Suppose I have an installer program or source tarball for some program I want to install. (There is no Debian package available.) First I want to create a .deb package out of it, in order to be able to cleanly remove the installed program in the future (see Uninstalling application built from source, If I build a package from source how can I uninstall or remove completely?). Also, installing using a package prevents it from clobbering files from other packages, which cannot be guaranteed if you run the installer or sudo make install.
Checkinstall
From reading the answers there and elsewhere, I gather the usual solution is to use checkinstall to build the package. Unfortunately, it seems checkinstall does not prevent make install from clobbering system files from other packages. For example, according to Reverting problems caused by checkinstall with gcc build:
I created a Debian package from the install using sudo checkinstall -D make install.
[...] I removed it using Synaptic Package Manager. As it turns out, [removing] the package checkinstall created from make install tried to remove every single file the installation process touched, including shared gcc libraries like /lib64/libgcc_s.so.
I then tried to tell checkinstall to build the package without installing it, in the hope of bypassing the issue. I created a dummy Makefile:
install:
echo "Bogus" > /bin/qwertyuiop
and ran sudo checkinstall --install=no. The file /bin/qwertyuiop was created, even though the package was not installed.
In my case, I do not trust the installer / make install to not overwrite system files, so this use of checkinstall is ruled out.
How can I build the package, without installing it or letting it touch system files?
Is it possible to run Checkinstall in a fakechrooted debootstrap environment to achieve this? Preferably the build should be done as a normal user rather than root, which would prevent the process from overwriting system files if it goes wrong.