openSUSE:Shared library packaging policy

Jump to: navigation, search

These guidelines are to provide naming conventions for packages containing shared libraries, usually found in /%_lib or /usr/%_lib (%_libdir). The main rationale is to allow for two or more (incompatible) versions of a shared library, such as and to be independently selectively installable (and trackable by rpm) at the same time without causing RPM conflicts.


This scheme makes it possible to install with the RPM package manager and use multiple shared libraries that share the same name stem but having different SO version (shared object version). Traditionally (pre-10.3), only one particular version of a library was built and shipped, and when the SO version changed, all packages depending on it also needed updating. This becomes a problem especially with packages coming from sources other than the distribution itself, since updated versions may not have been made available yet.

With the following naming and packaging guidelines, each library version becomes a separate installable entity, which allows for their coexistence.

From that follows that only files should be included therein which are not generating file conflicts later if installed together with another libfoo*.rpm. Hence only lib*.so.* files are allowed in them. To ensure that no shared libraries creep in which are not handled, we disallow them to be in any package not named via these rules.

Effectively, this creates a partition of all files into shared libs and others, and makes sure that no rpm package contains files from both partitions.


  • If the shared library in question is a plugin (“module” in libtool nomenclature), the shlib policy does not apply — but do see the hints in the “Plugins” section below.
  • If (and only if) there are no corresponding development files (.so link, .h files, .pc files) and there is therefore no -devel package for the shared library, the library can be considered private and the shlib policy does not apply. (Example: libencfs inside the encfs package as of openSUSE Leap 42.1.) The placement of the library file is up to the maintainer.

Underlying principles

The principle rule of versioning is that removing or changing the ABI in an incompatible way (forwards as well as backwards) requires a new, different SONAME. (With a technique called symbol versioning, the SONAME may be kept on forward-compatible changes, but that is for some other documentation to address.) This task of managing the SONAMEs generally falls to the upstream project, but a openSUSE package maintainer should be aware of it nevertheless, in case upstream does not do its job properly.

There is a utility called abidiff (libabigail-tools package) which can tell whether the ABI changed, and in what ways. It supports reading split-debug files, but only if they are present in /usr/lib/debug.

There are no restrictions for choosing SONAMEs. You will often see names followed by single or triple integers, as in and, but this is not mandatory. It is technically valid to use arbitrary characters and notations. It all comes down to the uniqueness of a SONAME in its surrounding environment. The extent of the uniqueness requirement usually (1.) stretches beyond Linux distributions but (2.) does not cross kernel families (Linux↔*BSD), (3.) does not cross architecture boundaries (e.g. i586↔x86_64), (4.) does not cross object formats (PE↔ELF).

$ readelf -a /usr/lib64/*.so | grep SONAME
0x000000000000000e (SONAME)             Library soname: []
0x000000000000000e (SONAME)             Library soname: []

When there is no SONAME entry, the filename itself is taken as the SONAME.

Versioning schemes

The two most common schemes: Numbers after the .so part are abstract identifiers for the ABI that are decoupled from, and may increment separately from, the package version. Numbers before the .so part are often the package version (or part of it) and are used when the authors expect ABI changes every release and as such do not want to deal with interface identifiers.

Other combinations: The LibreOffice project(s) decided to add the version/generation number (0.3) so that they can have the development files and symlinks of multiple generations installed at the same time. This name suggests either a plugin, or an unfortunate complete lack of versioning.

When there is no versioning

Some source packages may be in a state such that one or more of the following statements apply:

  1. the source may not have any support for building a shared library (for example, is not using libfoo_la targets in, and would need a lot of patching)
  2. the source may have some support for building a shared library, but does not actively support it (for example, (qmake) using "CONFIG = staticlib" which can be switched with a one-line patch)
  3. a shared library with the same SONAME (or no SONAME) is built across different releases despite ABI changes

To rectify this, it is suggested to enter the complete package version into the SONAME, if it is not already present.

  • /usr/lib/libbfd-2.24*.so — The prime method is to add the number before the .so suffix. This is the style preferred by libtool (and can of course be implemented without libtool as well). When using the libtool program, the -release 2.24 flag can be used. The trailing .so.0.0.0 may drop as a result of this, which is ok. This scheme requires no coordination with any other parties, while being universal and portable.
  • /usr/lib/ — An example of where icu-53.1's was extended to instead of going to This is somewhat of a choice, also because different build systems have different hurdles.

Abolishing upstream's SO numbering (if any) and instating a new line of ABI number counting, like Debian does it for some packages (e.g. leads to conflicts with upstream-chosen SONAMEs and should not be attempted unless a unique identifier is added.

If you encounter a package where the ABI of a library is highly dependent on a particular set of configure flags, the SONAME should be extended by a unique identifier. This was for example needed for wxWidgets in SUSE (see bug #939434 for some details), where we have chosen to turn into

Package naming

A library's name, specifically its SONAME, which is used as a base to construct the versioned package name, can be composed of multiple parts (though not all are required). Looking at a full-featured example, a filename like contains:

  • general system prefix lib
  • name of the library: foo-bar
  • package version (optional): -2.5
  • general system suffix for shared libraries: .so
  • SO version (optional): 8.2.1

The distropackage's name is derived from the filename, and is constructed by concatenating:

  • the lib prefix and the name, dots are replaced by underscores
  • if an upstream version is specified, dots are replaced by underscores
  • to avoid ambiguities, a dash is inserted between two numbers
  • the SO version from the SONAME (which may be shorter than the filename), dots are replaced by underscores

All possibilities, with examples mostly taken from openSUSE:

Description SONAME Versioned package name in distro
Nothing (shlib packaging not applicable)
With package version libdb-4_8
With SO version libblkid1
Name that has a number, and SO version libbz2-1
With version and SO version libzziplib-0-13
All together and long SO number libgame2-1_9-10_0_0

N.B.: The astute reader might have noticed that this mapping is not bijective (1:1). The hypothetical filenames and would indeed lead to the same shlib package name (libgame3-1). This is not catered for by this policy, but such a situation has yet to occur in practice. Were such to occur, we would probably choose to patch the second package to produce in place of to resolve the disambiguity.

Unversioned packages

Versioned packages are so called because they include all or part of a version in their name. The antipole to these are unversioned shlib packages for which most of this document does not apply. Examples of such packages are: bind-libs, cups-libs. Ever since the shlib policy was formalized, we seek to avoid or eliminate unversioned shlib packages within the boundaries of common sense — and gut feeling of when to better keep unversioned packages.

Layout of the spec file

The shared library installables are usually a subpackage of a greater .spec file. The Build Service package name and .spec file name generally follow the name of the tarball. For the example of SDL2_image and libHX, it looks like:

Name: SDL2_image
%package -n libSDL2_image-2_0-0
%package devel
Name: libHX
%package -n libHX28
%package devel

Package Contents

  • In general, versioned packages shall not contain anything but the shared library/libraries. No headers, no devel .so symlink, no config files, no documentation, etc.
    • It may contain the license file if so required, and it must be in a versioned directory. (Using "%doc LICENSE" in a specfile's files section usually suffices.)
    • If a versioned shared library package must contain other files than shared libraries for whatever (approved!) reason, their names must be made unambiguous by putting them in a versioned directory or by versioning their names to not conflict with the rationale of this policy. (Example: the libnl3-200 package has a /usr/lib64/libnl3-200 directory.)
    • The (simpler) alternative: have the shlib package require another package (can be unversioned) for such files, if so supported.
  • A versioned package is allowed to ship multiple library files, provided they share the same numbers and these numbers always change in lockstep throughout. (Example: libqt4 package shipping, etc.)
    • If one of the contained libraries does not create a dependency on all or most other contained libraries, then it is preferred to not merge those libraries into one rpm, but leave them in their own rpm. Consider installation size.
  • All unsuffixed packages named lib* end with $NUM
    • Common suffixes include e.g. -devel or -debuginfo
  • Packages with suffix -devel should in general omit $NUM as -devel packages for different library versions usually conflict due to common header file names. See (4a) and (4b) for how it works otherwise.
  • Files needed to develop programs using shared libraries contained in lib$NAME$NUM.rpm are packaged in a -devel package (see (4a) and (4b) for cases that need to version this package). Those files include lib*.so, lib*.la and all headers. Optionally those files can also be placed in $NAME.rpm, in the case that it also comes with other tools or documentation. But if there is a *-devel.rpm package, then it contains all lib*.so, lib*.la and headers. The -devel package is also an appropriate place to put license files.
  • lib$NAME$NUM.rpm should not be needed to be manually installed by any user. The correct rpm group for such packages i System/Libraries

Best Practices

The following are guidelines for library packaging in general:

  • Avoid packaging static libraries. You should use --disable-static configure option or, as a last resort, remove static libraries after make install. If in doubt, ask.
  • If you package a static library in addition to a shared library, the static library should normally not be built with -fPIC if possible (remove the --with-pic configure option).
  • If you package a static library without a corresponding shared library, the static library must be built with -fPIC (add --with-pic.
  • Avoid packaging libtool config files (.la files). If you do not package a static library, and if you are also placing the shared library in a standard search directory (i.e. %_lib, /usr/%_lib), they will not be needed. If your shared library resides — for whatever reason — in, for example, /opt/package/lib/, you do need the file, or further programs using libtool to link against will be lacking the correct path.
  • If in doubt, ask.
  • Shared libraries are normally not standalone runnable (exception: and But they often have the +x bit set!


  • (2) A list of packages that are exempt from this policy is: (to be extended with explicit approval only)
    • glibc
    • pam
  • (4a) If more than one version of a library is available from a single source repository, even conflicting -devel packages need to be suffixed to avoid multiple packages with the same package name. Proper conflicts need to be added in this case as well.
  • (4b) If more than one version of a -devel package can be installed at the same time (for example because includes are packaged in a versioned directory and shared libraries have a versioned name like, the -devel packages should be suffixed with a number that allows identifying the version of the library (usually this is the same number as the shared library package suffix $NUM). So such a -devel package would be named lib$NAME$NUM-devel.


Plugins in the form of a shared library should be in a subdirectory in %_libdir appropriate for the program. (Example: %_libdir/apache2/

In automake (since 0.25), the ${pkglibdir} variable is available for this purpose. It defaults to ${libdir}/${PACKAGE} and therefore may need to be overriden if the plugin is shipped in a tarball separate from the program's main source.

Plugins in the form of executables should be in a subdirectory in %_libexecdir appropriate for the program. (Example: %_libexecdir/cups/filter/pdftops).

In automake (since 1.10b), the ${pkglibexecdir} variable is available for this purpose.


You should remember the following while trying to conform to this policy:

  • There is no reason why a -devel package cannot provide development files for multiple shared library packages.
  • There is no need to have a binary package that matches the source package name. In fact, you should avoid renaming the source package for different versions as we prefer to only have a single package version in the source repository.
  • Dependencies on the shared library package result either from automatic dependencies created by rpm on the shared libraries if they are used, or from the single other case, the library -devel package, which should require the shared library package with a properly versioned requires.
  • This policy and its enforcement only is about shared library packages and shared libraries placed in /%_lib or /usr/%_lib. Rules that apply to other parts are only best practices and policies for them may exist elsewhere.

Removing obsolete shared library packages

For libraries that change the SONAME frequently, updates will cause multiple versions of the library to be installed in parallel, even if no other packages depend on older versions. This is no problem, because zypper dup cleans out unneeded shared library packages on a regular basis. This works through "Provides: weakremover(...)" dependencies in the package openSUSE-release. These dependencies are created automatically by a bot on the build service. When zypper dup encounters a weakremover dependency for some shared library, and no other installed package depends on that shared library, it will remove the package.


The simplest example is a source package which builds a single shared library and development files (the zlib package matches this example). The source package should be names according upstream tarball (zlib, see Naming guidelines and Layout of the specfile) and resulting binary package has to be named libz1 and zlib-devel (libz-devel would be acceptable). You can omit the %files section for main package, therefor no zlib.rpm will be generated.


Name: zlib
%package -n libz1
%package devel

with the following contents (file list shortened),





A more complicated example is if apart from the library and the development files there are also executables and documentation (the bzip2 package matches this example). There should be four packages (file list shortened),









where documentation may be either merged into the binary package bzip2 or the development package libbz2-devel, if it is sufficiently small and related.

Another example is a library which depends on configuration or data files that can be shared with other versions of the library (the curl package matches this example). In this case, the config or data files should be split into a separate package and the shared library package should require that. For example, curl has the four packages libcurl4, libcurl-devel, curl and curl-ca-bundle (CA certificates required by libcurl4).

Windows/MinGW packages

Everything what has been mentioned above can also be readily applied to packages containing Dynamic Link Libraries, Windows's implementation of shared libraries. This is mostly relevant for the projects rooted in the "windows" project on The highlights:

  • DLLs are placed in /usr/platform/sys-root/mingw/bin.
  • The SONAME for a library is usually in the form of libfoo-2.dll. The composition is:
    • general system prefix lib
    • name of the library foo-bar
    • package version (optional): -2.5
    • SO version (optional): -8
    • system suffix for shared libraries (required): .dll
  • Like on the BSD platform(s), the libtool naming for Windows DLLs only contains the major number. (see table above)

Name transformation matrix:

Description SONAME Versioned package name in distro
Nothing libdsocks.dll (shlib packaging not applicable)
With package version libdb-4.8.dll libdb-4_8
With SO version libblkid-1.dll libblkid1
Name that has a number, and SO version libbz2-1.dll libbz2-1
With version and SO version libzziplib-0-13.dll libzziplib-0-13
All together and long SO number libgame2-1.9-10.0.0.dll libgame2-1_9-10_0_0

Projects may decide to prepend the mingw{32,64} identifier into the package name to avoid conflicts with native packages. You will therefore see names like mingw64-libHX28, for example.

Some libraries are built without the use of libtool, which may make it ambiguous at times as to which part constitutes the -release number and the -version-info. Examples and their resolutions:

  • libmwaw-0.1.dll ( on Linux); given the corresponding Linux name, "libmwaw-0.1" is the clear basename, and the DLL is unversioned. The package name is therefore libmwaw-0_1.
  • libnettle-4-6.dll ( on Linux); while dashes are technically possible in SONAMEs, they are practically non-existant. Chose /-(\d+).dll/ for SO number, making the base name "libnettle-4". The package name is therefore libnettle-4-6, rather than libnettle4-6.