27
Debian packaging …because you’re worth it

Debian packaging

Embed Size (px)

Citation preview

Page 1: Debian packaging

Debian packaging…because you’re worth it

Page 2: Debian packaging

Why “Debian” packaging? Debian packaging:

● dpkg for package creation/installation● apt for package downloading and dependency handling● aptitude as a higher-level version of apt● arguably the best package management system in Linux

All Debian-derivative distros use this!

Ubuntu, Lubuntu, Kubuntu, Edubuntu, Xubuntu, Knoppix, Raspbian, Mint, LXLE, Elementary OS, Kali Linux, SteamOS, Tails, Gparted Live, Elive, Proxmox, Grml….

Page 3: Debian packaging

Come on and type-a-long!- Debian/Ubuntu box?- local env in VM/Vagrant?

in any case:apt-get install git fakeroot lintian tree

Page 4: Debian packaging

What does a Debian package look like?Let’s download one.

[name]_[version-distroversion]_[architecture].deb

Page 5: Debian packaging

What does a Debian package contain?Let’s check the contents

It’s a compressed group of files.And they are pre-cooked! (installation path, owner, permissions)

But that’s NOT everything in the package...

Page 6: Debian packaging

I wanna look closer!Let’s unpack it

Page 7: Debian packaging

I wanna look closer!Let’s unpack it

Control files:

● Package metadata● Maintainer’s scripts

Page 8: Debian packaging

I wanna look closer!Let’s unpack it

Data files:

● Actual content● We already know what this is (remember “dpkg -c” ? Two slides earlier?)

Page 9: Debian packaging

I wanna look closer!Let’s unpack it

Format version:

● Contains which version of the Debian package format this package is using(it only contains “2.0”)

● You’ll probably never see something else. No need to worry about this.

Page 10: Debian packaging

control.tar.gz

Page 11: Debian packaging

control.tar.gz The main metadata file. All info about the package is here.

Package: fail2banVersion: 0.9.1-1Architecture: allMaintainer: Ubuntu Developers <[email protected]>Original-Maintainer: Yaroslav Halchenko <[email protected]>Installed-Size: 1075Depends: python3, python3:any (>= 3.3.2-2~), init-system-helpers (>= 1.18~), lsb-base (>= 2.0-7)Recommends: iptables, whois, python3-pyinotifySuggests: mailx, system-log-daemon, python3-systemdSection: netPriority: optionalHomepage: http://www.fail2ban.orgDescription: ban hosts that cause multiple authentication errors Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

Page 12: Debian packaging

control.tar.gz md5 checksums. Automatically created.

56ce6f9298838bcc3a9f0ba3e67c2917 lib/systemd/system/fail2ban.service3a318374fa0cb6e07a292b7cdc97f50d usr/bin/fail2ban-client72d77e966ca17f474de6daef24f83760 usr/bin/fail2ban-regex0c2a078af6af4bc3fc4ad30e427bee3e usr/bin/fail2ban-server86c43074af44dccc268750fa7b6f8b05 usr/bin/fail2ban-testcases2b87fac05ca20d8c82b2dc8039b7e84d usr/lib/python3/dist-packages/fail2ban-0.9.1.egg-info063c94472e76bee8522af76c7bb83043 usr/lib/python3/dist-packages/fail2ban/__init__.py1462fa8f21229ca8ce838cad186607d8 usr/lib/python3/dist-packages/fail2ban/client/__init__.py43c78526e2c53e278c222bfa0203ebca usr/lib/python3/dist-packages/fail2ban/client/actionreader.py5d3747e822e520751afda04b331670d9 usr/lib/python3/dist-packages/fail2ban/client/beautifier.pyced2218bc0120e247db682e838c1ad57 usr/lib/python3/dist-packages/fail2ban/client/configparserinc.py0ad1ac6cc7d6ccbc7f8fb509d01d6e1e usr/lib/python3/dist-packages/fail2ban/client/configreader.pyb25882f7c058745aaba76c7336cd7dad usr/lib/python3/dist-packages/fail2ban/client/configurator.pyf0fd3691740ec8bc93a74d65e324c35c usr/lib/python3/dist-packages/fail2ban/client/csocket.py

Page 13: Debian packaging

control.tar.gz Maintainer scripts. Executed when installing or removing the package.

● preinst:- executed before installation starts - maybe clear prev installation leftovers?

● postinst:- executed as last step of installation- e.g. change ownership/perms, start service

● prerm:- first step in package removal - e.g. stop service

● postrm: - last step in package removal- e.g. remove logs

Page 14: Debian packaging

control.tar.gz List of configuration files.Usually anything that resides in /etc

Special rules for these files:If changed, DO NOT OVERWRITE during package upgrade.(nobody wants to lose custom configuration after upgrade)

.../etc/fail2ban/action.d/sendmail-common.conf/etc/fail2ban/action.d/xarf-login-attack.conf/etc/fail2ban/action.d/iptables.conf/etc/fail2ban/action.d/sendmail-whois-lines.conf/etc/fail2ban/action.d/sendmail-whois-ipjailmatches.conf/etc/fail2ban/action.d/sendmail-whois-ipmatches.conf/etc/fail2ban/action.d/ipfw.conf/etc/fail2ban/action.d/apf.conf/etc/fail2ban/action.d/badips.conf/etc/fail2ban/action.d/mail-buffered.conf/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf/etc/fail2ban/action.d/iptables-multiport-log.conf/etc/fail2ban/action.d/sendmail-buffered.conf/etc/fail2ban/action.d/osx-afctl.conf/etc/fail2ban/action.d/dummy.conf...

Page 15: Debian packaging

data.tar.gz

Page 16: Debian packaging

data.tar.gz Files to be installed.Full path is included.Just ignore the . at the beginning of each file.

Also, permissions!

$ ls -lat etc/fail2ban/*.conf-rw-r--r-- 1 dtsomp dtsomp 2104 okt 28 2014 etc/fail2ban/fail2ban.conf-rw-r--r-- 1 dtsomp dtsomp 16866 okt 28 2014 etc/fail2ban/jail.conf

What about the owner?

“fakeroot” assigns root as owner during the creation of the package.Or, we don’t care at all and just fix it via postinst ;)

Page 17: Debian packaging

Enough theory.

Let’s build something.

Page 18: Debian packaging

1. git it!Clone the packaging tutorial repo

DEBIAN/ control filesDOC/ documentation (man page, licence, etc) ROOT/ the directory structure with the actual filestarget/ will contain the final package

Why not put DOC/* under ROOT, like Debian asks you to?- Too lazy to find and update files every time. Script copies them over for me.

Page 19: Debian packaging

2. Prepare installation filesCreate dir and place the file

Don’t forget the permissions!0755 for executables, 0644 for others

Is it a configuration file?Needs to be added in conffiles

Page 20: Debian packaging

3. Metadata and maintainer scriptsDo you need to update the package information?YES! At least change the name of the package!

Make sure the maintainer’s scripts are up-to-date.It’s mandatory to have postinst and prerm scripts, even if they don’t do anything

Optional steps:

You know what is cool? Changelogs!

Any changes in copyright or the manual page?

Page 21: Debian packaging

4. Build time?

Wait, wait, wait.What does this script do?

All the boring bits:- preflight checks- creates dir structure- copies doc, metadata and content (ROOT) to the correct places in the structure- fixes permissions- compresses files (yes, some need to be compressed)- creates the actual package

The actual build command (once everything is in place):

fakeroot makes root owner of all files in the package, no sudo needed:

Page 22: Debian packaging

5. Build it already!

Congratulations!It’s a package!

Or is it?

Page 23: Debian packaging

6. Basic conformity check

Zero? Woohoo! No Errors!Warnings are OK. But you need to fix Errors.Now install it!

Did everything went according to plan? :)

Page 24: Debian packaging

ConclusionsWe built a Debian package!

Is it a *proper* package? No.(unsigned, bad changelog format, etc)

Is it a *good enough* package?Hell yeah!

Page 25: Debian packaging

Reference checklist (copied from http://www.tldp.org)

Prerequisite files:1. one or more binary executable or shell script files2. a man page for each executable file3. a 'control' file4. a 'copyright' file5. a 'changelog' and 'changelog.Debian' file

Setup temporary 'debian' directories: 1. create 'debian/usr/bin' directory (or wherever you plan to place your executable files)2. create 'debian/usr/share/man/man1' (or whatever section your man page belongs into)3. create 'debian/DEBIAN' directory4. create 'debian/usr/share/doc/<package_name>'5. make sure all sub directories of 'debian' have file permission 0755

Copy files into temporary 'debian' tree: 1. copy executable file into 'debian/usr/bin' directory (or wherever you plan to place your executable files)2. copy man page file into 'debian/usr/share/man/man1' directory3. copy 'control' file into 'debian/DEBIAN' directory4. copy 'copyright', 'changelog', and 'changelog.Debian' files into 'debian/usr/share/doc/<package_name>'5. gzip man page, 'copyright', 'changelog', and 'changelog.Debian' files with option '--best' inside the temporary 'debian' tree

Build and check binary Debian package: 1. invoke 'dpkg-deb --build' using 'fakeroot' on the 'debian' directory2. rename resulting 'debian.deb' file to its final package name including version and architecture information3. check resulting .deb package file for Debian policy compliance using 'lintian'

Page 26: Debian packaging

Reference cheatsheet●●●●

●●

http://www.tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/
http://www.tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html
Page 27: Debian packaging

EOM

mailto:[email protected]
mailto:[email protected]

Advanced Usage of the Debian Packaging System

Advanced Usage of the Debian Packaging System

Technology
Healthy CDDs - Strategies for building a Custom Debian ...tille/debian-med/talks/200808_med/debia… · Strategies for building a Custom Debian Distribution Andreas Tille Debian Conference

Healthy CDDs - Strategies for building a Custom Debian ...tille/debian-med/talks/200808_med/debia… · Strategies for building a Custom Debian Distribution Andreas Tille Debian Conference

Documents
debian installation

debian installation

Documents
Debian Packaging Tutorial - packaging-tutorial.en.pdf

Debian Packaging Tutorial - packaging-tutorial.en.pdf

Documents
Debian GNULinux

Debian GNULinux

Documents
Debian Handbook

Debian Handbook

Documents
Guide Debian

Guide Debian

Documents
Debian Edu / Skolelinux Jessie 8+edu0 Manualmaintainer.skolelinux.org/debian-edu-doc/en/debian-edu-jessie... · CONTENTS CONTENTS Contents 1 Manual for Debian Edu 8+edu0 Codename

Debian Edu / Skolelinux Jessie 8+edu0 Manualmaintainer.skolelinux.org/debian-edu-doc/en/debian-edu-jessie... · CONTENTS CONTENTS Contents 1 Manual for Debian Edu 8+edu0 Codename

Documents
Debian Reference.en

Debian Reference.en

Documents
Empaquetado Debian

Empaquetado Debian

Technology
Debian Packaging - linux.thai.netthep/docs/debian/packaging/deb-packaging.pdf · Debian Packaging Theppitak Karoonboonyanan thep@debian.org Debian Developer 7 September 2011

Debian Packaging - linux.thai.netthep/docs/debian/packaging/deb-packaging.pdf · Debian Packaging Theppitak Karoonboonyanan [email protected] Debian Developer 7 September 2011

Documents
Debian TipsAndTricks

Debian TipsAndTricks

Documents
Debian Reference

Debian Reference

Documents
Formation Debian

Formation Debian

Documents
Ultimate Debian Database: data mining Debian made easy!

Ultimate Debian Database: data mining Debian made easy!

Documents
OSM applications in the Debian GIS project - How Debian ...tille/talks/20140711_lsm_osm/debian-osm.pdf · OSM applications in the Debian GIS project How Debian supports OpenStreetMap

OSM applications in the Debian GIS project - How Debian ...tille/talks/20140711_lsm_osm/debian-osm.pdf · OSM applications in the Debian GIS project How Debian supports OpenStreetMap

Documents
Securing Debian Manual - Debian -- The Universal Operating System

Securing Debian Manual - Debian -- The Universal Operating System

Documents
Install Debian

Install Debian

Documents
Packaging? (Teil 1) - people.debian.orgtille/talks/200609_mpi/schulung1.pdf · Packaging? Einleitung Informationen Voraussetzungen Von Download bis Upload Software finden debian

Packaging? (Teil 1) - people.debian.orgtille/talks/200609_mpi/schulung1.pdf · Packaging? Einleitung Informationen Voraussetzungen Von Download bis Upload Software finden debian

Documents
Debian Cloud - building the Debian AMIs

Debian Cloud - building the Debian AMIs

Software
Debian Faq

Debian Faq

Documents
Packaging Samba for Debian Samba for Debian. ... – Including the full AD DC ... server – Debian continues using ntvfs so as not to have to ship an

Packaging Samba for Debian Samba for Debian. ... – Including the full AD DC ... server – Debian continues using ntvfs so as not to have to ship an

Documents
Debian Packaging tutorial

Debian Packaging tutorial

Technology
Workshop Debian

Workshop Debian

Documents
Debian-Based Distributions Typically use an APT (Advanced Packaging Tool) package client to install/update applications as well as install either.deb

Debian-Based Distributions Typically use an APT (Advanced Packaging Tool) package client to install/update applications as well as install either.deb

Documents
Debian Accessibility Blend - Accessibility made easy using pure Debian

Debian Accessibility Blend - Accessibility made easy using pure Debian

Documents
An Introduction to Debian Packaging

An Introduction to Debian Packaging

Documents
The Debian Project - aurel32.net · The Debian Project Aurelien Jarno What is Debian? Organisation The Debian Foundations Structure ... June 2005: Sarge (3.1), 15,390 packages, 970

The Debian Project - aurel32.net · The Debian Project Aurelien Jarno What is Debian? Organisation The Debian Foundations Structure ... June 2005: Sarge (3.1), 15,390 packages, 970

Documents
Debian Server

Debian Server

Education
Manual Debian

Manual Debian

Documents