deb (file format)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Debian package
Application-x-deb.svg
The GNOME icon for deb files
Filename extension .deb, .udeb
Internet media type application/vnd.debian.binary-package[1]
Developed by Debian
Type of format Package management system
Container for Software package
Extended from ar archive, tarball
Website packages.debian.org

deb is the format, as well as extension of the software package format for the Debian Linux distribution and its derivatives.

Design[edit]

GDebi installing a .deb package

Debian packages are standard Unix ar archives that include two tar archives optionally compressed with gzip (zlib), Bzip2, lzma, or xz (lzma2): one archive holds the control information and another contains the installable data.[2]

The common program for handling these packages is dpkg, usually via other programs such as apt/aptitude or other APT front-ends such as Synaptic or KPackage.[3]

Debian packages can be converted into other package formats and vice versa using alien, and created from source code using checkinstall or the Debian Package Maker.[4]

Some core Debian packages are available as udebs ("micro debs"), and are typically used only for bootstrapping a Debian installation. Although these files use the udeb filename extension, they adhere to the same structure specification as ordinary deb files. However, unlike their deb counterparts, udeb packages contain only essential functional files.[5] In particular, documentation files are normally omitted. udeb packages are not installable on a standard Debian system, but are used in Debian-Installer.

Implementation[edit]

Diagram showing an example file structure of a .deb file
Frhed hex editor displaying the raw data of a Debian package.

Since Debian 0.93, a deb package is implemented as an ar archive.[6] This package contains three sections:[7]

  • Global Header: This contains the file signature and the first file header which includes the debian-binary package identifier and the deb format version number. This is 2.0 for current versions of Debian.[7]
  • Control Section: This contains a control archive (Usually named control.tar, control.tar.gz or control.tar.xz). This archive includes all package meta-information. It tells dpkg what to configure when the package is being installed.[7][2]
  • Data Section: This contains a data archive (Usually named data.tar, data.tar.gz, data.tar.bz2, data.tar.lzma or data.tar.xz). This archive includes the actual installable files.[7][2]

File signature[edit]

The file signature is a single field containing the magic ASCII string !<arch> followed by a single LF control character (0x0A). This is used to identify the file as a ar archive.[8]

File header[edit]

Each file stored in an ar archive includes a file header to store information about the file. The common format is as follows. Numeric values are encoded in ASCII and all values right-padded with ASCII spaces (0x20).[8][9]

Offset Length Name Format
0 16 File identifier ASCII
16 12 File modification timestamp Decimal
28 6 Owner identifier Decimal
34 6 Group identifier Decimal
40 8 File mode Octal
48 10 File size in bytes Decimal
58 2 Ending characters 0x60 0x0A

Directly following a file header is the file data for the file described in the header. .deb files use three file headers, the first is used to identify the ar archive as a Debian package. This is done in the first file header by setting the file identifier to debian-binary, then using the file data section to define the package version number.[7] The other two file headers are to define the control and data sections.[7]

Control archive[edit]

The control archive contents can include the following files:

  • control contains a brief description of the package as well as other information such as its dependencies.[10][11][12][13]
  • md5sums contains MD5 checksums of all files in the package in order to detect corrupt or incomplete files.[14]
  • conffiles lists the files of the package that should be treated as configuration files. Configuration files are not overwritten during an update unless specified.[15]
  • preinst, postinst, prerm and postrm are optional scripts that are executed before or after installing, updating or removing the package.[15][16]
  • config is an optional script that supports the debconf configuration mechanism.[17]
  • shlibs list of shared library dependencies.[18][19]

Signed Packages[edit]

Debian-based distributions support GPG signature verification of signed Debian packages, but most (if not all) have this feature disabled by default.[20] Instead packages are verified by signing the repository metadata (i.e. Release files). The metadata files in turn include checksums for the repository files as a means to verify authenticity of the files.[21][22] Currently there are two different implementations for signing individual packages. The first is done via the debsigs / debsig-verify toolset, which is supported by dpkg.[20][23] The second is done through the dpkg-sig program which is not supported by dpkg, so the packages have to be manually checked with the dpkg-sig program.[20][24][25][26] Both formats add new section(s) to the ar archive to store the signature information, but the formats are not compatible with one another.[20] Neither of the modifications to the package format are listed in the official Debian handbook or man page about the binary package format.[27][9]

Adoption[edit]

See also[edit]

External links[edit]

References[edit]

  1. ^ "Media Type Registration for vnd.debian.binary-package". Internet Assigned Numbers Authority. Retrieved 21 May 2014. 
  2. ^ a b c Raphaël Hertzog (17 Sep 2010). "How to create Debian packages with alternative compression methods". raphaelhertzog.com. Retrieved 26 Aug 2016. 
  3. ^ "Debian Courses/Maintaining Packages/Packages Management". debian.org. 31 Oct 2010. Retrieved 26 Aug 2016. 
  4. ^ "Overview of Debian Maintainer Tools / Alien". debian.org. n.d. Retrieved 26 Aug 2016. 
  5. ^ "Chapter 3. D-I components or udebs". debian.org. n.d. Retrieved 26 Aug 2016. 
  6. ^ Lucas Nussbaum (16 Oct 2014). "Debian Packaging Tutorial" (PDF). debian.org. Retrieved 26 Aug 2016. 
  7. ^ a b c d e f "Debian Binary Package Building HOWTO/3. Package Structure". tldp.org. n.d. Retrieved 26 Aug 2016. 
  8. ^ a b "AR(5) man page". unixdev.net. n.d. Retrieved 26 Aug 2016. 
  9. ^ a b "deb(5) man page - Debian binary package format". ubuntu.com. n.d. Retrieved 26 Aug 2016. 
  10. ^ "deb-control(5) man page - deb-control - Debian packages' master control file format". die.net. n.d. Retrieved 26 Aug 2016. 
  11. ^ "Debian Policy Manual Chapter 5 - Control files and their fields". debian.org. 30 Mar 2016. Retrieved 26 Aug 2016. 
  12. ^ Josip Rodin and Osamu Aoki (9 Jun 2015). "Debian New Maintainers' Guide - Ch4 Required files under the debian directory". debian.org. Retrieved 26 Aug 2016. 
  13. ^ "Debian Policy Manual Ch7 - Declaring relationships between packages". debian.org. 30 Mar 2016. Retrieved 26 Aug 2016. 
  14. ^ "The Debian Administrator's Handbook - Package Meta-Information". debian-handbook.info. n.d. Retrieved 26 Aug 2016. 
  15. ^ a b "Chapter 7 - Basics of the Debian package management system". debian.org. 1 May 2015. Retrieved 26 Aug 2016. 
  16. ^ "Debian Maintainer Scripts". debian.org. 11 Oct 2012. Retrieved 26 Aug 2016. 
  17. ^ Joey Hess (n.d.). "The Debconf Programmer's Tutorial - The Config Script". fifi.org. Retrieved 26 Aug 2016. 
  18. ^ "dpkg-shlibdeps(1) man page". man7.org. 6 Sep 2013. Retrieved 26 Aug 2016. 
  19. ^ "Debian Policy - 8.6 Dependencies between the library and other packages". debian.org. 30 Mar 2016. Retrieved 26 Aug 2016. 
  20. ^ a b c d Joe Damato (28 Oct 2014). "HOWTO: GPG sign and verify deb packages and APT repositories". packagecloud.io. Retrieved 26 Aug 2016. 
  21. ^ "APT repository internals". packagecloud.io. 4 Aug 2015. Retrieved 26 Aug 2016. 
  22. ^ "SecureApt - All about secure apt". debian.org. 22 Sep 2015. Retrieved 26 Aug 2016. 
  23. ^ "debsig-verify(1) man page". ubuntu.com. n.d. Retrieved 26 Aug 2016. 
  24. ^ "debsigs(1) man page". ubuntu.com. n.d. Retrieved 26 Aug 2016. 
  25. ^ Andreas Barth (29 Dec 2003). "Integrating signatures into Debian archive files". turmzimmer.net. Retrieved 29 Dec 2003. 
  26. ^ "policy for debsigs". turmzimmer.net. 1 Feb 2004. Retrieved 1 Feb 2004. 
  27. ^ "The Debian Administrator's Handbook - Ch5. Packaging System: Tools and Fundamental Principles". debian.org. n.d. Retrieved 26 Aug 2016. 
  28. ^ "Fink FAQ - General Questions". finkproject.org. 6 Jun 2015. Retrieved 26 Aug 2016. 
  29. ^ "Fink FAQ - Installing, Using and Maintaining Fink". finkproject.org. 6 Jun 2015. Retrieved 26 Aug 2016. 
  30. ^ Jay Freeman (n.d.). "Bringing Debian APT to the iPhone". saurik.com. Retrieved 26 Aug 2016. 
  31. ^ Erica Sadun (28 Feb 2008). "Debian-style installation arrives on iPhone". engadget.com. Retrieved 26 Aug 2016.