Difference between revisions of "Apt"
From wiki
(Remove aptitude config + better description) |
(Stretch) |
||
| Line 14: | Line 14: | ||
<syntaxhighlight lang="sources.list"> | <syntaxhighlight lang="sources.list"> | ||
# Standard Debian repository | # Standard Debian repository | ||
| − | deb | + | deb https://deb.debian.org/debian stretch main contrib non-free |
| − | deb-src | + | deb-src https://deb.debian.org/debian stretch main contrib non-free |
# Security updates | # Security updates | ||
# No mirror is used here to avoid issues with propagation delay | # No mirror is used here to avoid issues with propagation delay | ||
| − | deb | + | deb https://security.debian.org/ stretch/updates main contrib non-free |
| − | deb-src | + | deb-src https://security.debian.org/ stretch/updates main contrib non-free |
# stable-updates repo | # stable-updates repo | ||
# Contain some package that are known to change frequently like antivirus or timezone data | # Contain some package that are known to change frequently like antivirus or timezone data | ||
| − | deb | + | deb https://deb.debian.org/debian stretch-updates main contrib non-free |
| − | deb-src | + | deb-src https://deb.debian.org/debian stretch-updates main contrib non-free |
# Backport repo | # Backport repo | ||
# Contains packages from the next release that where modified to work on the current one | # Contains packages from the next release that where modified to work on the current one | ||
# Note that security is not assured by security team so updates might be slower than for other packages | # Note that security is not assured by security team so updates might be slower than for other packages | ||
| − | deb | + | deb https://deb.debian.org/debian stretch-backports main contrib non-free |
| − | deb-src | + | deb-src https://deb.debian.org/debian stretch-backports main contrib non-free |
# Testing | # Testing | ||
| Line 37: | Line 37: | ||
# Be very careful when installing these as they might bring incompatibility with the rest of the system | # Be very careful when installing these as they might bring incompatibility with the rest of the system | ||
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations | # Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations | ||
| − | deb | + | deb https://deb.debian.org/debian buster main contrib non-free |
| − | deb-src | + | deb-src https://deb.debian.org/debian buster main contrib non-free |
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 46: | Line 46: | ||
# Select the default release. Check /etc/apt/preference for more flexibility | # Select the default release. Check /etc/apt/preference for more flexibility | ||
# Only needed when non-standard sources are present like backport or testing | # Only needed when non-standard sources are present like backport or testing | ||
| − | APT::Default-Release " | + | APT::Default-Release "stretch"; |
# When adding new sources in sources.list, you can hit the APT cache limit | # When adding new sources in sources.list, you can hit the APT cache limit | ||
| Line 61: | Line 61: | ||
Explanation: We make it explicit | Explanation: We make it explicit | ||
Package: * | Package: * | ||
| − | Pin: release o=Debian, n= | + | Pin: release o=Debian, n=stretch |
Pin-Priority: 990 | Pin-Priority: 990 | ||
Explanation: Assign the same priority than stable release so these are picked if they are newer | Explanation: Assign the same priority than stable release so these are picked if they are newer | ||
Package: * | Package: * | ||
| − | Pin: release o=Debian, n= | + | Pin: release o=Debian, n=stretch-updates |
Pin-Priority: 990 | Pin-Priority: 990 | ||
| Line 72: | Line 72: | ||
Explanation: Higher than testing, we prefer to install from backports than testing. | Explanation: Higher than testing, we prefer to install from backports than testing. | ||
Package: * | Package: * | ||
| − | Pin: release o=Debian Backports, n= | + | Pin: release o=Debian Backports, n=stretch-backports |
Pin-Priority: 900 | Pin-Priority: 900 | ||
| Line 79: | Line 79: | ||
Explanation: Higher than 500 so it's still preferred over external sources | Explanation: Higher than 500 so it's still preferred over external sources | ||
Package: * | Package: * | ||
| − | Pin: release o=Debian, n= | + | Pin: release o=Debian, n=buster |
Pin-Priority: 700 | Pin-Priority: 700 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 10:41, 24 June 2017
Configure
HTTPS
By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.
$ sudo apt install apt-transport-https
sources.list
Here is the /etc/apt/sources.list for a Debian Jessie distribution.
The file is referencing versions names instead of the stable and testing aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
# Standard Debian repository
deb https://deb.debian.org/debian stretch main contrib non-free
deb-src https://deb.debian.org/debian stretch main contrib non-free
# Security updates
# No mirror is used here to avoid issues with propagation delay
deb https://security.debian.org/ stretch/updates main contrib non-free
deb-src https://security.debian.org/ stretch/updates main contrib non-free
# stable-updates repo
# Contain some package that are known to change frequently like antivirus or timezone data
deb https://deb.debian.org/debian stretch-updates main contrib non-free
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free
# Backport repo
# Contains packages from the next release that where modified to work on the current one
# Note that security is not assured by security team so updates might be slower than for other packages
deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free
# Testing
# For package that are not backported but where you want the new version
# Be very careful when installing these as they might bring incompatibility with the rest of the system
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb https://deb.debian.org/debian buster main contrib non-free
deb-src https://deb.debian.org/debian buster main contrib non-free
apt.conf
The file /etc/apt/apt.conf stores settings of apt. You can create the file if it doesn't exist.
# Select the default release. Check /etc/apt/preference for more flexibility
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "stretch";
# When adding new sources in sources.list, you can hit the APT cache limit
# This line increases its size
APT::Cache-Limit "100000000";
Pinning
Setup
Create file /etc/apt/preferences
Explanation: This priority correspond to the default set by "APT::Default-Release"
Explanation: We make it explicit
Package: *
Pin: release o=Debian, n=stretch
Pin-Priority: 990
Explanation: Assign the same priority than stable release so these are picked if they are newer
Package: *
Pin: release o=Debian, n=stretch-updates
Pin-Priority: 990
Explanation: Lower than stable as we don't want them installed by default.
Explanation: Higher than testing, we prefer to install from backports than testing.
Package: *
Pin: release o=Debian Backports, n=stretch-backports
Pin-Priority: 900
Explanation: Lower than others
Explanation: Higher than 500 so it's still preferred over external sources
Package: *
Pin: release o=Debian, n=buster
Pin-Priority: 700
Debugging
By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, apt-cache can help us with that.
$ apt-cache policy | grep -Ev Translation-..$
Package files:
100 /var/lib/dpkg/status
release a=now
700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
origin httpredir.debian.org
700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
origin httpredir.debian.org
700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
release o=Debian,a=testing,n=stretch,l=Debian,c=main
origin httpredir.debian.org
900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
origin httpredir.debian.org
900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
origin httpredir.debian.org
900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
origin httpredir.debian.org
990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
origin httpredir.debian.org
990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
origin httpredir.debian.org
990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
origin httpredir.debian.org
990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
origin security.debian.org
990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
origin security.debian.org
990 http://security.debian.org/ jessie/updates/main amd64 Packages
release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
origin security.debian.org
990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
origin httpredir.debian.org
990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
origin httpredir.debian.org
990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
origin httpredir.debian.org
Pinned packages:
$ apt-cache policy linux-image-amd64
linux-image-amd64:
Installed: 4.3+70~bpo8+1
Candidate: 4.3+70~bpo8+1
Version table:
4.3+70 0
700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
*** 4.3+70~bpo8+1 0
900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
100 /var/lib/dpkg/status
3.16+63 0
990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
Tools
needrestart
After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.
It will also warn you in case the system need to be restarted.
$ sudo apt install needrestart
reboot-notifier
Sends you a daily email in case your server need to be restarted
Important: Your server needs be able to send Emails before you install this.
$ sudo apt install reboot-notifier
You can configure the destination email address in /etc/default/reboot-notifier.
apt-listchanges
Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.
$ sudo apt install apt-listchanges
apticron
Apticron will check for updates and send you emails with changelogs
Important: Your server needs be able to send Emails before you install this.
$ sudo apt install apticron
To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings
EMAIL="youremail@example.org"
NOTIFY_HOLDS="0"
NOTIFY_NEW="0"
