Debian Package
DEB is Debian's binary package format for software distribution on Debian, Ubuntu, and derivatives. FileDex provides reference and structural inspection information only.
Linux package format. Cross-distribution conversion requires repackaging.
Common questions
How can I inspect the contents of a DEB file before installing it?
Run `dpkg-deb --info package.deb` to view metadata and `dpkg-deb --contents package.deb` to list all files it would install. You can also extract everything with `dpkg-deb --raw-extract package.deb output_dir/` for manual inspection. The maintainer scripts in the control archive deserve particular scrutiny since they run as root.
What is the difference between dpkg and apt?
dpkg is the low-level tool that installs, removes, and queries individual .deb files on the local system. APT is a higher-level frontend that manages repositories, resolves dependency chains, and downloads packages before handing them to dpkg. Use dpkg for single local files and apt for repository-based package management.
Can FileDex convert DEB packages to RPM or other formats?
No. DEB packages contain compiled binaries, system-specific paths, and shell scripts tied to Debian's package management infrastructure. FileDex provides reference information about the DEB format only. Tools like `alien` can attempt cross-format conversion, but the results frequently break due to differing directory conventions and dependency naming.
Why does my DEB file show as 'not a Debian format archive'?
The ar archive header at the start of the file is damaged or missing. This typically happens from incomplete downloads or file transfer corruption. Verify the file size matches the source, re-download if needed, and check the first 8 bytes for the expected `!<arch>` signature.
What makes .DEB special
Debian packages use the Unix ar archive format as their outer container, identifiable by the magic bytes 21 3C 61 72 63 68 3E 0A (the ASCII string "!
Continue reading — full technical deep dive
Three-Member Structure
Every conforming .deb file contains exactly three ar members in a fixed order. The first member, debian-binary, is a plain text file containing the format version (currently "2.0\n"). The second, control.tar (optionally gzip or xz compressed), holds package metadata: the control file with package name, version, architecture, dependencies, and description fields. It also contains optional maintainer scripts and configuration file manifests. The third member, data.tar (compressed with gzip, xz, or zstd), carries the actual filesystem tree that dpkg extracts to the root directory.
Maintainer Scripts
The control archive may include preinst, postinst, prerm, and postrm shell scripts. These run as root during package installation and removal. The preinst script executes before files are unpacked — common uses include stopping a running service or creating required system users. The postinst script runs after extraction and typically handles service restarts, user creation, or configuration file registration via dpkg-trigger. The conffiles manifest lists configuration files that dpkg should preserve during upgrades, prompting the user when the package ships a modified version. Poorly written maintainer scripts are the most common source of broken package states.
Dependency Resolution
The low-level tool dpkg installs individual .deb files but does not resolve dependencies automatically. APT (Advanced Package Tool) wraps dpkg with repository awareness and dependency solving. When apt install processes a package, it reads the Depends, Pre-Depends, Recommends, and Conflicts fields from the control file, then fetches and orders all required packages before invoking dpkg in the correct sequence. The Pre-Depends field is stricter than Depends — it requires the dependency to be fully configured before the dependent package's preinst script runs, which is necessary for packages that call dependency binaries during installation.
Inspection Methods
The command dpkg-deb --info package.deb prints the control file metadata. The ar t package.deb command lists the three archive members. Extracting the data archive with dpkg-deb --contents shows the full file listing with permissions, ownership, and target paths. For deeper inspection, dpkg-deb --raw-extract package.deb output/ writes both the control and data members to a directory for manual analysis of every file the package contains.
Related Formats
Technical reference
- MIME Type
application/vnd.debian.binary-package- Magic Bytes
21 3C 61 72 63 68 3E!<arch> ar archive signature.- Developer
- Debian Project
- Year Introduced
- 1995
- Open Standard
- Yes
!<arch> ar archive signature.
Binary Structure
DEB files are ar archives starting with the 8-byte signature 21 3C 61 72 63 68 3E 0A ("!<arch>\n"). Three members follow in strict order: debian-binary (version string), control.tar.{gz,xz,zst} (metadata and maintainer scripts), and data.tar.{gz,xz,zst} (installed filesystem tree). Each ar member has a 60-byte header containing the filename, timestamp, owner, group, mode, and size.
Attack Vectors
- arbitrary code execution
- privilege escalation
- supply chain compromise
- maintainer scripts (preinst, postinst, prerm, postrm) execute as root with full system access during installation and removal
- unsigned or third-party .deb files bypass APT's GPG repository signature verification when installed directly with dpkg
Mitigation: FileDex does not execute, install, or parse these files. Reference page only.