2. Why “Debian” packaging?
Debian packaging:
● dpkg for package creation/installation
● apt for package downloading and dependency handling
● aptitude as a higher-level version of apt
● arguably the best package management system in Linux
All Debian-derivative distros use this!
Ubuntu, Lubuntu, Kubuntu, Edubuntu, Xubuntu, Knoppix, Raspbian, Mint, LXLE, Elementary OS, Kali Linux, SteamOS,
Tails, Gparted Live, Elive, Proxmox, Grml….
3. Come on and type-a-long!
- Debian/Ubuntu box?
- local env in VM/Vagrant?
in any case:
apt-get install git fakeroot lintian tree
4. What does a Debian package look like?
Let’s download one.
[name]_[version-distroversion]_[architecture].deb
5. What does a Debian package contain?
Let’s check the contents
…
…
It’s a compressed group of files.
And they are pre-cooked! (installation path, owner, permissions)
But that’s NOT everything in the package...
7. I wanna look closer!
Let’s unpack it
Control files:
● Package metadata
● Maintainer’s scripts
8. I wanna look closer!
Let’s unpack it
Data files:
● Actual content
● We already know what this is (remember “dpkg -c” ? Two slides earlier?)
9. I wanna look closer!
Let’s unpack it
Format version:
● Contains which version of the Debian package format this package is using
(it only contains “2.0”)
● You’ll probably never see something else. No need to worry about this.
11. control.tar.gz The main metadata file. All info about the package is here.
Package: fail2ban
Version: 0.9.1-1
Architecture: all
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Yaroslav Halchenko <debian@onerussian.com>
Installed-Size: 1075
Depends: python3, python3:any (>= 3.3.2-2~), init-system-helpers (>= 1.18~), lsb-base (>= 2.0-
7)
Recommends: iptables, whois, python3-pyinotify
Suggests: mailx, system-log-daemon, python3-systemd
Section: net
Priority: optional
Homepage: http://www.fail2ban.org
Description: ban hosts that cause multiple authentication errors
Fail2ban monitors log files (e.g. /var/log/auth.log,
/var/log/apache/access.log) and temporarily or persistently bans
failure-prone addresses by updating existing firewall rules. Fail2ban allows
easy specification of different actions to be taken such as to ban an
IP using iptables or hostsdeny rules, or simply to send a
notification email.
13. control.tar.gz Maintainer scripts. Executed when installing or removing the package.
● preinst:
- executed before installation starts
- maybe clear prev installation leftovers?
● postinst:
- executed as last step of installation
- e.g. change ownership/perms, start service
● prerm:
- first step in package removal
- e.g. stop service
● postrm:
- last step in package removal
- e.g. remove logs
14. control.tar.gz List of configuration files.
Usually anything that resides in /etc
Special rules for these files:
If changed, DO NOT OVERWRITE during package upgrade.
(nobody wants to lose custom configuration after upgrade)
...
/etc/fail2ban/action.d/sendmail-common.conf
/etc/fail2ban/action.d/xarf-login-attack.conf
/etc/fail2ban/action.d/iptables.conf
/etc/fail2ban/action.d/sendmail-whois-lines.conf
/etc/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
/etc/fail2ban/action.d/sendmail-whois-ipmatches.conf
/etc/fail2ban/action.d/ipfw.conf
/etc/fail2ban/action.d/apf.conf
/etc/fail2ban/action.d/badips.conf
/etc/fail2ban/action.d/mail-buffered.conf
/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
/etc/fail2ban/action.d/iptables-multiport-log.conf
/etc/fail2ban/action.d/sendmail-buffered.conf
/etc/fail2ban/action.d/osx-afctl.conf
/etc/fail2ban/action.d/dummy.conf
...
16. data.tar.gz Files to be installed.
Full path is included.
Just ignore the . at the beginning of each file.
Also, permissions!
$ ls -lat etc/fail2ban/*.conf
-rw-r--r-- 1 dtsomp dtsomp 2104 okt 28 2014 etc/fail2ban/fail2ban.conf
-rw-r--r-- 1 dtsomp dtsomp 16866 okt 28 2014 etc/fail2ban/jail.conf
What about the owner?
“fakeroot” assigns root as owner during the creation of the package.
Or, we don’t care at all and just fix it via postinst ;)
18. 1. git it!
Clone the packaging tutorial repo
DEBIAN/ control files
DOC/ documentation (man page, licence, etc)
ROOT/ the directory structure with the actual files
target/ will contain the final package
Why not put DOC/* under ROOT, like Debian asks you to?
- Too lazy to find and update files every time. Script copies them over for me.
19. 2. Prepare installation files
Create dir and place the file
Don’t forget the permissions!
0755 for executables, 0644 for others
Is it a configuration file?
Needs to be added in conffiles
20. 3. Metadata and maintainer scripts
Do you need to update the package information?
YES! At least change the name of the package!
Make sure the maintainer’s scripts are up-to-date.
It’s mandatory to have postinst and prerm scripts, even if they don’t do anything
Optional steps:
You know what is cool? Changelogs!
Any changes in copyright or the manual page?
21. 4. Build time?
Wait, wait, wait.
What does this script do?
All the boring bits:
- preflight checks
- creates dir structure
- copies doc, metadata and content (ROOT) to the correct places in the structure
- fixes permissions
- compresses files (yes, some need to be compressed)
- creates the actual package
The actual build command (once everything is in place):
fakeroot makes root owner of all files in the package, no sudo needed:
22. 5. Build it already!
Congratulations!
It’s a package!
Or is it?
23. 6. Basic conformity check
…
Zero? Woohoo! No Errors!
Warnings are OK. But you need to fix Errors.
Now install it!
Did everything went according to plan? :)
24. Conclusions
We built a Debian package!
Is it a *proper* package?
No.
(unsigned, bad changelog format, etc)
Is it a *good enough* package?
Hell yeah!
25. Reference checklist (copied from http://www.tldp.org)
Prerequisite files:
1. one or more binary executable or shell script files
2. a man page for each executable file
3. a 'control' file
4. a 'copyright' file
5. a 'changelog' and 'changelog.Debian' file
Setup temporary 'debian' directories:
1. create 'debian/usr/bin' directory (or wherever you plan to place your executable files)
2. create 'debian/usr/share/man/man1' (or whatever section your man page belongs into)
3. create 'debian/DEBIAN' directory
4. create 'debian/usr/share/doc/<package_name>'
5. make sure all sub directories of 'debian' have file permission 0755
Copy files into temporary 'debian' tree:
1. copy executable file into 'debian/usr/bin' directory (or wherever you plan to place your executable files)
2. copy man page file into 'debian/usr/share/man/man1' directory
3. copy 'control' file into 'debian/DEBIAN' directory
4. copy 'copyright', 'changelog', and 'changelog.Debian' files into 'debian/usr/share/doc/<package_name>'
5. gzip man page, 'copyright', 'changelog', and 'changelog.Debian' files with option '--best' inside the temporary 'debian' tree
Build and check binary Debian package:
1. invoke 'dpkg-deb --build' using 'fakeroot' on the 'debian' directory
2. rename resulting 'debian.deb' file to its final package name including version and architecture information
3. check resulting .deb package file for Debian policy compliance using 'lintian'