Difference between revisions of "Apt"

From wiki
(sudo)
(Remove aptitude config + better description)
Line 13: Line 13:
 
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
 
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
 
<syntaxhighlight lang="sources.list">
 
<syntaxhighlight lang="sources.list">
 +
# Standard Debian repository
 
deb http://httpredir.debian.org/debian jessie main contrib non-free
 
deb http://httpredir.debian.org/debian jessie main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie main contrib non-free
  
 +
# Security updates
 +
# No mirror is used here to avoid issues with propagation delay
 
deb http://security.debian.org/ jessie/updates main contrib non-free
 
deb http://security.debian.org/ jessie/updates main contrib non-free
 
deb-src http://security.debian.org/ jessie/updates main contrib non-free
 
deb-src http://security.debian.org/ jessie/updates main contrib non-free
  
 +
# stable-updates repo
 +
# Contain some package that are known to change frequently like antivirus or timezone data
 
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
 
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free
  
 +
# Backport repo
 +
# Contains packages from the next release that where modified to work on the current one
 +
# Note that security is not assured by security team so updates might be slower than for other packages
 
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
 
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free
 
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free
  
# testing
+
# Testing
 +
# For package that are not backported but where you want the new version
 +
# Be very careful when installing these as they might bring incompatibility with the rest of the system
 +
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
 
deb http://httpredir.debian.org/debian stretch main contrib non-free
 
deb http://httpredir.debian.org/debian stretch main contrib non-free
 
deb-src http://httpredir.debian.org/debian stretch main contrib non-free
 
deb-src http://httpredir.debian.org/debian stretch main contrib non-free
Line 33: Line 44:
 
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.
 
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.
 
<syntaxhighlight lang="properties">
 
<syntaxhighlight lang="properties">
 +
# Select the default release. Check /etc/apt/preference for more flexibility
 +
# Only needed when non-standard sources are present like backport or testing
 
APT::Default-Release "jessie";
 
APT::Default-Release "jessie";
  
 +
# When adding new sources in sources.list, you can hit the APT cache limit
 +
# This line increases its size
 
APT::Cache-Limit "100000000";
 
APT::Cache-Limit "100000000";
 
aptitude "";
 
aptitude::Keep-Unused-Pattern "";
 
aptitude::Delete-Unused-Pattern "";
 
aptitude::UI "";
 
aptitude::UI::Menubar-Autohide "true";
 
aptitude::UI::Minibuf-Download-Bar "false";
 
aptitude::UI::InfoAreaTabs "true";
 
aptitude::UI::Package-Header-Format "%N %n #%B %u %o";
 
aptitude::UI::Package-Status-Format "%d #%D %I";
 
aptitude::UI::Package-Display-Format "%c%a%M%S %p #%t %Z %r %D %v %V";
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  

Revision as of 08:18, 2 January 2017

Configure

HTTPS

By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.

$ sudo apt install apt-transport-https

sources.list

Here is the /etc/apt/sources.list for a Debian Jessie distribution.

The file is referencing versions names instead of the stable and testing aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.

# Standard Debian repository
deb http://httpredir.debian.org/debian jessie main contrib non-free
deb-src http://httpredir.debian.org/debian jessie main contrib non-free

# Security updates
# No mirror is used here to avoid issues with propagation delay
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

# stable-updates repo
# Contain some package that are known to change frequently like antivirus or timezone data
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free

# Backport repo
# Contains packages from the next release that where modified to work on the current one
# Note that security is not assured by security team so updates might be slower than for other packages
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free

# Testing
# For package that are not backported but where you want the new version
# Be very careful when installing these as they might bring incompatibility with the rest of the system
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb http://httpredir.debian.org/debian stretch main contrib non-free
deb-src http://httpredir.debian.org/debian stretch main contrib non-free

apt.conf

The file /etc/apt/apt.conf stores settings of apt. You can create the file if it doesn't exist.

# Select the default release. Check /etc/apt/preference for more flexibility
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "jessie";

# When adding new sources in sources.list, you can hit the APT cache limit
# This line increases its size
APT::Cache-Limit "100000000";

Pinning

Setup

Create file /etc/apt/preferences

Explanation: This priority correspond to the default set by "APT::Default-Release"
Explanation: We make it explicit
Package: *
Pin: release o=Debian, n=jessie
Pin-Priority: 990

Explanation: Assign the same priority than stable release so these are picked if they are newer
Package: *
Pin: release o=Debian, n=jessie-updates
Pin-Priority: 990

Explanation: Lower than stable as we don't want them installed by default.
Explanation: Higher than testing, we prefer to install from backports than testing.
Package: *
Pin: release o=Debian Backports, n=jessie-backports
Pin-Priority: 900


Explanation: Lower than others
Explanation: Higher than 500 so it's still preferred over external sources
Package: *
Pin: release o=Debian, n=stretch
Pin-Priority: 700

Debugging

By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, apt-cache can help us with that.

$ apt-cache policy | grep -Ev Translation-..$
Package files:
 100 /var/lib/dpkg/status
     release a=now
 700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=main
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
     origin httpredir.debian.org
 990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/main amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
     origin security.debian.org
 990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
     origin httpredir.debian.org
Pinned packages:
$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: 4.3+70~bpo8+1
  Candidate: 4.3+70~bpo8+1
  Version table:
     4.3+70 0
        700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
 *** 4.3+70~bpo8+1 0
        900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16+63 0
        990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages

Tools

needrestart

After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.

It will also warn you in case the system need to be restarted.

$ sudo apt install needrestart

reboot-notifier

Sends you a daily email in case your server need to be restarted

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install  reboot-notifier

You can configure the destination email address in /etc/default/reboot-notifier.

apt-listchanges

Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.

$ sudo apt install apt-listchanges

apticron

Apticron will check for updates and send you emails with changelogs

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install apticron

To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings

EMAIL="youremail@example.org"
NOTIFY_HOLDS="0"
NOTIFY_NEW="0"