The document provides a comprehensive overview of Debian packaging, emphasizing the use of tools like dpkg, apt, and aptitude, which form the core of the package management system in Debian and its derivatives. It details the structure and contents of a Debian package, including control files, data files, and maintainer scripts, while also explaining the steps to create a Debian package from scratch. The conclusion offers a checklist to ensure proper package creation, emphasizing compliance with Debian policies.

1. Debian packaging
…because you’re worth it

2. Why “Debian” packaging?
Debian packaging:
● dpkg for package creation/installation
● apt for package downloading and dependency handling
● aptitude as a higher-level version of apt
● arguably the best package management system in Linux
All Debian-derivative distros use this!
Ubuntu, Lubuntu, Kubuntu, Edubuntu, Xubuntu, Knoppix, Raspbian, Mint, LXLE, Elementary OS, Kali Linux, SteamOS,
Tails, Gparted Live, Elive, Proxmox, Grml….

3. Come on and type-a-long!
- Debian/Ubuntu box?
- local env in VM/Vagrant?
in any case:
apt-get install git fakeroot lintian tree

4. What does a Debian package look like?
Let’s download one.
[name]_[version-distroversion]_[architecture].deb

5. What does a Debian package contain?
Let’s check the contents
…
…
It’s a compressed group of files.
And they are pre-cooked! (installation path, owner, permissions)
But that’s NOT everything in the package...

6. I wanna look closer!
Let’s unpack it

7. I wanna look closer!
Let’s unpack it
Control files:
● Package metadata
● Maintainer’s scripts

8. I wanna look closer!
Let’s unpack it
Data files:
● Actual content
● We already know what this is (remember “dpkg -c” ? Two slides earlier?)

9. I wanna look closer!
Let’s unpack it
Format version:
● Contains which version of the Debian package format this package is using
(it only contains “2.0”)
● You’ll probably never see something else. No need to worry about this.

10. control.tar.gz

11. control.tar.gz The main metadata file. All info about the package is here.
Package: fail2ban
Version: 0.9.1-1
Architecture: all
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Yaroslav Halchenko <debian@onerussian.com>
Installed-Size: 1075
Depends: python3, python3:any (>= 3.3.2-2~), init-system-helpers (>= 1.18~), lsb-base (>= 2.0-
7)
Recommends: iptables, whois, python3-pyinotify
Suggests: mailx, system-log-daemon, python3-systemd
Section: net
Priority: optional
Homepage: http://www.fail2ban.org
Description: ban hosts that cause multiple authentication errors
Fail2ban monitors log files (e.g. /var/log/auth.log,
/var/log/apache/access.log) and temporarily or persistently bans
failure-prone addresses by updating existing firewall rules. Fail2ban allows
easy specification of different actions to be taken such as to ban an
IP using iptables or hostsdeny rules, or simply to send a
notification email.

12. control.tar.gz md5 checksums. Automatically created.
56ce6f9298838bcc3a9f0ba3e67c2917 lib/systemd/system/fail2ban.service
3a318374fa0cb6e07a292b7cdc97f50d usr/bin/fail2ban-client
72d77e966ca17f474de6daef24f83760 usr/bin/fail2ban-regex
0c2a078af6af4bc3fc4ad30e427bee3e usr/bin/fail2ban-server
86c43074af44dccc268750fa7b6f8b05 usr/bin/fail2ban-testcases
2b87fac05ca20d8c82b2dc8039b7e84d usr/lib/python3/dist-packages/fail2ban-0.9.1.egg-info
063c94472e76bee8522af76c7bb83043 usr/lib/python3/dist-packages/fail2ban/__init__.py
1462fa8f21229ca8ce838cad186607d8 usr/lib/python3/dist-packages/fail2ban/client/__init__.py
43c78526e2c53e278c222bfa0203ebca usr/lib/python3/dist-packages/fail2ban/client/actionreader.py
5d3747e822e520751afda04b331670d9 usr/lib/python3/dist-packages/fail2ban/client/beautifier.py
ced2218bc0120e247db682e838c1ad57 usr/lib/python3/dist-
packages/fail2ban/client/configparserinc.py
0ad1ac6cc7d6ccbc7f8fb509d01d6e1e usr/lib/python3/dist-packages/fail2ban/client/configreader.py
b25882f7c058745aaba76c7336cd7dad usr/lib/python3/dist-packages/fail2ban/client/configurator.py
f0fd3691740ec8bc93a74d65e324c35c usr/lib/python3/dist-packages/fail2ban/client/csocket.py

13. control.tar.gz Maintainer scripts. Executed when installing or removing the package.
● preinst:
- executed before installation starts
- maybe clear prev installation leftovers?
● postinst:
- executed as last step of installation
- e.g. change ownership/perms, start service
● prerm:
- first step in package removal
- e.g. stop service
● postrm:
- last step in package removal
- e.g. remove logs

14. control.tar.gz List of configuration files.
Usually anything that resides in /etc
Special rules for these files:
If changed, DO NOT OVERWRITE during package upgrade.
(nobody wants to lose custom configuration after upgrade)
...
/etc/fail2ban/action.d/sendmail-common.conf
/etc/fail2ban/action.d/xarf-login-attack.conf
/etc/fail2ban/action.d/iptables.conf
/etc/fail2ban/action.d/sendmail-whois-lines.conf
/etc/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
/etc/fail2ban/action.d/sendmail-whois-ipmatches.conf
/etc/fail2ban/action.d/ipfw.conf
/etc/fail2ban/action.d/apf.conf
/etc/fail2ban/action.d/badips.conf
/etc/fail2ban/action.d/mail-buffered.conf
/etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf
/etc/fail2ban/action.d/iptables-multiport-log.conf
/etc/fail2ban/action.d/sendmail-buffered.conf
/etc/fail2ban/action.d/osx-afctl.conf
/etc/fail2ban/action.d/dummy.conf
...

15. data.tar.gz

16. data.tar.gz Files to be installed.
Full path is included.
Just ignore the . at the beginning of each file.
Also, permissions!
$ ls -lat etc/fail2ban/*.conf
-rw-r--r-- 1 dtsomp dtsomp 2104 okt 28 2014 etc/fail2ban/fail2ban.conf
-rw-r--r-- 1 dtsomp dtsomp 16866 okt 28 2014 etc/fail2ban/jail.conf
What about the owner?
“fakeroot” assigns root as owner during the creation of the package.
Or, we don’t care at all and just fix it via postinst ;)

17. Enough theory.
Let’s build something.

18. 1. git it!
Clone the packaging tutorial repo
DEBIAN/ control files
DOC/ documentation (man page, licence, etc)
ROOT/ the directory structure with the actual files
target/ will contain the final package
Why not put DOC/* under ROOT, like Debian asks you to?
- Too lazy to find and update files every time. Script copies them over for me.

19. 2. Prepare installation files
Create dir and place the file
Don’t forget the permissions!
0755 for executables, 0644 for others
Is it a configuration file?
Needs to be added in conffiles

20. 3. Metadata and maintainer scripts
Do you need to update the package information?
YES! At least change the name of the package!
Make sure the maintainer’s scripts are up-to-date.
It’s mandatory to have postinst and prerm scripts, even if they don’t do anything
Optional steps:
You know what is cool? Changelogs!
Any changes in copyright or the manual page?

21. 4. Build time?
Wait, wait, wait.
What does this script do?
All the boring bits:
- preflight checks
- creates dir structure
- copies doc, metadata and content (ROOT) to the correct places in the structure
- fixes permissions
- compresses files (yes, some need to be compressed)
- creates the actual package
The actual build command (once everything is in place):
fakeroot makes root owner of all files in the package, no sudo needed:

22. 5. Build it already!
Congratulations!
It’s a package!
Or is it?

23. 6. Basic conformity check
…
Zero? Woohoo! No Errors!
Warnings are OK. But you need to fix Errors.
Now install it!
Did everything went according to plan? :)

24. Conclusions
We built a Debian package!
Is it a *proper* package?
No.
(unsigned, bad changelog format, etc)
Is it a *good enough* package?
Hell yeah!

25. Reference checklist (copied from http://www.tldp.org)
Prerequisite files:
1. one or more binary executable or shell script files
2. a man page for each executable file
3. a 'control' file
4. a 'copyright' file
5. a 'changelog' and 'changelog.Debian' file
Setup temporary 'debian' directories:
1. create 'debian/usr/bin' directory (or wherever you plan to place your executable files)
2. create 'debian/usr/share/man/man1' (or whatever section your man page belongs into)
3. create 'debian/DEBIAN' directory
4. create 'debian/usr/share/doc/<package_name>'
5. make sure all sub directories of 'debian' have file permission 0755
Copy files into temporary 'debian' tree:
1. copy executable file into 'debian/usr/bin' directory (or wherever you plan to place your executable files)
2. copy man page file into 'debian/usr/share/man/man1' directory
3. copy 'control' file into 'debian/DEBIAN' directory
4. copy 'copyright', 'changelog', and 'changelog.Debian' files into 'debian/usr/share/doc/<package_name>'
5. gzip man page, 'copyright', 'changelog', and 'changelog.Debian' files with option '--best' inside the temporary 'debian' tree
Build and check binary Debian package:
1. invoke 'dpkg-deb --build' using 'fakeroot' on the 'debian' directory
2. rename resulting 'debian.deb' file to its final package name including version and architecture information
3. check resulting .deb package file for Debian policy compliance using 'lintian'

26. Reference cheatsheet
●
●
●
●
●
●

27. EOM