https://manual.archlinux.page/package-guidelines/ Recent content on Developer Manual Hugo en-us Licensed under [CC-BY-SA-4.0](https://gitlab.archlinux.org/archlinux/developer-manual/-/blob/main/LICENSE) https://manual.archlinux.page/package-guidelines/python/ Mon, 01 Jan 0001 00:00:00 +0000 https://manual.archlinux.page/package-guidelines/python/ <h1 id="python-package-guidelines">Python package guidelines<a class="anchor" href="#python-package-guidelines">#</a></h1> <p>This document covers standards and guidelines on writing <a href="https://wiki.archlinux.org/title/PKGBUILD">PKGBUILD</a>s for <a href="https://wiki.archlinux.org/title/Python">Python</a> software.</p> <h2 id="package-naming">Package naming<a class="anchor" href="#package-naming">#</a></h2> <p>For <a href="https://wiki.archlinux.org/title/Python#Installation">Python 3</a> library modules, use <code>python-modulename</code>. Also use the prefix if the package provides a program that is strongly coupled to the Python ecosystem (e.g. pip or tox). For other applications, use only the program name.</p> <blockquote class='book-hint note'> <p class="book-hint-heading note">ℹ️ Note</p> <p>The package name should be entirely lowercase.</p></blockquote><h2 id="architecture">Architecture<a class="anchor" href="#architecture">#</a></h2> <p>See <a href="https://wiki.archlinux.org/title/PKGBUILD#arch">PKGBUILD#arch</a>.</p> <p>A Python package that contains C extensions is architecture-dependent. Otherwise it is most likely architecture-independent.</p> https://manual.archlinux.page/package-guidelines/security/ Mon, 01 Jan 0001 00:00:00 +0000 https://manual.archlinux.page/package-guidelines/security/ <h1 id="security-package-guidelines">Security package guidelines<a class="anchor" href="#security-package-guidelines">#</a></h1> <p>This page describes security packaging guidelines for Arch Linux packages. For C/C++ projects the compiler and linker can apply security hardening options. Arch Linux applies <a href="https://wiki.archlinux.org/title/Wikipedia:Position-independent_code#PIE">PIE</a>, <a href="https://www.redhat.com/en/blog/enhance-application-security-fortifysource">FORTIFY_SOURCE</a>, stack protector, <a href="https://wiki.archlinux.org/title/Wikipedia:NX_bit">nx</a> and <a href="https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro">relro</a> by default.</p> <h2 id="usage">Usage<a class="anchor" href="#usage">#</a></h2> <p>Hardening protections can be reviewed by running <a href="https://archlinux.org/packages/?name=checksec">checksec</a>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ checksec --file<span style="color:#f92672">=</span>/usr/bin/cat</span></span></code></pre></div><blockquote class='book-hint tip'> <p class="book-hint-heading tip">💡 Tip</p> <p><a href="https://wiki.archlinux.org/title/Namcap">Namcap</a> also reports some security issues described on this page.</p></blockquote><h2 id="relro">RELRO<a class="anchor" href="#relro">#</a></h2> <p>RELRO is a generic mitigation technique to harden the data sections of an ELF binary/process. When a program is loaded several ELF memory sections need to be written to by the linker but can be turned read-only before turning control over to the program. This prevents attackers of overriding some ELF sections. There are two different RELRO modes:</p> https://manual.archlinux.page/package-guidelines/vcs/ Mon, 01 Jan 0001 00:00:00 +0000 https://manual.archlinux.page/package-guidelines/vcs/ <h1 id="vcs-package-guidelines">VCS package guidelines<a class="anchor" href="#vcs-package-guidelines">#</a></h1> <p><a href="https://wiki.archlinux.org/title/Wikipedia:Revision_control">Version control systems</a> can be used for retrieval of source code for usual statically versioned packages, and the latest (trunk) version of a development branch.</p> <blockquote class='book-hint tip'> <p class="book-hint-heading tip">💡 Tip</p> <p>Use <code>/usr/share/pacman/PKGBUILD-vcs.proto</code> prototype provided by the <a href="https://archlinux.org/packages/?name=pacman">pacman</a> package.</p></blockquote><h2 id="package-naming">Package naming<a class="anchor" href="#package-naming">#</a></h2> <p>Suffix <code>pkgname</code> with <code>-bzr</code>, <code>-cvs</code>, <code>-darcs</code>, <code>-git</code>, <code>-hg</code>, <code>-svn</code>, etc., unless the package fetches a specific release.</p> <h2 id="versioning">Versioning<a class="anchor" href="#versioning">#</a></h2> <p>If the resulting package is different after changing e.g. the dependencies, URL or sources — update <code>pkgver</code> to the latest version. If <code>pkgver</code> has not changed since the last update to the <code>PKGBUILD</code>, increase <code>pkgrel</code> instead.</p>