Rebuilding a binary package is required under several sets of circumstances. In some cases, the administrator needs a software feature that requires the software to be compiled from sources, with a particular compilation option; in others, the software as packaged in the installed version of Debian is not recent enough. In the latter case, the administrator will usually build a more recent package taken from a newer version of Debian — such as
Testing or even
Unstable — so that this new package works in their
Stable distribution; this operation is called “backporting”. As usual, care should be taken, before undertaking such a task, to check whether it has been done already — a quick look on the Debian Package Tracker for that package will reveal that information.
15.1.1. Getting the Sources
Rebuilding a Debian package starts with getting its source code. The easiest way is to use the
apt-get source package-name
command. This command requires a
deb-src
line in the
/etc/apt/sources.list
file, and up-to-date index files (i.e.
apt-get update
). These conditions should already be met if you followed the instructions from the chapter dealing with APT configuration (see
Section 6.1, “Filling in the sources.list
File”). Note, however, that you will be downloading the source packages from the Debian version mentioned in the
deb-src
line.
If you need another version, you may need to download it manually from a Debian mirror or from the web site. This involves fetching two or three files (with extensions *.dsc
— for Debian Source Control — *.tar.comp
, and sometimes *.diff.gz
or *.debian.tar.comp
— comp taking one value among gz
, bz2
or xz
depending on the compression tool in use), then run the dpkg-source -x file.dsc
command. If the *.dsc
file is directly accessible at a given URL, there is an even simpler way to fetch it all, with the dget URL
command. This command (which can be found in the devscripts package) fetches the *.dsc
file at the given address, then analyzes its contents, and automatically fetches the file or files referenced within. Once everything has been downloaded, it verifies the integrity of the downloaded source packages using dscverify
, and it extracts the source package (unless the -d
or --download-only
option is used). The Debian keyring is needed, unless the option -u
is supplied.
Let us use the samba package as an example.
$
apt source samba
Reading package lists... Done
NOTICE: 'samba' packaging is maintained in the 'Git' version control system at:
https://salsa.debian.org/samba-team/samba.git
Please use:
git clone https://salsa.debian.org/samba-team/samba.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 12.3 MB of source archives.
Get:1 http://security.debian.org/debian-security bullseye-security/main samba 2:4.13.13+dfsg-1~deb11u3 (dsc) [4,514 B]
Get:2 http://security.debian.org/debian-security bullseye-security/main samba 2:4.13.13+dfsg-1~deb11u3 (tar) [11.8 MB]
Get:3 http://security.debian.org/debian-security bullseye-security/main samba 2:4.13.13+dfsg-1~deb11u3 (diff) [468 kB]
Fetched 12.3 MB in 3s (4,582 kB/s)
dpkg-source: info: extracting samba in samba-4.13.13+dfsg
dpkg-source: info: unpacking samba_4.13.13+dfsg.orig.tar.xz
dpkg-source: info: unpacking samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 07_private_lib
dpkg-source: info: applying bug_221618_precise-64bit-prototype.patch
dpkg-source: info: applying [...]
The source of the package is now available in a directory named after the source package and its version (samba-4.13.13+dfsg
); this is where we'll work on our local changes.
The first thing to do is to change the package version number, so that the rebuilt packages can be distinguished from the original packages provided by Debian. Assuming the current version is
2:4.13.13+dfsg-1~deb11u3
, we can create version
2:4.13.13+dfsg-1~deb11u3+falcot1
, which clearly indicates the origin of the package. This makes the package version number higher than the one provided by Debian, so that the package will easily install as an update to the original package. Such a change is best effected with the
dch
command (
Debian CHangelog) from the
devscripts package.
$
cd 4.13.13+dfsg-1~deb11u3
$
dch --local +falcot
The last command invokes a text editor (
sensible-editor
— this should be your favorite editor if it is mentioned in the
VISUAL
or
EDITOR
environment variables, and the default editor otherwise) to allow documenting the differences brought by this rebuild. This editor shows us that
dch
really did change the
debian/changelog
file.
When a change in build options is required, the changes need to be made in debian/rules
, which drives the steps in the package build process. In the simplest cases, the lines concerning the initial configuration (./configure …
) or the actual build ($(MAKE) …
or make …
or cmake …
or …) are easy to spot. If these commands are not explicitly called, they are probably a side effect of another explicit command, in which case please refer to their documentation to learn more about how to change the default behavior. With packages using dh
, you might need to add an override for the dh_auto_configure
or dh_auto_build
commands (see their respective manual pages and debhelper(7) for explanations on how to achieve this).
Depending on the local changes to the packages, an update may also be required in the debian/control
file, which contains a description of the generated packages. In particular, this file contains Build-Depends
lines controlling the list of dependencies that must be fulfilled at package build time. These often refer to versions of packages contained in the distribution the source package comes from, but which may not be available in the distribution used for the rebuild. There is no automated way to determine if a dependency is real or only specified to guarantee that the build should only be attempted with the latest version of a library — this is the only available way to force an autobuilder to use a given package version during build, which is why Debian maintainers frequently use strictly versioned build-dependencies.
If you know for sure that these build-dependencies are too strict, you should feel free to relax them locally. Reading the files which document the standard way of building the software — these files are often called INSTALL
— will help you figure out the appropriate dependencies. Ideally, all dependencies should be satisfiable from the distribution used for the rebuild; if they are not, a recursive process starts, whereby the packages mentioned in the Build-Depends
field must be backported before the target package can be. Some packages may not need backporting, and can be installed as-is during the build process (a notable example is debhelper). Note that the backporting process can quickly become complex if you are not careful. Therefore, backports should be kept to a strict minimum when possible.
15.1.3. Starting the Rebuild
When all the needed changes have been applied to the sources, we can start generating the actual binary package (.deb
file). The whole process is managed by the dpkg-buildpackage
command.
Example 15.1. Rebuilding a package
$
dpkg-buildpackage -us -uc
[...]
The previous command can fail if the
Build-Depends
field has not been updated, or if the related packages are not installed. In such a case, it is possible to overrule this check by passing the
-d
option to
dpkg-buildpackage
. However, explicitly ignoring these dependencies runs the risk of the build process failing at a later stage. Worse, the package may seem to build correctly but fail to run properly: some programs automatically disable some of their features when a required library is not available at build time. The switch can still be very useful if you only want to create a source package, which is supposed to be passed to clean build environments as described in
QUICK LOOK Building packages in chrooted and virtual environments.
The other options used in the above example make sure that neither the source package's .dsc
(-us
) nor the produced .changes
file (-uc
) get signed with the package builder's cryptographic key after the asuccessful build.
More often than not, Debian developers use a higher-level program such as debuild
; this runs dpkg-buildpackage
as usual, but it also adds an invocation of a program that runs many checks to validate the generated package against the Debian policy. This script also cleans up the environment so that local environment variables do not “pollute” the package build. The debuild
command is one of the tools in the devscripts suite, which share some consistency and configuration to make the maintainers' task easier.