deb 打包
修改原生 deb 包并重新打包
以构建 wget 为例。
安装构建 wget 所需的依赖:
~$ sudo apt build-dep wget
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
The following NEW packages will be installed:
libidn11-dev libtext-unidecode-perl tex-common texinfo
The following packages will be upgraded:
libidn11 libidn11:i386
2 upgraded, 4 newly installed, 0 to remove and 381 not upgraded.
Need to get 1,498 kB of archives.
After this operation, 8,750 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up texinfo (6.5.0.dfsg.1-2) ...
Setting up libidn11:amd64 (1.33-2.1ubuntu1.2) ...
Setting up libidn11:i386 (1.33-2.1ubuntu1.2) ...
Setting up libidn11-dev (1.33-2.1ubuntu1.2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
下载构建 wget 所需的源代码:
~$ apt source wget
Reading package lists... Done
Need to get 3,833 kB of source archives.
Get:1 http://mirrors.ustc.edu.cn/ubuntu xenial-updates/main wget 1.17.1-1ubuntu1.5 (dsc) [1,935 B]
Get:2 http://mirrors.ustc.edu.cn/ubuntu xenial-updates/main wget 1.17.1-1ubuntu1.5 (tar) [3,801 kB]
Get:3 http://mirrors.ustc.edu.cn/ubuntu xenial-updates/main wget 1.17.1-1ubuntu1.5 (diff) [29.5 kB]
Fetched 3,833 kB in 33s (116 kB/s)
dpkg-source: info: extracting wget in wget-1.17.1
dpkg-source: info: unpacking wget_1.17.1.orig.tar.gz
dpkg-source: info: unpacking wget_1.17.1-1ubuntu1.5.debian.tar.xz
dpkg-source: info: applying wget-doc-remove-usr-local-in-sample.wgetrc
dpkg-source: info: applying wget-doc-remove-usr-local-in-wget.texi
dpkg-source: info: applying wget-passive_ftp-default
dpkg-source: info: applying wget-doc-CRLs.patch
dpkg-source: info: applying CVE-2016-4971.patch
dpkg-source: info: applying Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch
dpkg-source: info: applying CVE-2016-7098-1.patch
dpkg-source: info: applying CVE-2016-7098-2.patch
dpkg-source: info: applying CVE-2016-7098-3.patch
dpkg-source: info: applying CVE-2017-6508.patch
dpkg-source: info: applying CVE-2017-13089.patch
dpkg-source: info: applying CVE-2017-13090.patch
dpkg-source: info: applying CVE-2018-0494.patch
dpkg-source: info: applying CVE-2019-5953-pre.patch
dpkg-source: info: applying CVE-2019-5953-1.patch
dpkg-source: info: applying CVE-2019-5953-2.patch
自动解压并打上 patch 得到最终的源代码如下:
~$ ls
wget-1.17.1 wget_1.17.1-1ubuntu1.5.dsc
wget_1.17.1-1ubuntu1.5.debian.tar.xz wget_1.17.1.orig.tar.gz
注意:需要使能 deb-src apt 源。
如果有需要,可以手工下载所有的源代码文件,包括:dsc 描述文件,origin 上游原始源代码文件,以及 debian 打包文件。
首先校验下载的 dsc 文件:
~$ gpg --verify wget_1.17.1-1ubuntu1.5.dsc
gpg: Signature made Tue 09 Apr 2019 03:56:48 AM CST using RSA key ID 840B1F69
gpg: Can't check signature: No public key
~$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 840B1F69
gpg: key 840B1F69: 10 signatures not checked due to missing keys
gpg: key 840B1F69: public key "Leonidas S. Barbosa <leo.barbosa@canonical.com>" imported
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2021-04-12
gpg: Total number processed: 1
gpg: imported: 1
~$ gpg --edit-key 840B1F69
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: unknown validity: unknown
sub rsa4096/428BA46A
created: 2017-06-09 expires: never usage: E
[ unknown] (1). Leonidas S. Barbosa <leo.barbosa@canonical.com>
[ unknown] (2) Leonidas S. Barbosa <lndsbarbosa@gmail.com>
[ unknown] (3) Leonidas S. Barbosa <leo.leonidas@canonical.com>
gpg> uid 1
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: unknown validity: unknown
sub rsa4096/428BA46A
created: 2017-06-09 expires: never usage: E
[ unknown] (1)* Leonidas S. Barbosa <leo.barbosa@canonical.com>
[ unknown] (2) Leonidas S. Barbosa <lndsbarbosa@gmail.com>
[ unknown] (3) Leonidas S. Barbosa <leo.leonidas@canonical.com>
gpg> lsign
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: unknown validity: unknown
Primary key fingerprint: 7FE7 9B44 5728 C8EA 0042 839E 45BC E75B 840B 1F69
Leonidas S. Barbosa <leo.barbosa@canonical.com>
Are you sure that you want to sign this key with your
key "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" (C7E8A950)
The signature will be marked as non-exportable.
Really sign? (y/N) y
gpg> lsign
Really sign all text user IDs? (y/N) y
"Leonidas S. Barbosa <leo.barbosa@canonical.com>" was already locally signed by key C7E8A950
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: full validity: full
Primary key fingerprint: 7FE7 9B44 5728 C8EA 0042 839E 45BC E75B 840B 1F69
Leonidas S. Barbosa <lndsbarbosa@gmail.com>
Leonidas S. Barbosa <leo.leonidas@canonical.com>
Are you sure that you want to sign this key with your
key "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" (C7E8A950)
The signature will be marked as non-exportable.
Really sign? (y/N) y
gpg> trust
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: unknown validity: full
sub rsa4096/428BA46A
created: 2017-06-09 expires: never usage: E
[ full ] (1). Leonidas S. Barbosa <leo.barbosa@canonical.com>
[ full ] (2) Leonidas S. Barbosa <lndsbarbosa@gmail.com>
[ full ] (3) Leonidas S. Barbosa <leo.leonidas@canonical.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 4
pub rsa4096/840B1F69
created: 2017-06-09 expires: never usage: SC
trust: full validity: full
sub rsa4096/428BA46A
created: 2017-06-09 expires: never usage: E
[ full ] (1). Leonidas S. Barbosa <leo.barbosa@canonical.com>
[ full ] (2) Leonidas S. Barbosa <lndsbarbosa@gmail.com>
[ full ] (3) Leonidas S. Barbosa <leo.leonidas@canonical.com>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
~$ gpg --verify wget_1.17.1-1ubuntu1.5.dsc
gpg: Signature made Tue 09 Apr 2019 03:56:48 AM CST using RSA key ID 840B1F69
gpg: Good signature from "Leonidas S. Barbosa <leo.barbosa@canonical.com>" [full]
gpg: aka "Leonidas S. Barbosa <lndsbarbosa@gmail.com>" [full]
gpg: aka "Leonidas S. Barbosa <leo.leonidas@canonical.com>" [full]
然后指定 dsc 文件进行解压:
~$ dpkg-source -x wget_1.17.1-1ubuntu1.5.dsc
gpgv: Signature made Tue 09 Apr 2019 03:56:48 AM CST
gpgv: using RSA key 45BCE75B840B1F69
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on ./wget_1.17.1-1ubuntu1.5.dsc
dpkg-source: info: extracting wget in wget-1.17.1
dpkg-source: info: unpacking wget_1.17.1.orig.tar.gz
dpkg-source: info: unpacking wget_1.17.1-1ubuntu1.5.debian.tar.xz
dpkg-source: info: applying wget-doc-remove-usr-local-in-sample.wgetrc
dpkg-source: info: applying wget-doc-remove-usr-local-in-wget.texi
dpkg-source: info: applying wget-passive_ftp-default
dpkg-source: info: applying wget-doc-CRLs.patch
dpkg-source: info: applying CVE-2016-4971.patch
dpkg-source: info: applying Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch
dpkg-source: info: applying CVE-2016-7098-1.patch
dpkg-source: info: applying CVE-2016-7098-2.patch
dpkg-source: info: applying CVE-2016-7098-3.patch
dpkg-source: info: applying CVE-2017-6508.patch
dpkg-source: info: applying CVE-2017-13089.patch
dpkg-source: info: applying CVE-2017-13090.patch
dpkg-source: info: applying CVE-2018-0494.patch
dpkg-source: info: applying CVE-2019-5953-pre.patch
dpkg-source: info: applying CVE-2019-5953-1.patch
dpkg-source: info: applying CVE-2019-5953-2.patch
对上游源代码进行打包
~$ sudo apt install dh-make
TODO
参考资料
Packaging
https://wiki.debian.org/Packaging
Debian Packaging Tutorial
https://www.debian.org/doc/manuals/packaging-tutorial/packaging-tutorial.en.pdf
Introduction to Debian Packaging
https://wiki.debian.org/Packaging/Intro?action=show&redirect=IntroDebianPackaging
Debian packaging tutorials for the modern developer
https://github.com/phusion/debian-packaging-for-the-modern-developer
Debian New Maintainers’ Guide
https://www.debian.org/doc/manuals/maint-guide/
最后修改于 2019-06-03