie's message of "Fri, 2 Apr 2021 12:58:52 +0100")
- References: <877hx0nb7b.fsf@anzu.internal.golden-gryphon.com> <8760fjbwsq.fsf@hope.eyrie.org> <20170625223954.lknih7yplcsolcd2@perpetual.pseudorandom.co.uk> <87vanj8yeg.fsf@hope.eyrie.org> <877hx0nb7b.fsf@anzu.internal.golden-gryphon.com> <[🔎] 87mtuhmqm0.fsf@hope.eyrie.org> <YGcG/Flni9VYt0o4@momentum.pseudorandom.co.uk> <877hx0nb7b.fsf@anzu.internal.golden-gryphon.com>
Simon McVittie <smcv@debian.org> writes:
> The other way is to repackage the new upstream release from first
> principles, either because it's a new release from an upstream branch
> that's older than the one in testing/unstable (like src:flatpak in
> Debian 10), or because testing/unstable already has packaging changes
> that aren't suitable for stable (like src:dbus in Debian 10). In this
> case it would be misleading to use a version number like
> flatpak_1.2.5-1~deb10u1 (because 1.2.5-1 never existed) or
> dbus_1.12.20-1~deb10u1 (because 1.12.20-1 did exist, but the version of
> dbus in stable was not based on it, and does not have the downstream
> changes from that version). Instead, the convention that has emerged is
> to use 0+deb10u1, by analogy with the convention that an NMU introducing
> a new upstream release has revision number 0.1.
Ah, thanks for this. I wasn't aware this convention existed.
Here's a new draft, which is unfortunately quite a bit longer because it's
hard to make this clear. I also added the +really convention explicitly,
since it's mentioned immediately above, and noted that the stable update
and backport conventions can, in rare circumstances, stack.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
diff --git a/policy/ch-controlfields.rst b/policy/ch-controlfields.rst
index a21a510..2fd6868 100644
--- a/policy/ch-controlfields.rst
+++ b/policy/ch-controlfields.rst
@@ -582,20 +582,17 @@ The three components here are:
alphanumerics and the characters ``+`` ``.`` ``~`` (plus, full stop,
tilde) and is compared in the same way as the ``upstream_version`` is.
- It is optional; if it isn't present then the ``upstream_version``
- may not contain a hyphen. This format represents the case where a
- piece of software was written specifically to be a Debian package,
- where the Debian package source must always be identical to the
- pristine source and therefore no revision indication is required.
+ It is conventional to restart the ``debian_revision`` at ``1`` each
+ time the ``upstream_version`` is increased.
- It is conventional to restart the ``debian_revision`` at ``1``
- each time the ``upstream_version`` is increased.
+ The package management system will break the version number apart at
+ the last hyphen in the string (if there is one) to determine the
+ ``upstream_version`` and ``debian_revision``. The absence of a
+ ``debian_revision`` is equivalent to a ``debian_revision`` of ``0``.
- The package management system will break the version number apart
- at the last hyphen in the string (if there is one) to determine
- the ``upstream_version`` and ``debian_revision``. The absence of a
- ``debian_revision`` is equivalent to a ``debian_revision`` of
- ``0``.
+ Presence of the ``debian_revision`` part indicates this package is a
+ non-native package (see :ref:`s-source-packages`). Absence indicates
+ the package is a native package.
When comparing two version numbers, first the epoch of each are
compared, then the ``upstream_version`` if epoch is equal, and then
@@ -625,6 +622,8 @@ These two steps (comparing and removing initial non-digit strings and
initial digit strings) are repeated until a difference is found or both
strings are exhausted.
+.. _s-avoid-epochs:
+
Epochs should be used sparingly
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -639,13 +638,132 @@ Epochs should not be used when a package needs to be rolled back.
In that case, use the ``+really`` convention: for example, if you
uploaded ``2.3-3`` and now you need to go backwards to upstream 2.2,
call your reverting upload something like ``2.3+really2.2-1``.
-Eventually, when we upload upstream 2.4, the +really part can go away.
+Eventually, when we upload upstream 2.4, the ``+really`` part can go away.
Epochs are also not intended to cope with version
numbers containing strings of letters which the package management
system cannot interpret (such as ``ALPHA`` or ``pre-``), or with silly
orderings. [#]_
+Special version conventions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The following special version numbering conventions are used in the Debian
+archive:
+
+- The absence of ``debian_revision``, and therefore of a hyphen in the
+ version number, indicates that the package is native.
+
+- The presence of ``+really`` in the ``upstream_version`` component
+ indicates that a newer upstream version has been rolled back to an older
+ upstream version. The part of the ``upstream_version`` component
+ following ``+really`` is the true upstream version. See
+ :ref:`s-avoid-epochs` for an example of when this is used.
+
+Non-maintainer uploads:
+
+- ``debian_revision`` components ending in ``.`` (period) followed by a
+ number indicate this version of the non-native package was uploaded by
+ someone other than the maintainer (an NMU or non-maintainer upload).
+ This is used for a source package upload; for uploads of only binary
+ packages without source changes, see the binary NMU convention below.
+
+- ``upstream_version`` components in native packages ending in ``+nmu``
+ followed by a number indicate an NMU of a native package. As with the
+ convention for non-native packages, this is used for a source package
+ upload, not for uploads of only binary packages without source changes.
+
+- ``upstream_version`` components in native packages or
+ ``debian_revision`` components in non-native packages ending in ``+b``
+ followed by a number indicate a binary NMU: an upload of a binary
+ package without any source changes and hence without any corresponding
+ source package upload or version change.
+
+Stable updates:
+
+- ``upstream_version`` components in native packages ending in ``+debNuX``
+ indicate a stable update. This is a version of the package uploaded
+ directly to a stable release, and the version is chosen to sort before
+ any later version of the package uploaded to Debian's unstable or a
+ later stable distribution. ``N`` is the major version number of the
+ Debian stable release to which the package was uploaded, and ``X`` is a
+ number, starting at 1, that is increased for each stable upload of this
+ package.
+
+ For example, suppose Debian 10 released with a package with version
+ ``1.4``. The first stable update of that package would have the version
+ ``1.4+deb10u1``, and a subsequent update would have the version
+ ``1.4+deb10u2``. These versions are chosen to sort before ``1.5`` (the
+ next unstable version) or ``1.4+deb11u1`` (a stable update to a
+ subsequent Debian 11 release).
+
+- ``debian_revision`` components in non-native packages ending in
+ ``debNuX`` also indicate a stable update. Either ``~`` or ``+`` will be
+ used before this string depending on the details of the update. As with
+ native packages, ``N`` is the major version number of the Debian stable
+ release to which the package was uploaded, and ``X`` is a number,
+ starting at 1, that is increased for each stable upload of this package.
+
+ There are three cases for non-native packages:
+
+ #. For stable updates that use the same upstream version, the
+ ``debian_revision`` component will end in ``+debNuX``. The portion
+ of the version before that string is the original package version in
+ the stable release.
+
+ #. For stable updates to a new upstream version that is based on a newer
+ unstable package, the ``debian_revision`` component will end in
+ ``~debNuX``. The portion before that string will be the unstable
+ version on which the package is based.
+
+ #. If a stable update is based on a new upstream version but is not
+ based on a newer unstable package, the convention is to form the
+ version number by taking the upstream version, appending ``-0``, and
+ then appending ``+debNuX`` (so the ``debian_revision`` component will
+ be ``0+debNuX``).
+
+ In all cases, these versions are chosen so that they will sort earlier
+ than a subsequent unstable package of the same upstream version and thus
+ that the stable package will upgrade to a newer version during a
+ subsequent system upgrade.
+
+ For example, suppose Debian 10 released with a package with version
+ ``1.4-5``. If that package later receives a stable update in Debian 10
+ that uses the same upstream version, the first update would have the
+ version ``1.4-5+deb10u1``. A subsequent update would have version
+ ``1.4-5+deb10u2``.
+
+ If instead the package receives a stable update based on a ``1.5-1``
+ unstable package, the first such stable update would have the version
+ ``1.5-1~deb10u1`` and a subsequent update would have the version
+ ``1.5-1~deb10u2``.
+
+ If there were no unstable ``1.5-1`` package, but there were a stable
+ update to an upstream 1.5 release, the first such stable update would
+ have the version ``1.5-0+deb10u1``.
+
+Backports:
+
+- ``upstream_version`` components in native packages or
+ ``debian_revision`` components in non-native packages ending in
+ ``~bpoNuX`` indicate a backport of a version of the package to an older
+ stable release. The part of the version before ``~bpo`` is the version
+ of the package being backported, ``N`` is the major version number of
+ the Debian stable release to which the package was backported, and ``X``
+ is a number, starting at 1, that is increased for each revision of the
+ backport of that package version. The rationale is the same as for
+ stable updates, with the additional goal of ensuring a backported
+ version sorts earlier than a stable update with the same upstream
+ version.
+
+ Be aware that the stable update and backport conventions can stack. If,
+ for example, Debian 10 contains a package with version ``1.4-5+deb10u1``
+ and that package is backported to Debian 9, the version of the Debian 9
+ backport would be ``1.4-5+deb10u1~bpo9u1`` (although this scenario is
+ rare).
+
+This list of version conventions is not exhaustive.
+
.. _s-f-Description:
``Description``
diff --git a/policy/ch-scope.rst b/policy/ch-scope.rst
index e3db6c1..45f150f 100644
--- a/policy/ch-scope.rst
+++ b/policy/ch-scope.rst
@@ -182,6 +182,24 @@ ASCII
first 128 `Unicode <http://www.unicode.org/>`_ characters, with the
eighth bit always zero.
+upstream
+ The source of software that is being packaged, or the portion of a
+ software package that originates from outside of Debian. For example,
+ suppose Alice writes and releases a free software package, and then
+ Bob creates a Debian package of that software package. Alice is the
+ *upstream maintainer* (sometimes abbreviated as *upstream*) of the
+ package, Alice's releases are the *upstream releases*, and the version
+ number she puts on a release is the *upstream version*. Bob may make
+ Debian-specific modifications to the package, and then later send
+ those modifications *upstream* to be incorporated in Alice's releases.
+
+ The packager and upstream developer may be the same person. For
+ example, Alice may choose to package her own software for Debian.
+ However, this manual still distinguishes between the role of upstream
+ and the role of Debian packager, even when the same person is filling
+ both of those roles, since they have some implications for the details
+ of packaging.
+
UTF-8
The transformation format (sometimes called encoding) of
`Unicode <http://www.unicode.org/>`_ defined by `RFC
diff --git a/policy/ch-source.rst b/policy/ch-source.rst
index edae8c1..d6fbfc7 100644
--- a/policy/ch-source.rst
+++ b/policy/ch-source.rst
@@ -1,6 +1,37 @@
+.. _s-source-packages:
+
Source packages
===============
+A Debian source package contains the source material used to construct one
+or more :doc:`binary packages <ch-binary>`. A source package consists of
+a ``.dsc`` file (see :ref:`s-debiansourcecontrolfiles`), one or more
+compressed tar files, and possibly other files depending on the type and
+format of source package. Binary packages are contructed from the source
+package via a build process defined by ``debian/rules`` and other files in
+the ``debian`` directory of the unpacked source package.
+
+Debian source packages are classified as *native* or *non-native*.
+
+A native source package is one that does not distinguish between Debian
+packaging and upstream releases. A native source package contains a
+single tar file of source material, and the versioning does not have a
+Debian-specific component. Native packages are normally (but not
+exclusively) used for software that has no independent existence outside
+of Debian, such as software written specifically to be a Debian package.
+
+A non-native source package separates the upstream release from the Debian
+packaging and any Debian-specific changes. The source in a non-native
+source package is divided into one or more upstream tar files plus a
+collection of Debian-specific files. (Depending on the format of the
+source package, those Debian-specific files may come in the form of
+another tar file or in the form of a compressed diff.) The version of a
+non-native package has an upstream component and a Debian component, and
+there may be multiple Debian package versions associated with a single
+upstream release version and sharing the same upstream source tar files.
+
+Most source packages in Debian are non-native.
+
.. _s-standardsversion:
Standards conformance
Reply to: