Mercurial Mercurial > tips / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
debian-apt.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Tue, 01 Jan 2019 22:52:42 +0200
changeset 2324 a691d00452b3
parent 2323 7af84df988e9
child 2344 8370ecc93eec
permissions -rw-r--r--
Making aptitude forget changes.

.. -*- coding: utf-8; -*-

======
 Apt.
======
.. contents::
   :local:

Debian releases
===============

Workflow::

  experimental → unstable (sid) → testing → stable

Which package from witch release::

  $ aptitude search ~S~i~Astable
  $ aptitude search ~S~i~Atesting
  $ aptitude search ~S~i~Aunstable
  $ aptitude search ~S~i~Aexperimental

 * https://wiki.debian.org/DebianReleases
 * https://wiki.debian.org/DebianOldStable
 * https://wiki.debian.org/DebianStable
 * https://wiki.debian.org/DebianTesting
 * https://wiki.debian.org/DebianUnstable
 * https://wiki.debian.org/DebianExperimental

Conf files
==========

See man sources.list(5), apt.conf(5), apt_preferences(5).

``http://httpredir.debian.org/debian/`` used for automatic balancing to nearest
perository. Corresponding ``/etc/apt/sources.list`` may have::

  deb http://httpredir.debian.org/debian/  stable  main contrib non-free
  deb http://httpredir.debian.org/debian/  stable-backports  main contrib non-free
  deb http://httpredir.debian.org/debian/  unstable  main contrib non-free
  deb http://httpredir.debian.org/debian/  experimental  main contrib non-free
  deb http://httpredir.debian.org/debian/  testing  main contrib non-free
  deb http://httpredir.debian.org/debian/  testing  main contrib non-free

Security updates destributed via different URL (for ``oldstable``, ``stable``
and ``testing`` only, of cause there are no reason for ``sid`` or
``experimental``)::

  deb http://security.debian.org/  oldstable  main contrib non-free
  deb http://security.debian.org/  stable  main contrib non-free
  deb http://security.debian.org/  testing  main contrib non-free

Other useful repositories::

  deb http://www.deb-multimedia.org  testing  main non-free

https://wiki.debian.org/SourcesList
  About ``/etc/apt/sources.list``.
http://httpredir.debian.org/
  The redirector aims to solve the problem of choosing a Debian mirror.
https://www.debian.org/security/
  Keeping your Debian system secure.
https://wiki.debian.org/UnofficialRepositories
  List of useful unofficial repositories.
https://www.google.com/linuxrepositories/
  Links to Google repositories and verification key.

Enable/disable recommends and suggestions
=========================================

To disable installation of recommended packages (which is by default) create file
``/etc/apt/apt.conf.d/01no-recommends``::

  APT::Install-Recommends "0";
  APT::AutoRemove::RecommendsImportant "1";

  APT::Install-Suggests "0";

Alternatively pass corresponding option to installation utility to suppress installation of
recommended packages::

  apt --no-install-recommends
  aptitude --without-recommends
  aptitude -R

To install suggested packages::

  apt --install-suggests
  aptitude --install-suggests

Verify  settings::

  apt-config dump | fgrep -i recommend
  apt-config dump | fgrep -i suggest

Find nearest mirror
===================

Newer approach for selecting mirror is via DNS balancing from
``httpredir.debian.org``. Just use::

  deb http://httpredir.debian.org/debian/  stable  main contrib non-free

Older approach to select nearest mirrors is::

  $ sudo apt-get install netselect-apt
  $ netselect-apt stable
  $ netselect-apt testing
  $ netselect-apt unstable
  $ netselect-apt experimental
  $ netselect-apt sid

Check package versions and priority
===================================

``/etc/apt/preferences``::

  Package: *
  Pin: release a=stable
  Pin-Priority: 800

  Package: *
  Pin: release a=testing
  Pin-Priority: 900

  Package: *
  Pin: release a=unstable
  Pin-Priority: 700

  Package: *
  Pin: release a=experimental
  Pin-Priority: 600

Example that prevent installing ``*systemd*`` packages (priority strictly below
``0`` forbid package to be installed)::

  Package: systemd
  Pin: origin ""
  Pin-Priority: -1

  Package: *systemd*
  Pin: origin ""
  Pin-Priority: -1

Example that avoid installing packages from different distribution (priority
strictly below ``100`` cause a version to be installed only if there is no
installed version of the package), you should keep main distribution priority
above foreign distro priority::

  Package: *
  Pin: release a=testing
  Pin-Priority: 990

  Package: *
  Pin: release o=Kali
  Pin-Priority: 50

To discover package priority::

  bash# apt-cache madison emacs24
     emacs24 |   24.5+1-3 | http://ftp.us.debian.org/debian/ testing/main amd64 Packages
     emacs24 |   24.4+1-5 | http://http.kali.org/kali/ kali-current/main amd64 Packages
     emacs24 |   24.5+1-3 | http://ftp.us.debian.org/debian/ testing/main Sources

  bash# apt-cache policy emacs24
  emacs24:
    Installed: 24.5+1-3
    Candidate: 24.5+1-3
    Version table:
   *** 24.5+1-3 0
          990 http://ftp.us.debian.org/debian/ testing/main amd64 Packages
          100 /var/lib/dpkg/status
       24.4+1-5 0
           50 http://http.kali.org/kali/ kali-current/main amd64 Packages

  bash# aptitude versions emacs24
  Package emacs24:
  p   24.4+1-5                                      kali-current              50
  i   24.5+1-3                                      testing                   990

Setup backport.
===============

Main backports archive located at http://www.backports.org.

To get packeges gpg sign key::

  $ su
  ...
  $ wget -O - http://backports.org/debian/archive.key | apt-key add -
  $ ^D

Write where packeges places::

  $ cat /etc/apt/sources.list
  deb http://www.backports.org/debian/ etch-backports main contrib non-free

Importing package signing key.
==============================

Usualy you can safely update keyring via ``debian-keyring`` package because it
is signed by prevoius keyring::

  $ sudo apt-get install debian-keyring

Defferent 3rd party provide keys for download. If you trust key (or get it in a
trusted way) it is easy to import it::

  $ sudo apt-key add $FILE.pgp

Another way to resolve warning::

  $ sudo apt-get update
  ...
  W: There is no public key available for the following key IDs:
  9AA38DCD55BE302B
  W: GPG error: http://http.us.debian.org etch Release: The following signatures
  couldn't be verified because the public key is not available: NO_PUBKEY
  9AA38DCD55BE302B
  ...

is to use key servers directly::

  $ gpg --keyserver pgp.mit.edu --recv-key 9AA38DCD55BE302B \
  --keyserver-options http-proxy=http://user:pass@192.168.1.1:3128
  gpg: requesting key 55BE302B from hkp server pgp.mit.edu
  gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" imported
  gpg: no ultimately trusted keys found
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)

  $ gpg --export 9AA38DCD55BE302B | sudo apt-key add -
  OK

Install build dependency for package.
=====================================
::

  $ apt-get install build-essential    # install dev LIBC and GCC C/C++
  $ sudo apt-get build-dep $package

If all you want is checking what packages are needed to build a given package::

  $ apt-cache showsrc $package

or check 'Build-Depends' attribute in::

  $ apt-cache show $package

Delete config file for removed packages.
========================================

To get list of such packages use one of::

  $ aptitude search ~c
  $ grep-status -n -sPackage -FStatus config-files

To remove them::

  $ aptitude purge ~c

Delete obsolete packages.
=========================

To get list of such packages use::

  $ aptitude search ~o

To remove them::

  $ aptitude purge ~o

To remove packages that were automatically installed to satisfy dependencies and
are now no longer needed::

  $ sudo apt-get autoremove

Clean up packages cache.
========================

Remove everything from ``/var/cache/apt/archives/`` and
``/var/cache/apt/archives/partial/``::

  $ sudo apt-get clean

Removes package files that can no longer be downloaded, and are largely
useless::

  $ sudo apt-get autoclean

Check package files for modification.
=====================================
::

  $ sudo debsums --changed

Search for packages.
====================
::

  $ aptitude search '?tag(works-with::logfile)'

Show dependency graph.
======================
::

  $ apt-cache dotty $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

  $ sudo apt-get install debtree
  $ debtree $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

  $ sudo apt-get install apt-rdepends
  $ apt-rdepends $PKG
  $ apt-rdepends -r $PKG
  $ apt-rdepends -d $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg
  $ apt-rdepends -d -r $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

Simulation mode
===============

Simulation for ``apt-get`` and ``aptitude`` shows what happen without actually
modifying or installing any packages.

Simulate install or upgrade with ``-s`` key::

  $ sudo apt-get install -s xterm
  $ sudo aptitude install -s xterm
  $ sudo apt-get upgrade -s
  $ sudo aptitude upgrade -s

Making aptitude forget changes
==============================

Following removes or override (like "hold" status) ``aptitude`` package state DB::

  sudo rm /var/lib/aptitude/pkgstates
  sudo aptitude keep-all
tips