Directory /var/lib/dpkg/info/ contains package related files. For each package, its conffiles, md5sums, preinst, postinst, prerm, postrm, list of installed files, etc are kept there.
dpkg-dev
debian/files: "The list of generated files which are part of the upload being prepared."
.changes: upload control file
dpkg-buildpackage
build binary or source packages from sources
dpkg-architecture: set and determine the architecture for package building
dpkg-checkbuilddeps: check build dependencies and conflicts. By default, debian/control is read.
dpkg-distaddfile: adds an entry for a named file to debian/files.
dpkg-genchanges:
dpkg-gencontrol: generate Debian control files
dpkg-gensymbols:
dpkg-name
dpkg-scanpackages: create Packages index files
dpkg-scansources: create Sources index files
dpkg-shlibdeps
dpkg-source: packs and unpacks Debian source archives.
dpkg-vendor: query vendor information
dpkg-parsechangelog: get changelog information
Vendor
/etc/dpkg/origins/default
devscripts
debchange
debhelper
dh-make
This package is useful when you have a regular source package (not debian source package) and want to debianlize it.
dh_make must be invoked within a directory containing the source code, which must be named <packagename>-<version>. The <packagename> must be all lowercase, digits and dashes.
As I mentioned, there are two types of debian source packages – native and non-native.
For non-native package, obviously you need the original source tree. The reason is that the original source tree is needed to deb tools to generate diff. dh_make makes sure original source tarball(<packagename>_<version>.orig.tar.gz) exists.
Option –f can be used to specify location of the tarball.
If –f is not given, dh_make searches parent directory for file <packagename>_<version>.orig.tar.gz and directory <packagename>_<version>.orig. If either of them exists, it will be fine. If neither exists, dh_make will complain and exit.
If you want to create a original source tarball based on the code in current directory, use option "—createorig". Then current directory is copied to <packagename>_<version>.orig in parent directory.
key: public key
secret: private key
Trusted pub keys are stored in file /etc/apt/trusted.gpg (not /etc/apt/trustdb.gpg)
apt-key list
gpg --recv-keys --keyserver keyserver.ubuntu.com key_ID_here;
gpg --export --armor key_ID_here | sudo apt-key add -
http://wiki.debian.org/SecureApt
https://help.ubuntu.com/community/SecureApt
Downloaded deb packages are stored at /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.
Low-level understanding
Deb binary package format
man deb
The manual describes debian binary package format
deb package is
ar archive. So you can read content of a deb package using command:
ar tf pkg_name.deb
On my machine, the output is
debian-binary
control.tar.gz
data.tar.gz
Extract content of a deb pkg using command:
ar xof pkg_name.deb
Deb control
control.tar.gz is a control file. Its format is deb-control.
"It is a gzipped tar archive containing the package control information, as a series of plain files, of which the file control is mandatory and contains the core control information."
Use command tar zvxf control.tar.gz to extract control files. The most important file is control. The format of the file is described in man deb-control.
conffiles: this file lists all configuration files used by this package.
control:
md5sums
postinst
postrm
preinst
prerm
Deb data
"It contains the filesystem as a tar archive, either not compressed".
High-level understanding
Ubuntu provides some tools to make it more convenient to manipulate deb package so that users don't need to use ar, tar, etc to extract files/information manually.
First, command dpkg-deb comes really handy
dpkg-deb –I: provides information of a deb pkg. (Extracts info from file control)
dpkg-deb –c: list content of the package. (Extracts info from data.tar.gz)
dpkg-deb –x: extract a deb archive
dpkg-deb –X: extract a deb archive and print list of extracted files.
dpkg-deb –e: extract control information to DEBIAN directory if not specified.
(Extract files from control.tar.gz)
Deb Source Package
Format of source package is described in section "SOURCE PACKAGE FORMATS" within manual "man dpkg-source".
Also read http://www.debian.org/doc/debian-policy/ch-source.html for more info.
There are two types of source packages: native and non-native.
Layout of native package
.dsc: includes package info and md5 checksum for the package content.
.tar.gz
Layout of non-native package:
.dsc: debian source control
.orig.tar.gz: source code
.diff.gz: 1)patches applied to the source code; 2) debian package (debain/ dir)
Download a source package instead of binary packge:
apt-get source pkg_name #Download and unpack
apt-get source --download-only pkg_name #only download
Then command dpkg-source comes handy to manipulate source package.
dpkg-source –x pkg_name.dsc # Extract a source package.
If you use command "apt-get source pkg_name", the package has been download and extracted. So you don't need to execute this command. If you use command "apt-get source --download pkg_name", you can use this command to extract the downloaded package and apply the patch.
If you don't want the patch to be applied, add option --skip-debianization.
If the directory where you execute command "dpkg-source –x" is different from the directory where downloaded source package is stored, option "-su, –sp, sn" can be used to specify where source tarball will be copied to current direcotory.
In all cases any existing original source tree will be removed! So be sure to backup your code if it is in current directory.
dpkg-source –sn –x pkg_name.src #original source tarball is not copied to current directory. But source tree is unpacked to current dir and patch is applied
dpkg-source –sp –x pkg_name.src #source tarball is copied to current directory, unpacked, and patch is applied
dpkg-source –su –x pkg_name.src #Copy source tarball to current directory, both original source tree and patched source tree are extracted.
If you want the original source is extracted also, use command "dpkg-source –su –x pkg_name.dsc".
When I extracted the source package, I got following warning:
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./pkg_name.dsc
This means public key has not been found which is needed to verify signature of the package. The dpkg-source manaul can tell you more:
--no-check
Do not check signatures and checksums before unpacking.
--require-valid-signature
Refuse to unpack the source package if it doesn't contain an OpenPGP signature that can be verified either with the user's trustedkeys.gpg keyring, one of the vendor-specific keyrings, or one of the official Debian keyrings (/usr/share/keyrings/debiankeyring.gpg and /usr/share/keyrings/debianmaintainers.gpg).
debian/ direcotory
Version:
https://wiki.ubuntu.com/PackagingGuide/Complete#changelog
changelog
Default file is located at debian/changelog. Changelog contains a list of changes. Note: it has a specific format. Command debchange can be used to edit the file.
debchange –a #append a changelog entry at current version
debchange –i #increase release number for non-native packages (2.4-1ubuntu1 –> 2.4-1ubuntu2).
debchange –v #create a changelog entry for a arbitrary new version.
debchange --create #create a new changelog file
debchange –c changelogfile #edit a specified changelog file instead of default one.
Read http://www.debian.org/doc/debian-policy/ch-source.html#s-dpkgchangelog for more info.
dpkg-source –b # build source package
man deb-version
Debian package version number format
Export:
gpg --export-secret-keys keyID
gpg --export keyID #export public key
gpg --gen-key
gpg –k #list pub keys
gpg –K #list secret keys
copyright
Read this: https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright%20Information
control
https://wiki.ubuntu.com/PackagingGuide/Complete#control
rules
It specifies how to compile, install the app and create the .deb package.
https://wiki.ubuntu.com/PackagingGuide/Complete#rules
DEBFULLNAME:
DEBEMAIL:
Package build
Binary package
dpkg-buildpackage
debuild: wrap dpkg-buildpackage and some other tools. Or you can set variable DEBSIGN_KEYID to the key id.
Use debuild –kKEYID to specify the key used to sign the package.
If you want to pass parameters to dpkg-buildpackage, set variable DEBUILD_DPKG_BUILDPACKAGE_OPTS.
debsign –kkeyID
debsign –m'LastName FirstName (Comment) <email_address>'
Source package: debuild –S
lintian
Debian package checker
lintian -Ivai *.dsc
sudo pbuilder build pkg_name.dsc
dpkg-query –s pkg_name #conf files are listed
https://wiki.ubuntu.com/PackagingGuide/Complete
https://wiki.ubuntu.com/DebootstrapChroot
https://wiki.ubuntu.com/PackagingGuide/Basic
https://wiki.ubuntu.com/PbuilderHowto
https://help.ubuntu.com/community/GnuPrivacyGuardHowto
http://www.debian.org/doc/FAQ/ch-pkg_basics.en.html
http://www.debian.org/doc/manuals/maint-guide/index.en.html
http://www.debian.org/doc/debian-policy/