This page should morph into a guidelines document upstream developpers can consult before releasing material for us to package. It should list clear requirements, and provide a terse explanation on the reasons behind each of the rules we lay out.

The original JPackage version can be found at

What we are talking about

All the rules outlined in the following document apply to the release dumps of archive files a project publishes. Unlike an external developer, an external packager will usually not devote his energies to a single project. Web tools like FAQs, cvswebs, bugzillas, and mail archives are of little interest to a packager. He will use them, but only as a last resort. The developer realm is the application. The packager realm is the whole system. This broader focus means a packager cannot afford as deep a knowledge of individual projects as a developer can.

A well run project will provide releases that stand on their own, include all build/licensing/usage documentation, and do not require any external patches to run. This only applies for the materials the project "owns" and maintains - external tools and libraries are subject to their own separate packaging processes.

What we are absolutely not talking about

All the restrictions listed in this document do not apply to internal project tools. We absolutely do not care about the project CVS organization, the shortcuts developers take to simplify their lives, etc as long as they do not bleed into the release archives.

Bear in mind though, if the internal project layout drifts too far from the requirements of the release archives, releasing your project will become increasingly painful and expensive.

What we are not talking about yet

Since the actual packaging rules each distribution uses have not been standardized yet, we do not ask upstream projects to provide Linux packages or automated tasks to create them. Even if there is a common packaging policy and tools, please do not include the package build scripts debian/, RPM spec file in the distribution, as packagers will need to modify them and they will get out of sync with the upstream version.

However, even when generic packages will be possible, and upstream authors will provide the scritps/description files/<whatever we agree upon>, there will probably still be a need for fine-tuning these files. The actual changes though should become more and more minor and will be done in the usual patching procedure during package builds.

And now, the actual rules.

The rules

1. Provide source-only releases

When building software from sources, binaries are only a waste of bandwidth and disk space. The same is true for javadocs, generated docs, and so on. But nothing prevents for you from providing a binary release either.

2. Do not include external binaries

Including external binaries is evil because:

But nothing prevents you from providing those binaries in a separate archive.

3. Document your application dependencies

A clean doc listing:

... can help an external packager immensely. Bundling the dependency binaries with your archive is no substitute - people won't trust a binary blob of unknown origins, investigating these origins will often make packaging your software much too expensive.

4. Provide all the sources and scripts needed for building

It is always a pain to not have doclet sources, or an ant build script, as it prevents to recreate original building process.

This does not mean you have to bundle external stuff see previous point. You shall however provide all the facilities needed to build your project that you are maintaining yourself.

Moreover, if several of your projects use the same infrastructure, making it a standalone public project is often a worthwhile move.

5. Do not download any files during the build process

6. Help people specify the build <tt>CLASSPATH</tt>

When people add your software to an integrated system, they will use the external dependencies already provided by this system, not the jar files you use internally. This means they will need to specify a classpath part for each dependency of your software. Do not assume:

Make specifying the build classpath easy using either command line switches or property files and document it.

7. Do not use non-API classes

We try to get a package working with as many JVM and environments alternative sources/versions for one API as possible. Every use of a non API sun. classes, java.home layout, basicly everything, which isn't explictly declared API can break a package on different systems. Non-API can change without notice, even in minor releases. Don't depend on it!

This is especially true if non sun derived JVM like kaffe, gij/gcj and sablevm are used to run your application and the application usees internal sun. classes or assumes a java.home layout.

8. Do not use or rely on Class-Path references in jar MANIFESTs

The Class-Path system of MANIFESTs is evil because:

Classpath handling is a generic problem and will be handled at the system level see also ?ApplicationClasspath.

9. Do not assume a single-root file layout

Unlike a Windows system, a Linux system will install your files in different parts of the filesystem depending on their use and the filesystem properties they need. This is an hard requirement for all applications regardless of the langage they're written in.

The filesystem layout used by every single Linux distribution is documented in the Filesystem Hierarchy Standard. Read the spec and see how all the file/directories you use fit in.

10. Do not assume the user will be the system administrator

Unix system have a clear administrator/user separation. If your software is intended for a end-user, do not assume he will be allowed to manipulate common configuration files or plugin directories.

11. Provide Unix archives

The zip format doesn't preserve Unix file permissions, and is inefficient. Gzipped, or even better, bzipped tarballs are more convenient. But nothing prevents you from providing also zip format archives.

12. Use clear versionning

And include it in your archive filenames.

Having a single URI pointing to different contents at different points of times makes packaging difficult.

An untagged CVS dump is not a proper version.

The usual naming is a name-x.y.z.tar.gz archive containing the same name-x.y.z top directory. No top directory or a top directory named a different way than the archive can be handled but it's generally a pain. Please do not try and mix all namexyz NAME_x_y_z... permutations - choose one, preferably name-x.y.z, and stick to it.

13. Provide a cryptographically GPG signed hash of your archives

So people can check they are really using the sources you released, and your software has not been modified by a malicious entity on your download servers.

14. Provide a clear licensing document

So it can be added to the package documentation.

Avoid custom licenses - packagers and end-users are no lawyers. If they are not sure of what you allow them to, they'll pass. Use widely-distributed licenses everyone understands and that have been reviewed by organisations like the OSI

15. Provide a sensical default configuration

... if your software can be configured.

Ideally it should be sufficient to test your software, and not dangerous security-wise.

If people need to read a lenghty documentation to use your sofware, they will pass on it the packager first of them

16. Do include tests

... in your release archives. Bear in mind though if one needs deep knowledge of your application to run the tests, they won't be used. In this case including them in your release is a waste of bandwidth. The same attention should be put into the test scripts as in the build scripts - people won't waste time fixing hardcoded jar references in a test file.

Also, a packager may not have the knowledge necessary to evaluate test output. A simple summary at the end of the run listing the tests that passed and the tests that failed, the tests that are critical and the tests that aren't helps a lot

17. Do include examples and documentation

But bear in mind if some part of the documentation does not follow the same release cycle as the rest of your product, it will be easier for everyone if it has its own release process and release archives.

Also, if some part of the documentation can be generated from the source files like javadoc or docbook documents a linux packager will always prefer regenerating it than using precooked files see 1.. So either do not include them at all, or put them in a separate archive and do include clean versions of the scripts used to generate this documentation.

18. debian only yet Do not rely on environment variables to run your app

Debian has a policy that a application must run without any set environment variables. A user shouldn't need to do some configuration beforehand to get a app working.

So don't use JAVA_HOME to figure out the JVM see ?FindingWorkingRuntime for proposed solutions to the problem.