Difference between revisions of "Apt"

From wiki
(Created page with "{{WIP}} == Configure == === sources.list === Here is the <code>/etc/apt/sources.list</code> for a Debian Jessie distribution. The file is referencing versions names instea...")
 
(maintenance scripts)
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{WIP}}
+
== Configure ==
 +
 
 +
=== HTTPS ===
  
== Configure ==
+
By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.
 +
<syntaxhighlight lang="console">
 +
$ sudo apt install apt-transport-https
 +
</syntaxhighlight>
  
 
=== sources.list ===
 
=== sources.list ===
 
Here is the <code>/etc/apt/sources.list</code> for a Debian Jessie distribution.  
 
Here is the <code>/etc/apt/sources.list</code> for a Debian Jessie distribution.  
  
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.<syntaxhighlight lang="sources.list">
+
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
deb http://httpredir.debian.org/debian jessie main contrib non-free
+
<syntaxhighlight lang="sources.list">
deb-src http://httpredir.debian.org/debian jessie main contrib non-free
+
# Standard Debian repository
 +
deb https://deb.debian.org/debian stretch main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch main contrib non-free
  
deb http://security.debian.org/ jessie/updates main
+
# Security updates
deb-src http://security.debian.org/ jessie/updates main
+
# No mirror is used here to avoid issues with propagation delay
 +
deb https://security.debian.org/ stretch/updates main contrib non-free
 +
deb-src https://security.debian.org/ stretch/updates main contrib non-free
  
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
# stable-updates repo
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
# Contain some package that are known to change frequently like antivirus or timezone data
 +
deb https://deb.debian.org/debian stretch-updates main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free
  
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
# Backport repo
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
# Contains packages from the next release that where modified to work on the current one
 +
# Note that security is not assured by security team so updates might be slower than for other packages
 +
deb https://deb.debian.org/debian stretch-backports main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free
  
# testing
+
# Testing
deb http://httpredir.debian.org/debian stretch main contrib non-free
+
# For package that are not backported but where you want the new version
deb-src http://httpredir.debian.org/debian stretch main contrib non-free
+
# Be very careful when installing these as they might bring incompatibility with the rest of the system
 +
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
 +
deb https://deb.debian.org/debian buster main contrib non-free
 +
deb-src https://deb.debian.org/debian buster main contrib non-free
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
=== apt.conf ===
 
=== apt.conf ===
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.<syntaxhighlight lang="properties">
+
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.
APT::Default-Release "jessie";
+
<syntaxhighlight lang="properties">
 +
# Select the default release. Check /etc/apt/preference for more flexibility
 +
# Only needed when non-standard sources are present like backport or testing
 +
APT::Default-Release "stretch";
  
 +
# When adding new sources in sources.list, you can hit the APT cache limit
 +
# This line increases its size
 
APT::Cache-Limit "100000000";
 
APT::Cache-Limit "100000000";
 +
</syntaxhighlight>
 +
 +
=== Pinning ===
 +
 +
==== Setup ====
 +
Create file  <code>/etc/apt/preferences</code>
 +
<syntaxhighlight lang="properties">
 +
Explanation: This priority correspond to the default set by "APT::Default-Release"
 +
Explanation: We make it explicit
 +
Package: *
 +
Pin: release o=Debian, n=stretch
 +
Pin-Priority: 990
 +
 +
Explanation: Assign the same priority than stable release so these are picked if they are newer
 +
Package: *
 +
Pin: release o=Debian, n=stretch-updates
 +
Pin-Priority: 990
 +
 +
Explanation: Lower than stable as we don't want them installed by default.
 +
Explanation: Higher than testing, we prefer to install from backports than testing.
 +
Package: *
 +
Pin: release o=Debian Backports, n=stretch-backports
 +
Pin-Priority: 900
 +
 +
 +
Explanation: Lower than others
 +
Explanation: Higher than 500 so it's still preferred over external sources
 +
Package: *
 +
Pin: release o=Debian, n=buster
 +
Pin-Priority: 700
 +
</syntaxhighlight>
 +
 +
==== Debugging ====
 +
 +
By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, <code>apt-cache</code> can help us with that.
 +
<syntaxhighlight lang="console">
 +
$ apt-cache policy | grep -Ev Translation-..$
 +
Package files:
 +
100 /var/lib/dpkg/status
 +
    release a=now
 +
700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
 +
    release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
 +
    origin httpredir.debian.org
 +
700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
 +
    release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
 +
    origin httpredir.debian.org
 +
700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
 +
    release o=Debian,a=testing,n=stretch,l=Debian,c=main
 +
    origin httpredir.debian.org
 +
900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
 +
    release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
 +
    origin httpredir.debian.org
 +
900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
 +
    release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
 +
    origin httpredir.debian.org
 +
900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
 +
    release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
 +
    origin httpredir.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
 +
    release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
 +
    origin httpredir.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
 +
    release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
 +
    origin httpredir.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
 +
    release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
 +
    origin httpredir.debian.org
 +
990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
 +
    release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
 +
    origin security.debian.org
 +
990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
 +
    release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
 +
    origin security.debian.org
 +
990 http://security.debian.org/ jessie/updates/main amd64 Packages
 +
    release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
 +
    origin security.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
 +
    release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
 +
    origin httpredir.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
 +
    release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
 +
    origin httpredir.debian.org
 +
990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
 +
    release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
 +
    origin httpredir.debian.org
 +
Pinned packages:
 +
</syntaxhighlight>
  
aptitude "";
+
<syntaxhighlight lang="console">
aptitude::Keep-Unused-Pattern "";
+
$ apt-cache policy linux-image-amd64
aptitude::Delete-Unused-Pattern "";
+
linux-image-amd64:
aptitude::UI "";
+
  Installed: 4.3+70~bpo8+1
aptitude::UI::Menubar-Autohide "true";
+
  Candidate: 4.3+70~bpo8+1
aptitude::UI::Minibuf-Download-Bar "false";
+
  Version table:
aptitude::UI::InfoAreaTabs "true";
+
    4.3+70 0
aptitude::UI::Package-Header-Format "%N %n #%B %u %o";
+
        700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
aptitude::UI::Package-Status-Format "%d #%D %I";
+
*** 4.3+70~bpo8+1 0
aptitude::UI::Package-Display-Format "%c%a%M%S %p #%t %Z %r %D %v %V";
+
        900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
 +
        100 /var/lib/dpkg/status
 +
    3.16+63 0
 +
        990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 47: Line 159:
 
After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.
 
After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.
  
It will also warn you in case the system need to be restarted.<syntaxhighlight lang="console">
+
It will also warn you in case the system need to be restarted.
# apt install needrestart
+
<syntaxhighlight lang="console">
 +
$ sudo apt install needrestart
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
=== reboot-notifier ===
 
=== reboot-notifier ===
Sends you a daily email in case your server need to be restarted<syntaxhighlight lang="console">
+
Sends you a daily email in case your server need to be restarted
# apt install  reboot-notifier
+
 
</syntaxhighlight>You can configure the destination email address in <code>/etc/default/reboot-notifier</code>.
+
'''Important:''' Your server needs be able to [[Emails|send Emails]] before you install this.
 +
 
 +
<syntaxhighlight lang="console">
 +
$ sudo apt install  reboot-notifier
 +
</syntaxhighlight>
 +
You can configure the destination email address in <code>/etc/default/reboot-notifier</code>.
  
 
=== apt-listchanges ===
 
=== apt-listchanges ===
 
Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.<syntaxhighlight lang="console">
 
Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.<syntaxhighlight lang="console">
# apt install apt-listchanges
+
$ sudo apt install apt-listchanges
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
=== apticron ===
 
=== apticron ===
Apticron will check for updates and send you emails with changelogs<syntaxhighlight lang="console">
+
Apticron will check for updates and send you emails with changelogs
# apt install apticron
+
 
</syntaxhighlight>To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings<syntaxhighlight lang="ini">
+
'''Important:''' Your server needs be able to [[Emails|send Emails]] before you install this.
 +
 
 +
<syntaxhighlight lang="console">
 +
$ sudo apt install apticron
 +
</syntaxhighlight>
 +
To configure apticron, edit <code>/etc/apticron/apticron.conf</code> and changes the following settings<syntaxhighlight lang="ini">
 
EMAIL="youremail@example.org"
 
EMAIL="youremail@example.org"
 
NOTIFY_HOLDS="0"
 
NOTIFY_HOLDS="0"
 
NOTIFY_NEW="0"
 
NOTIFY_NEW="0"
 +
</syntaxhighlight>
 +
 +
== System Maintenance ==
 +
 +
=== Manually installed packages ===
 +
Both apt and aptitude can automatically remove packages that are not used any more. This allows to keep a clean system over time. However it requires the system to know which packages were automatically installed.
 +
 +
To list packages that are marked as manually installed, you can use<syntaxhighlight lang="console">
 +
$ apt-mark showmanual
 +
</syntaxhighlight>
 +
 +
=== Remove useless configuration files ===
 +
When deinstalling a package, configuration files are kept in case you need to reinstall it latter. Overtime, this can led to a lot of useless files in <code>/etc</code>.
 +
 +
To list the removed packages that still have configuration files, you can use:<syntaxhighlight lang="console">
 +
$ aptitude search ?config-files
 +
</syntaxhighlight>After inspection of the list, this command will remove them<syntaxhighlight lang="console">
 +
$ sudo aptitude purge ?config-files
 
</syntaxhighlight>
 
</syntaxhighlight>
 
[[Category:Debian Release]]
 
[[Category:Debian Release]]
 +
[[Category:Linux Server]]

Latest revision as of 07:35, 10 October 2017

Configure

HTTPS

By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.

$ sudo apt install apt-transport-https

sources.list

Here is the /etc/apt/sources.list for a Debian Jessie distribution.

The file is referencing versions names instead of the stable and testing aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.

# Standard Debian repository
deb https://deb.debian.org/debian stretch main contrib non-free
deb-src https://deb.debian.org/debian stretch main contrib non-free

# Security updates
# No mirror is used here to avoid issues with propagation delay
deb https://security.debian.org/ stretch/updates main contrib non-free
deb-src https://security.debian.org/ stretch/updates main contrib non-free

# stable-updates repo
# Contain some package that are known to change frequently like antivirus or timezone data
deb https://deb.debian.org/debian stretch-updates main contrib non-free
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free

# Backport repo
# Contains packages from the next release that where modified to work on the current one
# Note that security is not assured by security team so updates might be slower than for other packages
deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free

# Testing
# For package that are not backported but where you want the new version
# Be very careful when installing these as they might bring incompatibility with the rest of the system
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb https://deb.debian.org/debian buster main contrib non-free
deb-src https://deb.debian.org/debian buster main contrib non-free

apt.conf

The file /etc/apt/apt.conf stores settings of apt. You can create the file if it doesn't exist.

# Select the default release. Check /etc/apt/preference for more flexibility
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "stretch";

# When adding new sources in sources.list, you can hit the APT cache limit
# This line increases its size
APT::Cache-Limit "100000000";

Pinning

Setup

Create file /etc/apt/preferences

Explanation: This priority correspond to the default set by "APT::Default-Release"
Explanation: We make it explicit
Package: *
Pin: release o=Debian, n=stretch
Pin-Priority: 990

Explanation: Assign the same priority than stable release so these are picked if they are newer
Package: *
Pin: release o=Debian, n=stretch-updates
Pin-Priority: 990

Explanation: Lower than stable as we don't want them installed by default.
Explanation: Higher than testing, we prefer to install from backports than testing.
Package: *
Pin: release o=Debian Backports, n=stretch-backports
Pin-Priority: 900


Explanation: Lower than others
Explanation: Higher than 500 so it's still preferred over external sources
Package: *
Pin: release o=Debian, n=buster
Pin-Priority: 700

Debugging

By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, apt-cache can help us with that.

$ apt-cache policy | grep -Ev Translation-..$
Package files:
 100 /var/lib/dpkg/status
     release a=now
 700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=main
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
     origin httpredir.debian.org
 990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/main amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
     origin security.debian.org
 990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
     origin httpredir.debian.org
Pinned packages:
$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: 4.3+70~bpo8+1
  Candidate: 4.3+70~bpo8+1
  Version table:
     4.3+70 0
        700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
 *** 4.3+70~bpo8+1 0
        900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16+63 0
        990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages

Tools

needrestart

After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.

It will also warn you in case the system need to be restarted.

$ sudo apt install needrestart

reboot-notifier

Sends you a daily email in case your server need to be restarted

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install  reboot-notifier

You can configure the destination email address in /etc/default/reboot-notifier.

apt-listchanges

Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.

$ sudo apt install apt-listchanges

apticron

Apticron will check for updates and send you emails with changelogs

Important: Your server needs be able to send Emails before you install this.

$ sudo apt install apticron

To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings

EMAIL="youremail@example.org"
NOTIFY_HOLDS="0"
NOTIFY_NEW="0"

System Maintenance

Manually installed packages

Both apt and aptitude can automatically remove packages that are not used any more. This allows to keep a clean system over time. However it requires the system to know which packages were automatically installed.

To list packages that are marked as manually installed, you can use

$ apt-mark showmanual

Remove useless configuration files

When deinstalling a package, configuration files are kept in case you need to reinstall it latter. Overtime, this can led to a lot of useless files in /etc.

To list the removed packages that still have configuration files, you can use:

$ aptitude search ?config-files

After inspection of the list, this command will remove them

$ sudo aptitude purge ?config-files