Freedesktop packaging

Freedesktop packaging
Name	Freedesktop packaging
Developer	Various XDG communities, freedesktop.org contributors, distributions
Released	2000s
Operating system	Linux, BSD variants
License	Various

Freedesktop packaging

Freedesktop packaging refers to the conventions, metadata, and interoperability practices cultivated around freedesktop.org projects to enable cohesive packaging across Linux distributions and related BSD systems. It synthesizes work from projects and institutions such as X.Org Foundation, GNOME Project, KDE e.V., Desktop D-Bus initiatives and integrates with distribution ecosystems maintained by organizations like Debian Project, Ubuntu, Fedora Project, openSUSE, Arch Linux, and vendors such as Red Hat, Canonical Ltd., SUSE and companies including Intel Corporation, IBM, Google, and Microsoft where relevant. The packaging approach aims to harmonize metadata, file locations, MIME databases, icon themes, desktop entries and runtime environments across disparate projects and packaging systems.

Overview

Freedesktop packaging evolved from interoperability efforts among projects like X.Org Server, GTK+, Qt Project, PulseAudio Project, systemd and Mesa 3D and from standards promulgated at freedesktop.org and allied venues such as the Desktop Summit, GNOME Summit, KDE Akademy and conferences hosted by organizations like Linux Foundation and Open Source Summit. Key goals mirror those of long-standing initiatives by the Debian Project and RPM-based communities: consistent Filesystem Hierarchy Standard conventions, shared MIME and icon registries inspired by work from XDG Base Directory Specification authors and contributors from repositories like Open Build Service and OBS. Packaging intersects with upstream projects including Wayland, X11, PipeWire and Flatpak Project while coordinating with distribution tooling such as dpkg, rpm, pacman, Portage and pkgsrc.

Packaging Standards and Specifications

Standards central to Freedesktop packaging include the XDG Base Directory Specification, Desktop Entry Specification, Icon Theme Specification, MIME Applications, Shared MIME-info Database, and specifications influenced by D-Bus and systemd unit file conventions. These specifications complement metadata standards used by package ecosystems like Debian Policy, RPM Packaging Guide, Arch packaging standards and Gentoo guidelines. Work from projects like Flatpak and AppImage inspired application sandboxing and single-file distribution approaches that interact with freedesktop metadata. Contributors include organizations such as freedesktop.org, GNOME Foundation, KDE e.V., X.Org Foundation, and corporates like Red Hat and Canonical Ltd..

Tools and Build Systems

Tooling for Freedesktop packaging spans build systems and helper utilities: Autotools, CMake, Meson, GNU Make, Bazel, Ninja, SCons, Waf and language-specific ecosystems such as Python Package Index, CPAN, RubyGems, npm, Cargo, Go Modules and Haskell Cabal. Packaging helpers and builders include dpkg-buildpackage, rpmbuild, mock, pbuilder, openSUSE OBS, copr, BuildBot, Jenkins, GitLab CI/CD, GitHub Actions, koji, craft, portage tooling and pkgsrc frameworks. Integration with freedesktop metadata is supported by tools like desktop-file-utils, xdg-utils, glib-compile-schemas, update-desktop-database, update-icon-caches, and build-time helpers from mesonbuild and cmake modules authored by upstream projects including GNOME Project and KDE e.V. contributors.

Distribution and Repository Integration

Distributions integrate freedesktop conventions into packaging policies across repository infrastructures such as Debian Archive, Ubuntu Archive, Fedora Copr, openSUSE Build Service, Arch User Repository, Gentoo Portage Tree, FreeBSD Ports Collection and enterprise systems maintained by Red Hat and SUSE. Repository metadata formats like APT, YUM, DNF, Zypper, pacman and universal formats such as OSTree, Flatpak Remote, Snapcraft and AppImageHub mediate distribution. Collaboration often happens via groups linked to freedesktop.org, X.Org Foundation, GNOME Foundation, KDE e.V., Debian Project and Ubuntu Foundation as well as vendor ecosystems such as Red Hat and Canonical Ltd..

Security and Signing

Security practices around Freedesktop packaging leverage cryptographic signing systems and infrastructure maintained by projects and vendors: OpenPGP keys used in Debian Project and RPM-GPG setups, GPG-based repository signing, TLS served by hosts like gitlab.com and github.com for CI artifacts, and supply-chain protections influenced by initiatives like sigstore and The Update Framework. Vulnerability management interacts with trackers and databases run by organizations such as CVE Program, NVD, Debian Security, Ubuntu Security Team, Red Hat Security Response and coordinated disclosure policies involving upstream projects including systemd and glibc maintainers. Package signing, deterministic builds and reproducible build efforts are advanced by communities including Reproducible Builds and organizations like Software Heritage.

Best Practices and Guidelines

Best practices derive from collaboration among freedesktop.org spec authors, distribution policy teams at Debian Project, Fedora Project, openSUSE, Arch Linux, Gentoo, Canonical Ltd. and tool maintainers from GNOME Project and KDE e.V.. Recommendations include adhering to XDG Base Directory Specification, providing Desktop Entry Specification-compliant .desktop files, bundling or depending on shared runtimes like glib, libc, libxml2 and libpng per distribution policy, ensuring MIME and icon registration via shared-mime-info and Icon Theme Specification, and enabling automated tests in GitLab CI/CD, GitHub Actions or Jenkins. Security guidance references OpenPGP, sigstore signing, integration with CVE Program workflows and reproducible build practices championed by Reproducible Builds. Collaboration channels include freedesktop.org mailing lists, issue trackers hosted on GitLab, GitHub, and coordination at events like Open Source Summit and Desktop Summit.

Category:Software packaging