Delve into the Debian package ecosystem, learn about repositories, package tools, and build packages using the fpm tool, enhancing your deployment skills and integration efficiency.

docker15.tar.gz

buildingPackage1-UsingBuildSystem-copy

buildingPackage2-Makefile-copy

buildingPackage3-custombuild-copy

buildingPackage4-installFile-copy

Exercise-buildingPackage-copy

Exercise1-solution-buildingPackage-copy

buildingPackage5-multi-package-dhmoves-copy

buildingPackage6-multi-package-dhinstall-copy

Exercise-buildingPackage-multipackage-copy

Exercise2-solution-buildingMultiplePackage-dhinstall-copy

Exercise3-solution-buildingMultiplePackage-copy

aptly-RemoveAtEnd

aptly-copy

Exercise-aptly-endpoints

Exercise_aptly-nginx

Packages are fundamental units of software deployment in Debian and related operating systems. Packaging enables users to deploy your packages using the built-in tools of their operating system.

In this course, you’ll learn about the environment that Debian packages live in, including repositories, package management installation tools, source and binary packages, and the “upstream” concept. Then you’ll learn about the structure and metadata of packages and an efficient way to build Debian packages using the fpm tool. You’ll also learn to use the Debian Build System, including the tools used to create package skeletons and multiple packages from a single code base. You’ll finish with an introduction to repository and package management and integrity.

By the end of this course, you’ll have learned about the Debian package ecosystem and several ways to build and package. This will enable you to seamlessly integrate your packages into existing infrastructure and take your deployment skills to the next level.

Building Debian Packages from the Ground Up

Debian and its derivatives have an enormous installation base, particularly in the server landscape. An attacker who could sneak malicious code into a Debian package, into either the packaged installation or one of the hook scripts that run at installation time, could gain access to lots of resources and data.

To avoid such attacks, the Debian ecosystem guards the integrity of its packages through well-thought-out processes and a chain of cryptographic signatures.

The chain of trust can be roughly divided into two questions:

* How can an end user know that they are downloading official Debian-packaged software that hasn't been tampered with?
* How does the Debian project make sure that only legitimate software is
  uploaded to its repositories?

# Integrity from the end user's perspective

A user wishing to install Debian needs to download it from the
[official website](https://debian.org/). The connection to this website
is secured through Transport Layer Security.

The browser likely shows a green lock next to the address bar, indicating that the
website visited has been provided by the owner of the domain `debian.org` and
that the contents haven't been tampered with during transport by a malicious actor.

Learn how the integrity of the Debian repositories is secured by a chain of cryptographic signatures.

Introduction

Debian Packages in Context

What's Inside a Debian Package

Quick Package Construction with fpm

The Debian Build System

Quick Debian Packaging and Multipackage Builds

Repository Management

Conclusion

Appendix

Package Repository and Integrity

Integrity from the end user’s perspective