Monday, February 25, 2008

APT HOWTO

Introduction


A new dilemma quickly took hold of the minds of the makers of GNU/Linux. They needed a rapid, practical, and efficient way to install packages that would manage dependencies automatically and take care of their configuration files while upgrading. Here again, Debian led the way and gave birth to APT, the Advanced Packaging Tool, which has since been ported by Conectiva for use with rpm and has been adopted by some other distributions.

2.1 The /etc/apt/sources.list file


As part of its operation, APT uses a file that lists the 'sources' from which packages can be obtained. This file is /etc/apt/sources.list.

The entries in this file normally follow this format:

     deb http://host/debian distribution section1 section2 section3

deb-src http://host/debian distribution section1 section2 section3

Of course, the above entries are fictitious and should not be used. The first word on each line, deb or deb-src, indicates the type of archive: whether it contains binary packages (deb), that is, the pre-compiled packages that we normally use, or source packages (deb-src), which are the original program sources plus the Debian control file (.dsc) and the diff.gz containing the changes needed for `debianizing' the program.

We usually find the following in the default Debian sources.list:

     # See sources.list(5) for more information, especially

# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free

These are the lines needed by a basic Debian install. The first deb line points to the official archive, the second to the non-US archive and the third to the archive of Debian security updates.

The two last lines are commented out (with a `#' in front), so apt-get will ignore them. These are deb-src lines, that is, they point to Debian source packages. If you often download program sources for testing or recompiling, uncomment them.

The /etc/apt/sources.list file can contain several types of lines. APT knows how to deal with archives of types http, ftp, file (local files, e.g., a directory containing a mounted ISO9660 filesystem) and ssh, that I know of.

Do not forget to run apt-get update after modifying the /etc/apt/sources.list file. You must do this to let APT obtain the package lists from the sources you specified.


2.2 How to use APT locally

Sometimes you have lots of packages .deb that you would like to use APT to install so that the dependencies would be automatically solved.

To do that create a directory and put the .debs you want to index in it . For example:

     # mkdir /root/debs

You may modify the definitions set on the package's control file directly for your repository using an override file. Inside this file you may want to define some options to override the ones that come with the package. It looks like follows:

     package priority section

package is the name of the package, priority is low, medium or high and section is the section to which it belongs. The file name does not matter, you'll have to pass it as an argument for dpkg-scanpackages later. If you do not want to write an override file, just use /dev/null. when calling dpkg-scanpackages.

Still in the /root directory do:

     # dpkg-scanpackages debs file | gzip > debs/Packages.gz

In the above line, file is the override file, the command generates a file Packages.gz that contains various information about the packages, which are used by APT. To use the packages, finally, add:

     deb file:/root debs/

After that just use the APT commands as usual. You may also generate a sources repository. To do that use the same procedure, but remember that you need to have the files .orig.tar.gz, .dsc and .diff.gz in the directory and you have to use Sources.gz instead of Packages.gz. The program used is also different. It is dpkg-scansources. The command line will look like this:

     # dpkg-scansources debs | gzip > debs/Sources.gz

Notice that dpkg-scansources doesn't need an override file. The sources.list's line is:

     deb-src file:/root debs/


2.3 Deciding which mirror is the best to include in the sources.list file: netselect, netselect-apt

A very frequent doubt, mainly among the newest users is: "which Debian mirror to include in sources.list?". There are many ways to decide which mirror. The experts probably have a script that measures the ping time through the several mirrors. But there's a program that does this for us: netselect.

To install netselect, as usual:

# apt-get install netselect

Executing it without parameters shows the help. Executing it with a space-separated list of hosts (mirrors), it will return a score and one of the hosts. This score takes in consideration the estimated ping time and the hops (hosts by which a network query will pass by to reach the destination) number and is inversely proportional to the estimated download speed (so, the lower, the better). The returned host is the one that had the lowest score (the full list of scores can be seen adding the -vv option). See this example:

# netselect ftp.debian.org http.us.debian.org ftp.at.debian.org download.unesp.br ftp.debian.org.br 365 ftp.debian.org.br #

This means that, from the mirrors included as parameters to netselect, ftp.debian.org.br was the best, with an score of 365. (Attention!! As it was done on my computer and the network topography is extremely different depending on the contact point, this value is not necessarily the right speed in other computers).

Now, just put the fastest mirror found by netselect in the /etc/apt/sources.list file (see The /etc/apt/sources.list file, Section 2.1) and follow the tips in Managing packages, Chapter 3.

Note: the list of mirrors may always be found in the file http://www.debian.org/mirror/mirrors_full.

Beginning with the 0.3.ds1 version, the netselect source package includes the netselect-apt binary package, which makes the process above automatic. Just enter the distribution tree as parameter (the default is stable) and the sources.list file will be generated with the best main and non-US mirrors and will be saved under the current directory. The following example generates a sources.list of the stable distribution:

# ls sources.list ls: sources.list: File or directory not found # netselect-apt stable (...) # ls -l sources.list sources.list #

Remember: the sources.list file is generated under the current directory, and must be moved to the /etc/apt directory.


2.4 Adding a CD-ROM to the sources.list file

If you'd rather use your CD-ROM for installing packages or updating your system automatically with APT, you can put it in your sources.list. To do so, you can use the apt-cdrom program like this:

     # apt-cdrom add

with the Debian CD-ROM in the drive. It will mount the CD-ROM, and if it's a valid Debian CD it will look for package information on the disk. If your CD-ROM configuration is a little unusual, you can also use the following options:

     -h           - program help

-d directory - CD-ROM mount point
-r - Rename a recognized CD-ROM
-m - No mounting
-f - Fast mode, don't check package files
-a - Thorough scan mode

For example:

     # apt-cdrom -d /home/kov/mycdrom add

You can also identify a CD-ROM, without adding it to your list:

     # apt-cdrom ident

Note that this program only works if your CD-ROM is properly configured in your system's /etc/fstab.

Managing packages

3.1 Updating the list of available packages

The packaging system uses a private database to keep track of which packages are installed, which are not installed and which are available for installation. The apt-get program uses this database to find out how to install packages requested by the user and to find out which additional packages are needed in order for a selected package to work properly.

To update this list, you would use the command apt-get update. This command looks for the package lists in the archives found in /etc/apt/sources.list; see The /etc/apt/sources.list file, Section 2.1 for more information about this file.

It's a good idea to run this command regularly to keep yourself and your system informed about possible package updates, particularly security updates.

3.2 Installing packages

Finally, the process you've all been waiting for! With your sources.list ready and your list of available packages up to date, all you have to do is run apt-get to get your desired package installed. For example, you can run:

     # apt-get install xchat

APT will search it's database for the most recent version of this package and will retrieve it from the corresponding archive as specified in sources.list. In the event that this package depends on another -- as is the case here -- APT will check the dependencies and install the needed packages. See this example:

     # apt-get install nautilus

Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
bonobo libmedusa0 libnautilus0
The following NEW packages will be installed:
bonobo libmedusa0 libnautilus0 nautilus
0 packages upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
Need to get 8329kB of archives. After unpacking 17.2MB will be used.
Do you want to continue? [Y/n]

The package nautilus depends on the shared libraries cited, therefore APT will get them from the archive. If you had specified the names of these libraries on the apt-get command line, APT would not have asked if you wanted to continue; it would automatically accept that you wanted to install all of those packages.

This means that APT only asks for confirmation when it needs to install packages which weren't specified on the command line.

The following options to apt-get may be useful:

     -h  This help text.

-d Download only - do NOT install or unpack archives
-f Attempt to continue if the integrity check fails
-s No-act. Perform ordering simulation
-y Assume Yes to all queries and do not prompt
-u Show a list of upgraded packages as well

Multiple packages may be selected for installation in one line. Files downloaded from the network are placed in the directory /var/cache/apt/archives for later installation.

You can specify packages to be removed on the same command line, as well. Just put a '-' immediately after the name of the package to be removed, like this:

     # apt-get install nautilus gnome-panel-      

Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
bonobo libmedusa0 libnautilus0
The following packages will be REMOVED:
gnome-applets gnome-panel gnome-panel-data gnome-session
The following NEW packages will be installed:
bonobo libmedusa0 libnautilus0 nautilus
0 packages upgraded, 4 newly installed, 4 to remove and 1 not upgraded.
Need to get 8329kB of archives. After unpacking 2594kB will be used.
Do you want to continue? [Y/n]

See section Removing packages, Section 3.3 for more details on package removal.

If you somehow damage an installed package, or simply want the files of a package to be reinstalled with the newest version that is available, you can use the --reinstall option like so:

     # apt-get --reinstall install gdm

Reading Package Lists... Done
Building Dependency Tree... Done
0 packages upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not upgraded.
Need to get 0B/182kB of archives. After unpacking 0B will be used.
Do you want to continue? [Y/n]

3.3 Removing packages

If you no longer want to use a package, you can remove it from your system using APT. To do this just type: apt-get remove package. For example:

     # apt-get remove gnome-panel

Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
gnome-applets gnome-panel gnome-panel-data gnome-session
0 packages upgraded, 0 newly installed, 4 to remove and 1 not upgraded.
Need to get 0B of archives. After unpacking 14.6MB will be freed.
Do you want to continue? [Y/n]

As you can see in the above example, APT also takes care of removing packages which depend on the package you have asked to remove. There is no way to remove a package using APT without also removing those packages that depend on it.

Running apt-get as above will cause the packages to be removed but their configuration files, if any, will remain intact on the system. For a complete removal of the package, run:

     # apt-get --purge remove gnome-panel

Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
gnome-applets* gnome-panel* gnome-panel-data* gnome-session*
0 packages upgraded, 0 newly installed, 4 to remove and 1 not upgraded.
Need to get 0B of archives. After unpacking 14.6MB will be freed.
Do you want to continue? [Y/n]

Note the '*' after the names. This indicates that the configuration files for each of these packages will also be removed.

Just as in the case of the install method, you can use a symbol with remove to invert the meaning for a particular package. In the case of removing, if you add a '+' right after the package name, the package will be installed instead of being removed.

     # apt-get --purge remove gnome-panel nautilus+

Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
bonobo libmedusa0 libnautilus0 nautilus
The following packages will be REMOVED:
gnome-applets* gnome-panel* gnome-panel-data* gnome-session*
The following NEW packages will be installed:
bonobo libmedusa0 libnautilus0 nautilus
0 packages upgraded, 4 newly installed, 4 to remove and 1 not upgraded.
Need to get 8329kB of archives. After unpacking 2594kB will be used.
Do you want to continue? [Y/n]

Note that apt-get lists the extra packages which will be installed (that is, the packages whose installation is needed for the proper functioning of the package whose installation has been requested), those which will be removed, and those which will be installed (including the extra packages again).

3.4 Upgrading packages

Package upgrades are a great success of the APT system. They can be achieved with a single command: apt-get upgrade. You can use this command to upgrade packages within the same distribution, as well as to upgrade to a new distribution, although for the latter the command apt-get dist-upgrade is preferred; see section Upgrading to a new release, Section 3.5 for more details.

It's useful to run this command with the -u option. This option causes APT to show the complete list of packages which will be upgraded. Without it, you'll be upgrading blindly. APT will download the latest versions of each package and will install them in the proper order. It's important to always run apt-get update before you try this. See section Updating the list of available packages, Section 3.1. Look at this example:

     # apt-get -u upgrade

Reading Package Lists... Done
Building Dependency Tree... Done
The following packages have been kept back
cpp gcc lilo
The following packages will be upgraded
adduser ae apt autoconf debhelper dpkg-dev esound esound-common ftp indent
ipchains isapnptools libaudiofile-dev libaudiofile0 libesd0 libesd0-dev
libgtk1.2 libgtk1.2-dev liblockfile1 libnewt0 liborbit-dev liborbit0
libstdc++2.10-glibc2.2 libtiff3g libtiff3g-dev modconf orbit procps psmisc
29 packages upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 5055B/5055kB of archives. After unpacking 1161kB will be used.
Do you want to continue? [Y/n]

The process is very simple. Note that in the first few lines, apt-get says that some packages were kept back. This means that there are new versions of these packages which will not be installed for some reason. Possible reasons are broken dependencies (a package on which it depends doesn't have a version available for download) or new dependencies (the package has come to depend on new packages since the last version).

3.5 Upgrading to a new release

This feature of APT allows you to upgrade an entire Debian system at once, either through the Internet or from a new CD (purchased or downloaded as an ISO image).

It is also used when changes are made to the relationships between installed packages. With apt-get upgrade, these packages would be kept untouched (kept back).

For example, suppose that you're using revision 0 of the stable version of Debian and you buy a CD with revision 3. You can use APT to upgrade your system from this new CD. To do this, use apt-cdrom (see section Adding a CD-ROM to the sources.list file, Section 2.4) to add the CD to your /etc/apt/sources.list and run apt-get dist-upgrade.

It's important to note that APT always looks for the most recent versions of packages. Therefore, if your /etc/apt/sources.list were to list an archive that had a more recent version of a package than the version on the CD, APT would download the package from there.

In the example shown in section Upgrading packages, Section 3.4, we saw that some packages were kept back. We'll solve this problem now with the dist-upgrade method:

     # apt-get -u dist-upgrade

Reading Package Lists... Done
Building Dependency Tree... Done
Calculating Upgrade... Done
The following NEW packages will be installed:
cpp-2.95 cron exim gcc-2.95 libident libopenldap-runtime libopenldap1
libpcre2 logrotate mailx
The following packages have been kept back
lilo
The following packages will be upgraded
adduser ae apt autoconf cpp debhelper dpkg-dev esound esound-common ftp gcc
indent ipchains isapnptools libaudiofile-dev libaudiofile0 libesd0
libesd0-dev libgtk1.2 libgtk1.2-dev liblockfile1 libnewt0 liborbit-dev
liborbit0 libstdc++2.10-glibc2.2 libtiff3g libtiff3g-dev modconf orbit
procps psmisc
31 packages upgraded, 10 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B/7098kB of archives. After unpacking 3118kB will be used.
Do you want to continue? [Y/n]

Note now that the packages will be upgraded, and new packages will also be installed (the new dependencies of the packages). Note too that lilo is still being kept back. It probably has a more serious problem than a new dependency. We can find out by running:

     # apt-get -u install lilo

Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
cron debconf exim libident libopenldap-runtime libopenldap1 libpcre2
logrotate mailx
The following packages will be REMOVED:
debconf-tiny
The following NEW packages will be installed:
cron debconf exim libident libopenldap-runtime libopenldap1 libpcre2
logrotate mailx
The following packages will be upgraded
lilo
1 packages upgraded, 9 newly installed, 1 to remove and 31 not upgraded.
Need to get 225kB/1179kB of archives. After unpacking 2659kB will be used.
Do you want to continue? [Y/n]

As noted in the above, lilo has a new conflict with the package debconf-tiny, which means it couldn't be installed (or upgraded) without removing debconf-tiny.

To know what's keeping or removing a package you may use:

     # apt-get -o Debug::pkgProblemResolver=yes dist-upgrade

Reading Package Lists... Done
Building Dependency Tree... Done
Calculating Upgrade... Starting
Starting 2
Investigating python1.5
Package python1.5 has broken dep on python1.5-base
Considering python1.5-base 0 as a solution to python1.5 0
Holding Back python1.5 rather than change python1.5-base
Investigating python1.5-dev
Package python1.5-dev has broken dep on python1.5
Considering python1.5 0 as a solution to python1.5-dev 0
Holding Back python1.5-dev rather than change python1.5
Try to Re-Instate python1.5-dev
Done
Done
The following packages have been kept back
gs python1.5-dev
0 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

This way, it's easy to notice that the python1.5-dev package cannot be installed because of an unsatisfied dependency: python1.5.

3.6 Removing unused package files: apt-get clean and autoclean

When you install a package APT retrieves the needed files from the hosts listed in /etc/apt/sources.list, stores them in a local repository (/var/cache/apt/archives/), and then proceeds with installation, see Installing packages, Section 3.2.

In time the local repository can grow and occupy a lot of disk space. Fortunately, APT provides tools for managing its local repository: apt-get's clean and autoclean methods.

apt-get clean removes everything except lock files from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/. Thus, if you need to reinstall a package APT should retrieve it again.

apt-get autoclean removes only package files that can no longer be downloaded.

The following example show how apt-get autoclean works:

     # ls /var/cache/apt/archives/logrotate* /var/cache/apt/archives/gpm*

logrotate_3.5.9-7_i386.deb
logrotate_3.5.9-8_i386.deb
gpm_1.19.6-11_i386.deb

In /var/cache/apt/archives there are two files for the package logrotate and one for the package gpm.

     # apt-show-versions -p logrotate

logrotate/stable uptodate 3.5.9-8
# apt-show-versions -p gpm
gpm/stable upgradeable from 1.19.6-11 to 1.19.6-12

apt-show-versions shows that logrotate_3.5.9-8_i386.deb provides the up to date version of logrotate, so logrotate_3.5.9-7_i386.deb is useless. Also gpm_1.19.6-11_i386.deb is useless because a more recent version of the package can be retrieved.

     # apt-get autoclean

Reading Package Lists... Done
Building Dependency Tree... Done
Del gpm 1.19.6-11 [145kB]
Del logrotate 3.5.9-7 [26.5kB]

Finally, apt-get autoclean removes only the old files. See How to upgrade packages from specific versions of Debian, Section 3.9 for more information on apt-show-versions.

3.7 Using APT with dselect

dselect is a program that helps users select Debian packages for installation. It's considered somewhat complicated and rather boring, but with practice you can get the hang of its console-based ncurses interface.

One feature of dselect is that it knows how to make use of the capacity Debian packages have for "recommending" and "suggesting" other packages for installation. To use the program, run `dselect' as root. Choose 'apt' as your access method. This isn't truly necessary, but if you're not using a CD ROM and you want to download packages from the Internet, it's the best way to use dselect.

To gain a better understanding of dselect's usage, read the dselect documentation found on the Debian page http://www.debian.org/doc/ddp.

After making your selections with dselect, use:

     # apt-get -u dselect-upgrade

as in the example below:

     # apt-get -u dselect-upgrade

Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
lbxproxy
The following NEW packages will be installed:
bonobo console-tools-libs cpp-3.0 enscript expat fingerd gcc-3.0
gcc-3.0-base icepref klogd libdigest-md5-perl libfnlib0 libft-perl
libgc5-dev libgcc300 libhtml-clean-perl libltdl0-dev libsasl-modules
libstdc++3.0 metamail nethack proftpd-doc psfontmgr python-newt talk tidy
util-linux-locales vacation xbill xplanet-images
The following packages will be upgraded
debian-policy
1 packages upgraded, 30 newly installed, 1 to remove and 0 not upgraded.
Need to get 7140kB of archives. After unpacking 16.3MB will be used.
Do you want to continue? [Y/n]

Compare with what we see when running apt-get dist-upgrade on the same system:

     # apt-get -u dist-upgrade  

Reading Package Lists... Done
Building Dependency Tree... Done
Calculating Upgrade... Done
The following packages will be upgraded
debian-policy
1 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 421kB of archives. After unpacking 25.6kB will be freed.
Do you want to continue? [Y/n]

Note that many of the packages from above are being installed because other packages "suggested" or "recommended" them. Others are being installed or removed (in the case of lbxproxy, for example) per the choices we made while navigating through dselect's package listing. Dselect can be a powerful tool when used in conjunction with APT.

3.9 How to upgrade packages from specific versions of Debian

apt-show-versions provides a safe way for users of mixed distributions to upgrade their systems without getting more of the less-stable distribution than they had in mind. For instance, it is possible to upgrade just your unstable packages by running after having installed the apt-show-versions package:

     # apt-get install `apt-show-versions -u -b | grep unstable | cut -d ' ' -f 

3.10 How to keep specific versions of packages installed (complex)

You may have occasion to modify something in a package and don't have time or don't want to port those changes to a new version of the program. Or, for instance, you may have just upgraded your Debian distribution to 3.0, but want to continue with the version of a certain package from Debian 2.2. You can "pin" the version you have installed so that it will not be upgraded.

Using this resource is simple. You just need to edit the file /etc/apt/preferences.

The format is simple:

     Package: 

Pin:
Pin-Priority:

Each entry must be separated from any other entries by a blank line. For example, to keep package sylpheed that I have modified to use "reply-to-list" at version 0.4.99, I add:

     Package: sylpheed

Pin: version 0.4.99*

Note that I used an * (asterisk). This is a "wildcard"; it say that I want that this "pin" to be valid for all versions beginning with 0.4.99. This is because Debian versions its packages with a "Debian revision" and I don't want to avoid the installation of these revisions. So, for instance, versions 0.4.99-1 and 0.4.99-10 will be installed as soon as they are made available. Note that if you modified the package you won't want to do things this way.

The pin priority helps determine whether a package matching the "Packages:" and "Pin:" lines will be installed, with higher priorities making it more likely that a matching package will be installed. You can read apt_preferences(7) for a thorough discussion of priorities, but a few examples should give the basic idea. The following describes the effect of setting the priority field to different values in the sylpheed example above.

1001
Sylpheed version 0.4.99 will never be replaced by apt. If available, apt will install version 0.4.99 even if it would replace an installed package with a higher version. Only packages of priority greater than 1000 will ever downgrade an existing package.
1000
The effect is the same as priority 1001, except that apt will refuse to downgrade an installed version to 0.4.99
990
Version 0.4.99 will be replaced only by a higher version available from a release designated as preferred using the "APT::Default-Release" variable (see How to keep a mixed system, Section 3.8, above).
500
Any version higher than 0.4.99 of sylpheed which is available from any release will take preference over version 0.4.99, but 0.4.99 will still be preferred to a lower version.
100
Higher versions of sylpheed available from any release will take preference over version 0.4.99, as will any installed higher version of slypheed; so 0.4.99 will be installed only if no version is installed already. This is the priority of installed packages.
-1
Negative priorities are allowed as well, and prevent 0.4.99 from ever being installed.

A pin can be specified on a package's version, release or origin.

Pinning on a version, as we have seen, supports literal version numbers as well as wildcards to specify several versions at one time.

Option release depends on the Release file from an APT repository or from a CD. This option may be of no use at all if you're using package repositories that don't provide this file. You may see the contents of the Release files that you have on /var/lib/apt/lists/. The parameters for a release are: a (archive), c (components), v (version), o (origin) and l (label).

An example:

     Package: *

Pin: release v=2.2*,a=stable,c=main,o=Debian,l=Debian
Pin-Priority: 1001

In this example, we chose version 2.2* of Debian (which can be 2.2r2, 2.2r3 -- this accommodates "point releases" that typically include security fixes and other very important updates), the stable repository, section main (as opposed to contrib or non-free) and origin and label Debian. Origin (o=) defines who produced that Release file, the label (l=) defines the name of the distribution: Debian for Debian itself and Progeny for Progeny, for example. A sample Release file:

     $ cat /var/lib/apt/lists/ftp.debian.org.br_debian_dists_potato_main_binary-i386_Release

Archive: stable
Version: 2.2r3
Component: main
Origin: Debian
Label: Debian
Architecture: i386

2 comments:

DARG said...
This comment has been removed by the author.
DARG said...

Sorry for commenting again - don't know how to edit previous comment. Anyway Rakesh, maybe one of these days you could write something about debian security - maybe about rkhunter or so? AFAIK nobody has written about them yet. I've been having problems lately with my username passwd changing on its own!