这样,我的hb软件的deb包文件及其他相关文件就生成了---但是生成于源码目录的父目录中。
目录
pbuilder
软件包
现在我们已经为构建软件包做好了准备。
In order to perform a complete (re)build of a package properly, you need tomake sure you have installed
build-essential
软件包;
列于 Build-Depends
域的软件包(参看 第 4.1 节 “control
”);
列于 Build-Depends-indep
域的软件包(参看 第 4.1 节 “control
”)。
然后在源代码目录中执行以下命令:
$ dpkg-buildpackage
这样会自动完成所有从源代码包构建二进制包的工作,包括:
清理源代码树(debian/rules clean
)
构建源代码包(dpkg-source -b
)
构建程序(debian/rules build
)
构建二进制包(fakeroot debian/rules binary
)
使用 gpg 签署 .dsc
文件
使用 dpkg-genchanges 和 gpg 创建并签署上传用的.changes
文件
The only input that will be required of you is your GPG secret pass phrase,twice. [64] If you are building Debianpackages only for your own local use, you can skip promptings for the GPGsignatures on the .dsc
file and the.changes
file like this:
$ dpkg-buildpackage -us -uc
For a non-native Debian package, e.g., gentoo
, you will see the following files in theparent directory (~/gentoo
) after building packages:
gentoo_0.9.12.orig.tar.gz
This is the original upstream source code tarball, merely renamed to theabove so that it adheres to the Debian standard. Note that this was createdinitially by the dh_make -f ../gentoo-0.9.12.tar.gz
.
gentoo_0.9.12-1.dsc
这是一个从 control
文件生成的源代码概要,可用于 dpkg-source(1) 程序。这个文件是使用 GPG 签署过的,以便别人可以确信它确实是你所提供的。
gentoo_0.9.12-1.debian.tar.gz
This compressed tarball contains your debian
directorycontents. Each and every addition you made to the original source code isstored as a quilt patch indebian/patches
.
如果其他人想要重新构建你的软件包,他们可以使用以上三个文件很容易地完成。只需复制三个文件,再运行 dpkg-source -xgentoo_0.9.12-1.dsc
。 [65]
gentoo_0.9.12-1_i386.deb
这是你的二进制包,可以使用 dpkg 程序安装或卸载它,就像其他软件包一样。
gentoo_0.9.12-1_i386.changes
This file describes all the changes made in the current package revision; itis used by the Debian FTP archive maintenance programs to install the binaryand source packages. It is partly generated from thechangelog
file and the .dsc
file.This file is GPG signed, so that people can be sure that it's really yours.
As you keep working on the package, its behavior will change and newfeatures will be added. People downloading your package can look at thisfile and quickly see what has changed. Debian archive maintenance programswill also post the contents of this file to the [email protected] list.
The long strings of numbers in the .dsc
and.changes
files are SHA1/SHA256 checksums for the filesmentioned. Anyone downloading your files can test them with sha1sum(1) or sha256sum(1) and if the numbers don't match,they'll know the file is corrupt or has been tampered with.
For a native Debian package, e.g., mypackage
, you will see the following files inthe parent directory after building packages:
mypackage_1.0.tar.gz
This is the source code tarball created from themypackage-1.0
directory by thedpkg-source command. (Its suffix is notorig.tar.gz
.)
mypackage_1.0.dsc
This is a summary of the contents of the source code as in the non-nativeDebian package. (There is no Debian revision.)
mypackage_1.0_i386.deb
This is your completed binary package as in the non-native Debian package.(There is no Debian revision.)
mypackage_1.0_i386.changes
This file describes all the changes made in the current package version asin the non-native Debian package. (There is no Debian revision.)
Debian supports many ports with the autobuilder network running buildddaemons on computers of many different architectures. Although you do notneed to do this yourself, you should be aware of what will happen to yourpackages. Let's look into roughly how they rebuild your packages formultiple architectures. [66]
For Architecture: any
packages, the autobuilder systemperforms a rebuild. It ensures the installation of
build-essential
软件包;
列于 Build-Depends
域的软件包(参看 第 4.1 节 “control
”)。
然后在源代码目录中执行以下命令:
$ dpkg-buildpackage -B
这样会自动完成从源代码包构建平台依赖二进制包的工作,包括:
清理源代码树(debian/rules clean
)
构建程序(debian/rules build
)
构建平台依赖二进制包(fakeroot debian/rules binary-arch
)
使用 gpg 签署 .dsc
文件
使用 dpkg-genchanges 和 gpg 创建并签署上传用的.changes
文件
这就是你看到你的软件包在其他平台上可用的原因。
Although packages listed in the Build-Depends-Indep
fieldare required to be installed for our normal packaging work (see 第 6.1 节 “完整的(重)构建”), they are not required to be installed for theautobuilder system since it builds only architecture dependent binarypackages. [67] This distinction betweennormal packaging and autobuilding procedures is what dictates whether youshould record such required packages in the Build-Depends
or Build-Depends-Indep
fields of thedebian/control
file (see 第 4.1 节 “control
”).
You can automate the dpkg-buildpackage command's packagebuild process further with the debuild command. Seedebuild(1).
Customization of the debuild command can be done through/etc/devscripts.conf
or~/.devscripts
. I would suggest at least the followingitems:
DEBSIGN_KEYID=Your_GPG_keyID DEBUILD_LINTIAN_OPTS=-i -I --show-overrides
With these, packages are signed by your specified GPG key ID (good forsponsoring packages) and checked in detail by the lintiancommand.
Cleaning the source and rebuilding the package from your user account is assimple as:
$ debuild
Here, if you are building Debian packages only for your own local use, youcan skip promptings for the GPG signatures on the .dsc
file and the .changes
file like this:
$ debuild -us -uc
You can clean the source tree as simply as:
$ debuild clean
pbuilder
软件包For a clean room (chroot) build environment to verify thebuild dependencies, the pbuilder
package is very useful. [68] This ensuresa clean build from the source under the sid
auto-builderfor different architectures and avoids a severity serious FTBFS (Fails ToBuild From Source) bug which is always in the RC (release critical)category. [69]
Let's customize the pbuilder
packageas follows:
setting the /var/cache/pbuilder/result
directorywritable by for your user account.
creating a directory, e.g.
,writable by the user, to place hook scripts in./var/cache/pbuilder/hooks
configuring ~/.pbuilderrc
or/etc/pbuilderrc
to include the followsing.
AUTO_DEBSIGN=${AUTO_DEBSIGN:-yes}
HOOKDIR=/var/cache/pbuilder/hooks
这使你可以使用 ~/.gnupg/
目录中的 GPG 私钥签署生成的软件包。
First let's initialize the local pbuilder
chroot system asfollows.
$ sudo pbuilder create
If you already have a completed source package, issue the following commandsin the directory where the
,foo
.orig.tar.gz
, andfoo
.debian.tar.gz
files exist toupdate the local foo
.dscpbuilder
chroot system and to build binary packages in it.
$ sudo pbuilder --update
$ sudo pbuilder --build foo_version
.dsc
The newly built packages without the GPG signatures will be located in/var/cache/pbuilder/result/
with non-root ownership.
The GPG signatures on the .dsc
file and the.changes
file can be generated as:
$ cd /var/cache/pbuilder/result/ $ debsignfoo_version
.dsc $ debsignfoo_version_arch
.changes
If you have an updated source tree but have not generated the matchingsource package, issue the following commands in the source directory wherethe debian
directory exists, instead.
$ sudo pbuilder --update $ pdebuild
Here, if you are building Debian packages only for your local use, you canskip promptings for the GPG signatures on the .dsc
fileand the .changes
file as:
$ AUTO_DEBSIGN=no pdebuild
你可以使用 pbuilder --login --save-after-login
命令登录到这个chroot 环境中并按照需要对其进行配置。通过 ^D
(Control-D)离开这个 shell 时环境会被保存。
最新版的 lintian 命令可以通过设置钩子脚本
在 /var/cache/pbuilder/hooks
/B90lintianchroot
环境中运行。脚本内容如下:[70]
#!/bin/sh set -e install_packages() { apt-get -y --force-yes install "$@" } install_packages lintian echo "+++ lintian output +++" su -c "lintian -i -I --show-overrides /tmp/buildd/*.changes" - pbuilder # use this version if you don't want lintian to fail the build #su -c "lintian -i -I --show-overrides /tmp/buildd/*.changes; :" - pbuilder echo "+++ end of lintian output +++"
You need to have access to the latest sid
environment tobuild packages properly for sid
. In practice,sid
may be experiencing issues which makes it undesirablefor you to migrate your whole system. The pbuilder
package can help you to cope with thiskind of situation.
You may need to update your stable
packages after theirrelease for stable-proposed-updates
,stable/updates
, etc. [71] For such occasions, the fact you may be running asid
system is not a good enough excuse for failing toupdate them promptly. The pbuilder
package can help you to access environments of almost any Debian derivativedistribution of the same architecture.
See http://www.netfort.gr.jp/~dancer/software/pbuilder.html, pdebuild(1), pbuilderrc(5), and pbuilder(8).
If your upstream uses a source code management system (VCS) [72] to maintain their code, you should consider usingit as well. This makes merging and cherry-picking upstream patches mucheasier. There are several specialized wrapper script packages for Debianpackage building for each VCS.
git-buildpackage
: a suite to helpwith Debian packages in Git repositories.
svn-buildpackage
:帮助维护 Subversion仓库中软件包的程序。
cvs-buildpackage
: a set of Debianpackage scripts for CVS source trees.
For advanced audiences, there are packages whichautomate the building of packages under a VCS-managedsource tree. I will not explain them in this tutorial. [73]
With a large package, you may not want to rebuild from scratch every timewhile you're tuning details in debian/rules
. Fortesting purposes, you can make a .deb
file withoutrebuilding the upstream sources like this[74]:
$ fakeroot debian/rules binary
Or simply do the following to see if it builds or not:
$ fakeroot debian/rules build
一旦完成了调试,记住要按照前面所的正常过程重构建你的软件包。你可能无法正常上传用此种方法构建的 .deb
文件。
[64] This GPG key must be signed by a Debian developer to get connected to theweb of trust and must be registered to the Debiankeyring. This enables your uploaded packages to be accepted to theDebian archives. See Creating a new GPGkey and Debian Wiki onKeysigning.
[65] You can avoid applying quilt patches in the 3.0(quilt)
source format at the end of the extraction with the--skip-patches
option. Alternatively, you can rundquilt pop -a
after normal operation.
[66] The actual autobuilder system involves much more complicated schemes thanthe one documented here. Such details are beyond the scope of thisdocument.
[67] Unlike under the pbuilder
package,the chroot environment under the sbuild
package used by the autobuilder systemdoes not enforce the use of a minimal system and may have many leftoverpackages installed.
[68] Since the pbuilder
package is stillevolving, you should check the actual configuration situation by consultingthe latest official documentation.
[69] See http://buildd.debian.org/ for more on Debian package auto-building.
[70] This assumes HOOKDIR=/var/cache/pbuilder/hooks
. You canfind many examples of hook scripts in the/usr/share/doc/pbuilder/examples
directory.
[71] 升级你的 stable
软件包有规定限制。
[72] See Version control systems for more.
[73] Here are some web resources available for advanced audiences.
Building Debian Packages with git-buildpackage(//usr/share/doc/git-buildpackage/manual-html/gbp.html
)
debian packages in git
Using Git for Debian Packaging
git-dpm: Debian packages in Git manager
Using TopGit to generate quilt series for Debianpackaging
[74] 常规情形下被配置好的环境变量在此时不会被自动设置。永远不要将使用这个 快速方法构建的软件包上传到任何地方。
The GNU Privacy Guard
Private和public的钥匙是gpg加密和解密过程的主要部分,所以第一步就是创建为自己创建一对密匙.
生成私钥
$gpg --gen-key |
你需要回答一些这个命令提出的问题
私钥的种类和size,这里缺省的答案已经足够好了
私钥的有效期,我通常选择不会过期,呵呵
你的真实的姓名和e-mail地址,这些是用来从一大堆钥匙中找到你的钥匙的
关于你的钥匙的comment,可以为空,我一般填一个昵称
钥匙的密码. 千万别忘了,否则所有你加密过的文件都没用了
为你的私钥生成一个公钥(文本文件),这是我的:aubrey.asc.zip
$ gpg --armor --output public.key --export <your email> |
你可以分发这个文件了,给你的朋友,或者贴到你的个人网站上, or whatever.
#gpg --encrypt --recipient 'Your Name' foo.txt |
#gpg --output foo.txt --decrypt foo.txt.gpg |
#gpg --import key.asc #gpg --list-keys #gpg --encrypt --recipient '[email protected]' foo.txt |
#gpg --output foo.txt --decrypt foo.txt.gpg |
如何制作deb包
下面用一个简单的程序例子,来讲解如何制作deb包。首先你需要一个deb包管理的系统,debian, ubuntu等。
这里我用的是nexenta. 这些系统默认装好了deb包制作需要的工具,如dpkg-dev, devscripts等。如果没有,你也可以在制作过程中用apt-get install来手动安装。
1. 创建一个简单的源码包
aubrey@aubrey-nexenta:~/deb$ ls -l hellodeb/ total 2 -rw-r--r-- 1 aubrey staff 203 Feb 16 12:50 Makefile -rw-r--r-- 1 aubrey staff 73 Feb 16 12:46 hellodeb.c |
PROG=hellodeb CC=gcc BINDIR=/usr/bin INSTALL=cp $(PROG): hellodeb.c $(CC) -o $(PROG) hellodeb.c clean: rm -rf $(PROG) install: $(INSTALL) $(PROG) $(BINDIR) uninstall: rm -rf $(BINDIR)/$(PROG) |
aubrey@aubrey-nexenta:~/deb/hellodeb$ gpg --list-keys /export/home/aubrey/.gnupg/pubring.gpg -------------------------------------- pub 1024D/7F8F1E57 2008-01-29 uid Aubrey Li sub 2048g/6AF6581E 2008-01-29 |
aubrey@aubrey-nexenta:~/deb$ ls hellodeb aubrey@aubrey-nexenta:~/deb$ mv hellodeb/ hellodeb-1.0 aubrey@aubrey-nexenta:~/deb$ ls hellodeb-1.0 |
aubrey@aubrey-nexenta:~/deb$ export DEBEMAIL="[email protected]" aubrey@aubrey-nexenta:~/deb$ export DEBFULLNAME="Aubrey Li" |
aubrey@aubrey-nexenta:~/deb/hellodeb-1.0$ dh_make Type of package: single binary, multiple binary, library, kernel module or cdbs? [s/m/l/k/b] s Maintainer name : Aubrey Li Email-Address : [email protected] Date : Sat, 16 Feb 2008 13:19:46 +0800 Package Name : hellodeb Version : 1.0 License : blank Type of Package : Single Hit to confirm: Done. Please edit the files in the debian/ subdirectory now. You should also check that the hellodeb Makefiles install into $DESTDIR and not in / . aubrey@aubrey-nexenta:~/deb/hellodeb-1.0$ |
6. 我们先关注一下第二个提示,修改Makefile。这里主要是安装路径,修改如下:
PROG=hellodeb CC=gcc BINDIR=$(DESTDIR)/usr/bin INSTALL=cp $(PROG): hellodeb.c $(CC) -o $(PROG) hellodeb.c clean: rm -rf $(PROG) install: mkdir -p $(BINDIR) $(INSTALL) $(PROG) $(BINDIR) uninstall: rm -rf $(BINDIR)/$(PROG) |
aubrey@aubrey-nexenta:~/deb/hellodeb-1.0/debian$ ls README.Debian control docs hellodeb-default.ex manpage.sgml.ex postrm.ex watch.ex changelog copyright emacsen-install.ex hellodeb.doc-base.EX manpage.xml.ex preinst.ex compat cron.d.ex emacsen-remove.ex init.d.ex menu.ex prerm.ex conffiles.ex dirs emacsen-startup.ex manpage.1.ex postinst.ex rules |
我删除掉其他文件,debian目录现在如下:
aubrey@aubrey-nexenta:~/deb/hellodeb-1.0/debian$ ls changelog compat control copyright dirs rules |
aubrey@aubrey-nexenta:~/deb/hellodeb-1.0$ dpkg-buildpackage -rfakeroot -sa |
aubrey@aubrey-nexenta:~/deb/hellodeb-1.0$ sudo -s Password: root@aubrey-nexenta:~/deb/hellodeb-1.0# dpkg-buildpackage -sa |
10. 最后作一下检查和安装工作.
root@aubrey-nexenta:~/deb# dpkg-deb -c hellodeb_1.0-1_solaris-i386.deb drwxr-xr-x root/root 0 2008-02-16 13:56:12 ./ drwxr-xr-x root/root 0 2008-02-16 13:56:10 ./usr/ drwxr-xr-x root/root 0 2008-02-16 13:56:10 ./usr/share/ drwxr-xr-x root/root 0 2008-02-16 13:56:10 ./usr/share/doc/ drwxr-xr-x root/root 0 2008-02-16 13:56:12 ./usr/share/doc/hellodeb/ -rw-r--r-- root/root 246 2008-02-16 13:19:48 ./usr/share/doc/hellodeb/copyright -rw-r--r-- root/root 191 2008-02-16 13:19:48 ./usr/share/doc/hellodeb/changelog.Debian.gz drwxr-xr-x root/root 0 2008-02-16 13:56:11 ./usr/bin/ -rwxr-xr-x root/root 3436 2008-02-16 13:56:11 ./usr/bin/hellodeb root@aubrey-nexenta:~/deb# dpkg -i hellodeb_1.0-1_solaris-i386.deb Selecting previously deselected package hellodeb. (Reading database ... 31630 files and directories currently installed.) Unpacking hellodeb (from hellodeb_1.0-1_solaris-i386.deb) ... Setting up hellodeb (1.0-1) ... root@aubrey-nexenta:~/deb# which hellodeb /usr/bin/hellodeb root@aubrey-nexenta:~/deb# hellodeb hello deb root@aubrey-nexenta:~/deb# dpkg -r hellodeb (Reading database ... 31632 files and directories currently installed.) Removing hellodeb ... root@aubrey-nexenta:~/deb# which hellodeb root@aubrey-nexenta:~/deb# |
http://blog.chinaunix.net/u1/41699/showart_472258.html