Difference between revisions of "Apt"

From wiki
(Remove aptitude config + better description)
(Stretch)
Line 14: Line 14:
 
<syntaxhighlight lang="sources.list">
 
<syntaxhighlight lang="sources.list">
 
# Standard Debian repository
 
# Standard Debian repository
deb http://httpredir.debian.org/debian jessie main contrib non-free
+
deb https://deb.debian.org/debian stretch main contrib non-free
deb-src http://httpredir.debian.org/debian jessie main contrib non-free
+
deb-src https://deb.debian.org/debian stretch main contrib non-free
  
 
# Security updates
 
# Security updates
 
# No mirror is used here to avoid issues with propagation delay
 
# No mirror is used here to avoid issues with propagation delay
deb http://security.debian.org/ jessie/updates main contrib non-free
+
deb https://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
+
deb-src https://security.debian.org/ stretch/updates main contrib non-free
  
 
# stable-updates repo
 
# stable-updates repo
 
# Contain some package that are known to change frequently like antivirus or timezone data
 
# Contain some package that are known to change frequently like antivirus or timezone data
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
deb https://deb.debian.org/debian stretch-updates main contrib non-free
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free
  
 
# Backport repo
 
# Backport repo
 
# Contains packages from the next release that where modified to work on the current one
 
# Contains packages from the next release that where modified to work on the current one
 
# Note that security is not assured by security team so updates might be slower than for other packages
 
# Note that security is not assured by security team so updates might be slower than for other packages
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free
  
 
# Testing
 
# Testing
Line 37: Line 37:
 
# Be very careful when installing these as they might bring incompatibility with the rest of the system
 
# Be very careful when installing these as they might bring incompatibility with the rest of the system
 
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
 
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb http://httpredir.debian.org/debian stretch main contrib non-free
+
deb https://deb.debian.org/debian buster main contrib non-free
deb-src http://httpredir.debian.org/debian stretch main contrib non-free
+
deb-src https://deb.debian.org/debian buster main contrib non-free
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 46: Line 46:
 
# Select the default release. Check /etc/apt/preference for more flexibility
 
# Select the default release. Check /etc/apt/preference for more flexibility
 
# Only needed when non-standard sources are present like backport or testing
 
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "jessie";
+
APT::Default-Release "stretch";
  
 
# When adding new sources in sources.list, you can hit the APT cache limit
 
# When adding new sources in sources.list, you can hit the APT cache limit
Line 61: Line 61:
 
Explanation: We make it explicit
 
Explanation: We make it explicit
 
Package: *
 
Package: *
Pin: release o=Debian, n=jessie
+
Pin: release o=Debian, n=stretch
 
Pin-Priority: 990
 
Pin-Priority: 990
  
 
Explanation: Assign the same priority than stable release so these are picked if they are newer
 
Explanation: Assign the same priority than stable release so these are picked if they are newer
 
Package: *
 
Package: *
Pin: release o=Debian, n=jessie-updates
+
Pin: release o=Debian, n=stretch-updates
 
Pin-Priority: 990
 
Pin-Priority: 990
  
Line 72: Line 72:
 
Explanation: Higher than testing, we prefer to install from backports than testing.
 
Explanation: Higher than testing, we prefer to install from backports than testing.
 
Package: *
 
Package: *
Pin: release o=Debian Backports, n=jessie-backports
+
Pin: release o=Debian Backports, n=stretch-backports
 
Pin-Priority: 900
 
Pin-Priority: 900
  
Line 79: Line 79:
 
Explanation: Higher than 500 so it's still preferred over external sources
 
Explanation: Higher than 500 so it's still preferred over external sources
 
Package: *
 
Package: *
Pin: release o=Debian, n=stretch
+
Pin: release o=Debian, n=buster
 
Pin-Priority: 700
 
Pin-Priority: 700
 
</syntaxhighlight>
 
</syntaxhighlight>

Revision as of 10:41, 24 June 2017

Configure

HTTPS

By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.

$ sudo apt install apt-transport-https

sources.list

Here is the /etc/apt/sources.list for a Debian Jessie distribution.

The file is referencing versions names instead of the stable and testing aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.

# Standard Debian repository
deb https://deb.debian.org/debian stretch main contrib non-free
deb-src https://deb.debian.org/debian stretch main contrib non-free

# Security updates
# No mirror is used here to avoid issues with propagation delay
deb https://security.debian.org/ stretch/updates main contrib non-free
deb-src https://security.debian.org/ stretch/updates main contrib non-free

# stable-updates repo
# Contain some package that are known to change frequently like antivirus or timezone data
deb https://deb.debian.org/debian stretch-updates main contrib non-free
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free

# Backport repo
# Contains packages from the next release that where modified to work on the current one
# Note that security is not assured by security team so updates might be slower than for other packages
deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free

# Testing
# For package that are not backported but where you want the new version
# Be very careful when installing these as they might bring incompatibility with the rest of the system
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb https://deb.debian.org/debian buster main contrib non-free
deb-src https://deb.debian.org/debian buster main contrib non-free

apt.conf

The file /etc/apt/apt.conf stores settings of apt. You can create the file if it doesn't exist.

# Select the default release. Check /etc/apt/preference for more flexibility
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "stretch";

# When adding new sources in sources.list, you can hit the APT cache limit
# This line increases its size
APT::Cache-Limit "100000000";

Pinning

Setup

Create file /etc/apt/preferences

Explanation: This priority correspond to the default set by "APT::Default-Release"
Explanation: We make it explicit
Package: *
Pin: release o=Debian, n=stretch
Pin-Priority: 990

Explanation: Assign the same priority than stable release so these are picked if they are newer
Package: *
Pin: release o=Debian, n=stretch-updates
Pin-Priority: 990

Explanation: Lower than stable as we don't want them installed by default.
Explanation: Higher than testing, we prefer to install from backports than testing.
Package: *
Pin: release o=Debian Backports, n=stretch-backports
Pin-Priority: 900


Explanation: Lower than others
Explanation: Higher than 500 so it's still preferred over external sources
Package: *
Pin: release o=Debian, n=buster
Pin-Priority: 700

Debugging

By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, apt-cache can help us with that.

$ apt-cache policy | grep -Ev Translation-..$
Package files:
 100 /var/lib/dpkg/status
     release a=now
 700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=main
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
     origin httpredir.debian.org
 990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/main amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
     origin security.debian.org
 990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
     origin httpredir.debian.org
Pinned packages:
$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: 4.3+70~bpo8+1
  Candidate: 4.3+70~bpo8+1
  Version table:
     4.3+70 0
        700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
 *** 4.3+70~bpo8+1 0
        900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16+63 0
        990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages

Tools

needrestart

After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.

It will also warn you in case the system need to be restarted.

$ sudo apt install needrestart

reboot-notifier

Sends you a daily email in case your server need to be restarted

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install  reboot-notifier

You can configure the destination email address in /etc/default/reboot-notifier.

apt-listchanges

Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.

$ sudo apt install apt-listchanges

apticron

Apticron will check for updates and send you emails with changelogs

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install apticron

To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings

EMAIL="youremail@example.org"
NOTIFY_HOLDS="0"
NOTIFY_NEW="0"