DEBUILD(1)                  General Commands Manual                 DEBUILD(1)

       debuild - build a Debian package

       debuild  [debuild  options] [dpkg-buildpackage options] [--lintian-opts
       lintian options]
       debuild [debuild options] -- binary|binary-arch|binary-indep|clean ...

       debuild creates all the files necessary for uploading a Debian package.
       It first runs dpkg-buildpackage, then runs lintian on the .changes file
       created (assuming that lintian is installed),  and  finally  signs  the
       appropriate  files  (using debsign(1) to do this instead of dpkg-build-
       package(1) itself; all relevant key-signing  options  are  passed  on).
       Signing will be skipped if the distribution is UNRELEASED, unless dpkg-
       buildpackage's --force-sign option is used.  Parameters can  be  passed
       to  dpkg-buildpackage  and  lintian, where the parameters to the latter
       are indicated with the --lintian-opts option.  The allowable options in
       this  case  are --lintian and --no-lintian to force or skip the lintian
       step, respectively. The default is to run lintian.  There are also var-
       ious  options  available  for  setting and preserving environment vari-
       ables, as described below in the  Environment  Variables  section.   In
       this  method  of  running debuild, we also save a build log to the file

       An alternative way of using debuild is to use one or more of the param-
       eters  binary,  binary-arch,  binary-indep  and  clean,  in  which case
       debuild will attempt to gain root privileges and then run  debian/rules
       with  the  given  parameters.  A --rootcmd=gain-root-command or -rgain-
       root-command option may be used to specify a  method  of  gaining  root
       privileges.   The  gain-root-command  is  likely to be one of fakeroot,
       sudo or super.  See below for further discussion of this point.  Again,
       the  environment  preservation  options  may  be  used.   In this case,
       debuild will also attempt to run dpkg-checkbuilddeps first; this can be
       explicitly  requested  or  switched  off  using  the  options -D and -d
       respectively.  Note also that if either of these  or  a  -r  option  is
       specified  in  the  configuration  file  option DEBUILD_DPKG_BUILDPACK-
       AGE_OPTS, then it will be recognised even in this method of  invocation
       of debuild.

       debuild  also  reads  the  devscripts  configuration files as described
       below.  This allows default options to be given.

Directory name checking
       In common with several other scripts in the devscripts package, debuild
       will  climb  the  directory tree until it finds a debian/changelog file
       before attempting to build the package.  As a safeguard  against  stray
       files  causing potential problems, it will examine the name of the par-
       ent directory once it finds the debian/changelog file, and  check  that
       the  directory  name corresponds to the package name.  Precisely how it
       does  this  is  controlled  by   two   configuration   file   variables
       their  corresponding  command-line  options  --check-dirname-level  and

       DEVSCRIPTS_CHECK_DIRNAME_LEVEL can take the following values:

       0      Never check the directory name.

       1      Only check the directory name if we have had to change directory
              in our search for debian/changelog.  This is the default  behav-

       2      Always check the directory name.

       The  directory name is checked by testing whether the current directory
       name (as determined by pwd(1)) matches the regex given by the  configu-
       ration  file  option  DEVSCRIPTS_CHECK_DIRNAME_REGEX  or by the command
       line option --check-dirname-regex regex.  Here regex is  a  Perl  regex
       (see  perlre(3perl)),  which  will be anchored at the beginning and the
       end.  If regex contains a '/', then it must match  the  full  directory
       path.   If  not,  then it must match the full directory name.  If regex
       contains the string 'PACKAGE', this will  be  replaced  by  the  source
       package  name, as determined from the changelog.  The default value for
       the regex is: 'PACKAGE(-.+)?', thus matching directory  names  such  as
       PACKAGE and PACKAGE-version.

       As  environment  variables  can affect the building of a package, often
       unintentionally, debuild sanitises  the  environment  by  removing  all
       environment  variables  except for TERM, HOME, LOGNAME, GNUPGHOME, PGP-
       DEBEMAIL,  DEB_*,  the (C, CPP, CXX, LD and F)FLAGS variables and their
       _APPEND counterparts and the locale variables LANG and LC_*.   TERM  is
       set    to   `dumb'   if   it   is   unset,   and   PATH   is   set   to

       If a particular environment variable is required to be  passed  through
       untouched to the build process, this may be specified by using a --pre-
       serve-envvar envvar (which can also be written as  -e  envvar  option).
       The  environment  may  be  left  untouched  by using the --preserve-env
       option.  However, even in this case, the PATH will be set to  the  sane
       value  described  above.  The only way to prevent PATH from being reset
       is to specify a --preserve-envvar PATH option.  But you are warned that
       using  programs  from  non-standard  locations can easily result in the
       package being broken, as it will not be able to be  built  on  standard

       Note  that  one  may  add directories to the beginning of the sanitised
       PATH, using the --prepend-path option. This is useful when  one  wishes
       to use tools such as ccache or distcc for building.

       It  is  also  possible  to  avoid having to type something like FOO=bar
       debuild -e FOO by writing debuild -e FOO=bar or the long  form  debuild
       --set-envvar FOO=bar.

       debuild  needs  to be run as superuser to function properly.  There are
       three fundamentally different ways to do this.  The first, and  prefer-
       able,  method is to use some root-gaining command.  The best one to use
       is probably fakeroot(1), since it does not involve granting any genuine
       privileges.  super(1) and sudo(1) are also possibilities.  If no -r (or
       --rootcmd) option is given  (and  recall  that  dpkg-buildpackage  also
       accepts a -r option) and neither of the following methods is used, then
       -rfakeroot will silently be assumed.

       The second method is to use some command such as su(1) to become  root,
       and  then  to  do  everything as root.  Note, though, that lintian will
       abort if it is run as root or setuid root; this can be  overcome  using
       the --allow-root option of lintian if you know what you are doing.

       The  third possible method is to have debuild installed as setuid root.
       This is not the default method, and will have to be installed  as  such
       by  the system administrator.  It must also be realised that anyone who
       can run debuild as root or setuid root has full  access  to  the  whole
       machine.   This  method  is  therefore  not recommended, but will work.
       debuild could be installed with mode 4754, so that only members of  the
       owning group could run it.  A disadvantage of this method would be that
       other users would then not be able to use the program.  There are  many
       other  variants of this option involving multiple copies of debuild, or
       the use of programs such as sudo or super to grant root  privileges  to
       users  selectively.   If the sysadmin wishes to do this, she should use
       the  dpkg-statoverride   program   to   change   the   permissions   of
       /usr/bin/debuild.   This  will  ensure  that these permissions are pre-
       served across upgrades.

       debuild supports a number  of  hooks  when  running  dpkg-buildpackage.
       Note that the hooks dpkg-buildpackage to lintian (inclusive) are passed
       through  to  dpkg-buildpackage  using  its  corresponding   --hook-name
       option.  The available hooks are as follows:

              Run  before dpkg-buildpackage begins by calling dpkg-checkbuild-

              Hook is run inside the unpacked source.

              Corresponds to dpkg's init hook.

              Run before dpkg-buildpackage runs debian/rules  clean  to  clean
              the  source  tree.   (Run  even if the tree is not being cleaned
              because -nc is used.)

              Hook is run inside the unpacked source.

              Corresponds to dpkg's preclean hook.

              Run after cleaning the  tree  and  before  running  dpkg-source.
              (Run  even if dpkg-source is not being called because -b, -B, or
              -A is used.)

              Hook is run inside the unpacked source.

              Corresponds to dpkg's source hook.

              Run after dpkg-source and  before  calling  debian/rules  build.
              (Run  even if this is a source-only build, so debian/rules build
              is not being called.)

              Hook is run inside the unpacked source.

              Corresponds to dpkg's build hook.

              Run between debian/rules build and  debian/rules  binary(-arch).
              Run only if a binary package is being built.

              Hook is run inside the unpacked source.

              Corresponds to dpkg's binary hook.

              Run  after  the binary package is built and before calling dpkg-

              Hook is run inside the unpacked source.

              Corresponds to dpkg's changes hook.

              Run after dpkg-genchanges  and  before  the  final  debian/rules
              clean.   (Run  even  if we are not cleaning the tree post-build,
              which is the default.)

              Hook is run inside the unpacked source.

              Corresponds to dpkg's postclean hook.

              Run (once) before calling lintian.  (Run  even  if  we  are  not
              calling lintian.)

              Hook is run from parent directory of unpacked source.

              Corresponds to dpkg's check hook.

              Run  after calling lintian before any signing takes place.  (Run
              even if we are not signing anything.)

              Hook is run from parent directory of unpacked source.

              Corresponds to dpkg's sign hook, but is run by debuild.

              Run after everything has finished.

              Hook is run from parent directory of unpacked source.

              Corresponds to dpkg's done hook, but is run by debuild.

       A hook command can be specified either in the  configuration  file  as,
       for  example,  DEBUILD_SIGNING_HOOK='foo' (note the hyphens change into
       underscores!) or as a command line option --signing-hook-foo.  The com-
       mand  will  have  certain  percent substitutions made on it: %% will be
       replaced by a single % sign, %p will be replaced by the  package  name,
       %v  by  the package version number, %s by the source version number, %u
       by the upstream version number.  Neither %s  nor  %u  will  contain  an
       epoch.   %a will be 1 if the immediately following action is to be per-
       formed and 0 if not (for example, in  the  dpkg-source  hook,  %a  will
       become  1  if  dpkg-source is to be run and 0 if not).  Then it will be
       handed to the shell to deal with, so it can  include  redirections  and
       stuff.  For example, to only run the dpkg-source hook if dpkg-source is
       to be run, the hook could be something like: "if [ %a  -eq  1  ];  then
       ...; fi".

       Please  take  care  with  hooks, as misuse of them can lead to packages
       which FTBFS (fail to build from source).  They can be useful for taking
       snapshots of things or the like.

       For details, see above.

       --no-conf, --noconf
              Do  not  read any configuration files.  This can only be used as
              the first option given on the command-line.

       --rootcmd=gain-root-command, -rgain-root-command
              Command to gain root (or fake root) privileges.

              Do not clean the environment, except for PATH.

       --preserve-envvar=var, -evar
              Do not clean the var variable from the environment.

              If var ends in an asterisk ("*") then all variables  with  names
              that  match  the portion of var before the asterisk will be pre-

       --set-envvar=var=value, -evar=value
              Set the environment variable var to value and do not  remove  it
              from the environment.

              Once the normalized PATH has been set, prepend value to it.

              Run lintian after dpkg-buildpackage.  This is the default behav-
              iour, and it overrides any configuration file directive  to  the

              Do not run lintian after dpkg-buildpackage.

              Even  if  we're running dpkg-buildpackage and the version number
              has a Debian revision, do not check that the  .orig.tar.gz  file
              or .orig directory exists before starting the build.

              If  we're running dpkg-buildpackage and the version number has a
              Debian revision, check  that  the  .orig.tar.gz  file  or  .orig
              directory exists before starting the build.  This is the default

       --username username
              When signing, use debrsign instead of debsign.  username  speci-
              fies the credentials to be used.

              Set  a  hook  as described above.  If hook is blank, this unsets
              the hook.

              Clears all hooks.  They may be reinstated by later command  line

       --check-dirname-level N
              See the above section Directory name checking for an explanation
              of this option.

       --check-dirname-regex regex
              See the above section Directory name checking for an explanation
              of this option.

       -d     Do not run dpkg-checkbuilddeps to check build dependencies.

       -D     Run dpkg-checkbuilddeps to check build dependencies.

       The  two configuration files /etc/devscripts.conf and ~/.devscripts are
       sourced by a shell in that order to set configuration variables.   Com-
       mand  line  options can be used to override some of these configuration
       file settings, otherwise the --no-conf option can be  used  to  prevent
       reading  these  files.   Environment variable settings are ignored when
       these configuration files are read.  The currently recognised variables

              If this is set to yes, then it is the same as the --preserve-env
              command line parameter being used.

              Which environment variables  to  preserve.   This  should  be  a
              comma-separated  list  of  variables.  This corresponds to using
              possibly multiple --preserve-envvar or -e options.

              This corresponds to --set-envvar=var=value.

              This corresponds to --prepend-path.

              Setting this variable to prog is the equivalent of -rprog.

              Setting this variable to no is the same  as  the  --no-tgz-check
              command line option.

              Setting  this  variable is the same as using the --username com-
              mand line option.

              These are options which should be passed to  the  invocation  of
              dpkg-buildpackage.   They  are  given  before  any  command-line
              options.  Due to issues of shell quoting, if a  word  containing
              spaces  is  required  as  a  single option, extra quotes will be
              required.  For example, to ensure  that  your  own  GPG  key  is
              always  used, even for sponsored uploads, the configuration file
              might contain the line:

              DEBUILD_DPKG_BUILDPACKAGE_OPTS="-k'Julian Gilbey <>' -sa"

              which gives precisely two options.   Without  the  extra  single
              quotes,  dpkg-buildpackage would reasonably complain that Gilbey
              is an unrecognised option (it doesn't start with a - sign).

              Also, if this option contains any -r, -d or  -D  options,  these
              will  always  be  taken  account  of by debuild.  Note that a -r
              option  in  this  variable  will   override   the   setting   in

              The  hook  variable  for the foo hook.  See the section on hooks
              above for more details.  By default, this is empty.

              Should we run lintian?  If this is set to no, then lintian  will
              not be run.

              These  are  options  which should be passed to the invocation of
              lintian.  They are given before any  command-line  options,  and
              the   usage   of   this   variable   is  as  described  for  the
              DEBUILD_DPKG_BUILDPACKAGE_OPTS variable.

              See the above section Directory name checking for an explanation
              of these variables.  Note that these are package-wide configura-
              tion variables, and will therefore affect all devscripts scripts
              which  check  their value, as described in their respective man-
              pages and in devscripts.conf(5).

       To build your own package, simply run debuild from  inside  the  source
       tree.  dpkg-buildpackage(1) options may be given on the command line.

       The  typical  command  line options to build only the binary package(s)
       without signing the .changes file (or the non-existent .dsc file):

              debuild -i -us -uc -b

       Change the -b to -S to build only a source package.

       An example using lintian to check the resulting  packages  and  passing
       options to it:

              debuild --lintian-opts -i

       Note  the  order  of options here: the debuild options come first, then
       the dpkg-buildpackage ones, then finally  the  checker  options.   (And
       lintian  is  called  by  default.)  If you find yourself using the same
       dpkg-buildpackage    options    repeatedly,    consider    using    the
       DEBUILD_DPKG_BUILDPACKAGE_OPTS  configuration  file option as described

       To build a package for a sponsored upload, given  foobar_1.0-1.dsc  and
       the respective source files, run something like the following commands:

              dpkg-source -x foobar_1.0-1.dsc
              cd foobar-1.0
              debuild -k0x12345678

       where 0x12345678 is replaced by your GPG key ID or other key identifier
       such  as  your  email  address.   Again,  you  could   also   use   the
       DEBUILD_DPKG_BUILDPACKAGE_OPTS  configuration  file option as described
       above to avoid having to type the -k option each time you  do  a  spon-
       sored upload.

       chmod(1),   debsign(1),  dpkg-buildpackage(1),  dpkg-checkbuilddeps(1),
       fakeroot(1), lintian(1), su(1), sudo(1), super(1),  devscripts.conf(5),

       The  original  debuild program was written by Christoph Lameter <clame->.  The current version has been written by Julian Gilbey

DEBIAN                         Debian Utilities                     DEBUILD(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2021 Hurricane Electric. All Rights Reserved.