Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Debian packaging
…because you’re worth it
Why “Debian” packaging?
Debian packaging:
● dpkg for package creation/installation
● apt for package downloading and depen...
Come on and type-a-long!
- Debian/Ubuntu box?
- local env in VM/Vagrant?
in any case:
apt-get install git fakeroot lintian...
What does a Debian package look like?
Let’s download one.
[name]_[version-distroversion]_[architecture].deb
What does a Debian package contain?
Let’s check the contents
…
…
It’s a compressed group of files.
And they are pre-cooked...
I wanna look closer!
Let’s unpack it
I wanna look closer!
Let’s unpack it
Control files:
● Package metadata
● Maintainer’s scripts
I wanna look closer!
Let’s unpack it
Data files:
● Actual content
● We already know what this is (remember “dpkg -c” ? Two...
I wanna look closer!
Let’s unpack it
Format version:
● Contains which version of the Debian package format this package is...
control.tar.gz
control.tar.gz The main metadata file. All info about the package is here.
Package: fail2ban
Version: 0.9.1-1
Architecture...
control.tar.gz md5 checksums. Automatically created.
56ce6f9298838bcc3a9f0ba3e67c2917 lib/systemd/system/fail2ban.service
...
control.tar.gz Maintainer scripts. Executed when installing or removing the package.
● preinst:
- executed before installa...
control.tar.gz List of configuration files.
Usually anything that resides in /etc
Special rules for these files:
If change...
data.tar.gz
data.tar.gz Files to be installed.
Full path is included.
Just ignore the . at the beginning of each file.
Also, permissio...
Enough theory.
Let’s build something.
1. git it!
Clone the packaging tutorial repo
DEBIAN/ control files
DOC/ documentation (man page, licence, etc)
ROOT/ the d...
2. Prepare installation files
Create dir and place the file
Don’t forget the permissions!
0755 for executables, 0644 for o...
3. Metadata and maintainer scripts
Do you need to update the package information?
YES! At least change the name of the pac...
4. Build time?
Wait, wait, wait.
What does this script do?
All the boring bits:
- preflight checks
- creates dir structure...
5. Build it already!
Congratulations!
It’s a package!
Or is it?
6. Basic conformity check
…
Zero? Woohoo! No Errors!
Warnings are OK. But you need to fix Errors.
Now install it!
Did ever...
Conclusions
We built a Debian package!
Is it a *proper* package?
No.
(unsigned, bad changelog format, etc)
Is it a *good e...
Reference checklist (copied from http://www.tldp.org)
Prerequisite files:
1. one or more binary executable or shell script...
Reference cheatsheet
●
●
●
●
●
●
EOM
Upcoming SlideShare
Loading in …5
×

Debian packaging

250 views

Published on

Quick intro to Debian packaging, part of in-house workshop.
Repository used for the workshop: https://github.com/dtsomp/howto_dpkg

Published in: Software
  • Be the first to comment

  • Be the first to like this

Debian packaging

  1. 1. Debian packaging …because you’re worth it
  2. 2. Why “Debian” packaging? Debian packaging: ● dpkg for package creation/installation ● apt for package downloading and dependency handling ● aptitude as a higher-level version of apt ● arguably the best package management system in Linux All Debian-derivative distros use this! Ubuntu, Lubuntu, Kubuntu, Edubuntu, Xubuntu, Knoppix, Raspbian, Mint, LXLE, Elementary OS, Kali Linux, SteamOS, Tails, Gparted Live, Elive, Proxmox, Grml….
  3. 3. Come on and type-a-long! - Debian/Ubuntu box? - local env in VM/Vagrant? in any case: apt-get install git fakeroot lintian tree
  4. 4. What does a Debian package look like? Let’s download one. [name]_[version-distroversion]_[architecture].deb
  5. 5. What does a Debian package contain? Let’s check the contents … … It’s a compressed group of files. And they are pre-cooked! (installation path, owner, permissions) But that’s NOT everything in the package...
  6. 6. I wanna look closer! Let’s unpack it
  7. 7. I wanna look closer! Let’s unpack it Control files: ● Package metadata ● Maintainer’s scripts
  8. 8. I wanna look closer! Let’s unpack it Data files: ● Actual content ● We already know what this is (remember “dpkg -c” ? Two slides earlier?)
  9. 9. I wanna look closer! Let’s unpack it Format version: ● Contains which version of the Debian package format this package is using (it only contains “2.0”) ● You’ll probably never see something else. No need to worry about this.
  10. 10. control.tar.gz
  11. 11. control.tar.gz The main metadata file. All info about the package is here. Package: fail2ban Version: 0.9.1-1 Architecture: all Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Yaroslav Halchenko <debian@onerussian.com> Installed-Size: 1075 Depends: python3, python3:any (>= 3.3.2-2~), init-system-helpers (>= 1.18~), lsb-base (>= 2.0- 7) Recommends: iptables, whois, python3-pyinotify Suggests: mailx, system-log-daemon, python3-systemd Section: net Priority: optional Homepage: http://www.fail2ban.org Description: ban hosts that cause multiple authentication errors Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.
  12. 12. control.tar.gz md5 checksums. Automatically created. 56ce6f9298838bcc3a9f0ba3e67c2917 lib/systemd/system/fail2ban.service 3a318374fa0cb6e07a292b7cdc97f50d usr/bin/fail2ban-client 72d77e966ca17f474de6daef24f83760 usr/bin/fail2ban-regex 0c2a078af6af4bc3fc4ad30e427bee3e usr/bin/fail2ban-server 86c43074af44dccc268750fa7b6f8b05 usr/bin/fail2ban-testcases 2b87fac05ca20d8c82b2dc8039b7e84d usr/lib/python3/dist-packages/fail2ban-0.9.1.egg-info 063c94472e76bee8522af76c7bb83043 usr/lib/python3/dist-packages/fail2ban/__init__.py 1462fa8f21229ca8ce838cad186607d8 usr/lib/python3/dist-packages/fail2ban/client/__init__.py 43c78526e2c53e278c222bfa0203ebca usr/lib/python3/dist-packages/fail2ban/client/actionreader.py 5d3747e822e520751afda04b331670d9 usr/lib/python3/dist-packages/fail2ban/client/beautifier.py ced2218bc0120e247db682e838c1ad57 usr/lib/python3/dist- packages/fail2ban/client/configparserinc.py 0ad1ac6cc7d6ccbc7f8fb509d01d6e1e usr/lib/python3/dist-packages/fail2ban/client/configreader.py b25882f7c058745aaba76c7336cd7dad usr/lib/python3/dist-packages/fail2ban/client/configurator.py f0fd3691740ec8bc93a74d65e324c35c usr/lib/python3/dist-packages/fail2ban/client/csocket.py
  13. 13. control.tar.gz Maintainer scripts. Executed when installing or removing the package. ● preinst: - executed before installation starts - maybe clear prev installation leftovers? ● postinst: - executed as last step of installation - e.g. change ownership/perms, start service ● prerm: - first step in package removal - e.g. stop service ● postrm: - last step in package removal - e.g. remove logs
  14. 14. control.tar.gz List of configuration files. Usually anything that resides in /etc Special rules for these files: If changed, DO NOT OVERWRITE during package upgrade. (nobody wants to lose custom configuration after upgrade) ... /etc/fail2ban/action.d/sendmail-common.conf /etc/fail2ban/action.d/xarf-login-attack.conf /etc/fail2ban/action.d/iptables.conf /etc/fail2ban/action.d/sendmail-whois-lines.conf /etc/fail2ban/action.d/sendmail-whois-ipjailmatches.conf /etc/fail2ban/action.d/sendmail-whois-ipmatches.conf /etc/fail2ban/action.d/ipfw.conf /etc/fail2ban/action.d/apf.conf /etc/fail2ban/action.d/badips.conf /etc/fail2ban/action.d/mail-buffered.conf /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf /etc/fail2ban/action.d/iptables-multiport-log.conf /etc/fail2ban/action.d/sendmail-buffered.conf /etc/fail2ban/action.d/osx-afctl.conf /etc/fail2ban/action.d/dummy.conf ...
  15. 15. data.tar.gz
  16. 16. data.tar.gz Files to be installed. Full path is included. Just ignore the . at the beginning of each file. Also, permissions! $ ls -lat etc/fail2ban/*.conf -rw-r--r-- 1 dtsomp dtsomp 2104 okt 28 2014 etc/fail2ban/fail2ban.conf -rw-r--r-- 1 dtsomp dtsomp 16866 okt 28 2014 etc/fail2ban/jail.conf What about the owner? “fakeroot” assigns root as owner during the creation of the package. Or, we don’t care at all and just fix it via postinst ;)
  17. 17. Enough theory. Let’s build something.
  18. 18. 1. git it! Clone the packaging tutorial repo DEBIAN/ control files DOC/ documentation (man page, licence, etc) ROOT/ the directory structure with the actual files target/ will contain the final package Why not put DOC/* under ROOT, like Debian asks you to? - Too lazy to find and update files every time. Script copies them over for me.
  19. 19. 2. Prepare installation files Create dir and place the file Don’t forget the permissions! 0755 for executables, 0644 for others Is it a configuration file? Needs to be added in conffiles
  20. 20. 3. Metadata and maintainer scripts Do you need to update the package information? YES! At least change the name of the package! Make sure the maintainer’s scripts are up-to-date. It’s mandatory to have postinst and prerm scripts, even if they don’t do anything Optional steps: You know what is cool? Changelogs! Any changes in copyright or the manual page?
  21. 21. 4. Build time? Wait, wait, wait. What does this script do? All the boring bits: - preflight checks - creates dir structure - copies doc, metadata and content (ROOT) to the correct places in the structure - fixes permissions - compresses files (yes, some need to be compressed) - creates the actual package The actual build command (once everything is in place): fakeroot makes root owner of all files in the package, no sudo needed:
  22. 22. 5. Build it already! Congratulations! It’s a package! Or is it?
  23. 23. 6. Basic conformity check … Zero? Woohoo! No Errors! Warnings are OK. But you need to fix Errors. Now install it! Did everything went according to plan? :)
  24. 24. Conclusions We built a Debian package! Is it a *proper* package? No. (unsigned, bad changelog format, etc) Is it a *good enough* package? Hell yeah!
  25. 25. Reference checklist (copied from http://www.tldp.org) Prerequisite files: 1. one or more binary executable or shell script files 2. a man page for each executable file 3. a 'control' file 4. a 'copyright' file 5. a 'changelog' and 'changelog.Debian' file Setup temporary 'debian' directories: 1. create 'debian/usr/bin' directory (or wherever you plan to place your executable files) 2. create 'debian/usr/share/man/man1' (or whatever section your man page belongs into) 3. create 'debian/DEBIAN' directory 4. create 'debian/usr/share/doc/<package_name>' 5. make sure all sub directories of 'debian' have file permission 0755 Copy files into temporary 'debian' tree: 1. copy executable file into 'debian/usr/bin' directory (or wherever you plan to place your executable files) 2. copy man page file into 'debian/usr/share/man/man1' directory 3. copy 'control' file into 'debian/DEBIAN' directory 4. copy 'copyright', 'changelog', and 'changelog.Debian' files into 'debian/usr/share/doc/<package_name>' 5. gzip man page, 'copyright', 'changelog', and 'changelog.Debian' files with option '--best' inside the temporary 'debian' tree Build and check binary Debian package: 1. invoke 'dpkg-deb --build' using 'fakeroot' on the 'debian' directory 2. rename resulting 'debian.deb' file to its final package name including version and architecture information 3. check resulting .deb package file for Debian policy compliance using 'lintian'
  26. 26. Reference cheatsheet ● ● ● ● ● ●
  27. 27. EOM

×