Difference between revisions of "Apt"

From wiki
(Pinning)
(maintenance scripts)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== Configure ==
 
== Configure ==
 +
 +
=== HTTPS ===
 +
 +
By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories.
 +
<syntaxhighlight lang="console">
 +
$ sudo apt install apt-transport-https
 +
</syntaxhighlight>
  
 
=== sources.list ===
 
=== sources.list ===
Line 6: Line 13:
 
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
 
The file is referencing versions names instead of the ''stable'' and ''testing'' aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable.
 
<syntaxhighlight lang="sources.list">
 
<syntaxhighlight lang="sources.list">
deb http://httpredir.debian.org/debian jessie main contrib non-free
+
# Standard Debian repository
deb-src http://httpredir.debian.org/debian jessie main contrib non-free
+
deb https://deb.debian.org/debian stretch main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch main contrib non-free
  
deb http://security.debian.org/ jessie/updates main contrib non-free
+
# Security updates
deb-src http://security.debian.org/ jessie/updates main contrib non-free
+
# No mirror is used here to avoid issues with propagation delay
 +
deb https://security.debian.org/ stretch/updates main contrib non-free
 +
deb-src https://security.debian.org/ stretch/updates main contrib non-free
  
deb http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
# stable-updates repo
deb-src http://httpredir.debian.org/debian jessie-updates main contrib non-free
+
# Contain some package that are known to change frequently like antivirus or timezone data
 +
deb https://deb.debian.org/debian stretch-updates main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free
  
deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
# Backport repo
deb-src http://httpredir.debian.org/debian jessie-backports main contrib non-free
+
# Contains packages from the next release that where modified to work on the current one
 +
# Note that security is not assured by security team so updates might be slower than for other packages
 +
deb https://deb.debian.org/debian stretch-backports main contrib non-free
 +
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free
  
# testing
+
# Testing
deb http://httpredir.debian.org/debian stretch main contrib non-free
+
# For package that are not backported but where you want the new version
deb-src http://httpredir.debian.org/debian stretch main contrib non-free
+
# Be very careful when installing these as they might bring incompatibility with the rest of the system
 +
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
 +
deb https://deb.debian.org/debian buster main contrib non-free
 +
deb-src https://deb.debian.org/debian buster main contrib non-free
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 26: Line 44:
 
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.
 
The file <code>/etc/apt/apt.conf</code> stores settings of apt. You can create the file if it doesn't exist.
 
<syntaxhighlight lang="properties">
 
<syntaxhighlight lang="properties">
APT::Default-Release "jessie";
+
# Select the default release. Check /etc/apt/preference for more flexibility
 +
# Only needed when non-standard sources are present like backport or testing
 +
APT::Default-Release "stretch";
  
 +
# When adding new sources in sources.list, you can hit the APT cache limit
 +
# This line increases its size
 
APT::Cache-Limit "100000000";
 
APT::Cache-Limit "100000000";
 
aptitude "";
 
aptitude::Keep-Unused-Pattern "";
 
aptitude::Delete-Unused-Pattern "";
 
aptitude::UI "";
 
aptitude::UI::Menubar-Autohide "true";
 
aptitude::UI::Minibuf-Download-Bar "false";
 
aptitude::UI::InfoAreaTabs "true";
 
aptitude::UI::Package-Header-Format "%N %n #%B %u %o";
 
aptitude::UI::Package-Status-Format "%d #%D %I";
 
aptitude::UI::Package-Display-Format "%c%a%M%S %p #%t %Z %r %D %v %V";
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 50: Line 61:
 
Explanation: We make it explicit
 
Explanation: We make it explicit
 
Package: *
 
Package: *
Pin: release o=Debian, n=jessie
+
Pin: release o=Debian, n=stretch
 
Pin-Priority: 990
 
Pin-Priority: 990
  
 
Explanation: Assign the same priority than stable release so these are picked if they are newer
 
Explanation: Assign the same priority than stable release so these are picked if they are newer
 
Package: *
 
Package: *
Pin: release o=Debian, n=jessie-updates
+
Pin: release o=Debian, n=stretch-updates
 
Pin-Priority: 990
 
Pin-Priority: 990
  
Line 61: Line 72:
 
Explanation: Higher than testing, we prefer to install from backports than testing.
 
Explanation: Higher than testing, we prefer to install from backports than testing.
 
Package: *
 
Package: *
Pin: release o=Debian Backports, n=jessie-backports
+
Pin: release o=Debian Backports, n=stretch-backports
 
Pin-Priority: 900
 
Pin-Priority: 900
  
Line 68: Line 79:
 
Explanation: Higher than 500 so it's still preferred over external sources
 
Explanation: Higher than 500 so it's still preferred over external sources
 
Package: *
 
Package: *
Pin: release o=Debian, n=stretch
+
Pin: release o=Debian, n=buster
 
Pin-Priority: 700
 
Pin-Priority: 700
 
</syntaxhighlight>
 
</syntaxhighlight>
Line 150: Line 161:
 
It will also warn you in case the system need to be restarted.
 
It will also warn you in case the system need to be restarted.
 
<syntaxhighlight lang="console">
 
<syntaxhighlight lang="console">
# apt install needrestart
+
$ sudo apt install needrestart
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 159: Line 170:
  
 
<syntaxhighlight lang="console">
 
<syntaxhighlight lang="console">
# apt install  reboot-notifier
+
$ sudo apt install  reboot-notifier
 
</syntaxhighlight>
 
</syntaxhighlight>
 
You can configure the destination email address in <code>/etc/default/reboot-notifier</code>.
 
You can configure the destination email address in <code>/etc/default/reboot-notifier</code>.
Line 165: Line 176:
 
=== apt-listchanges ===
 
=== apt-listchanges ===
 
Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.<syntaxhighlight lang="console">
 
Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.<syntaxhighlight lang="console">
# apt install apt-listchanges
+
$ sudo apt install apt-listchanges
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 174: Line 185:
  
 
<syntaxhighlight lang="console">
 
<syntaxhighlight lang="console">
# apt install apticron
+
$ sudo apt install apticron
 
</syntaxhighlight>
 
</syntaxhighlight>
 
To configure apticron, edit <code>/etc/apticron/apticron.conf</code> and changes the following settings<syntaxhighlight lang="ini">
 
To configure apticron, edit <code>/etc/apticron/apticron.conf</code> and changes the following settings<syntaxhighlight lang="ini">
Line 180: Line 191:
 
NOTIFY_HOLDS="0"
 
NOTIFY_HOLDS="0"
 
NOTIFY_NEW="0"
 
NOTIFY_NEW="0"
 +
</syntaxhighlight>
 +
 +
== System Maintenance ==
 +
 +
=== Manually installed packages ===
 +
Both apt and aptitude can automatically remove packages that are not used any more. This allows to keep a clean system over time. However it requires the system to know which packages were automatically installed.
 +
 +
To list packages that are marked as manually installed, you can use<syntaxhighlight lang="console">
 +
$ apt-mark showmanual
 +
</syntaxhighlight>
 +
 +
=== Remove useless configuration files ===
 +
When deinstalling a package, configuration files are kept in case you need to reinstall it latter. Overtime, this can led to a lot of useless files in <code>/etc</code>.
 +
 +
To list the removed packages that still have configuration files, you can use:<syntaxhighlight lang="console">
 +
$ aptitude search ?config-files
 +
</syntaxhighlight>After inspection of the list, this command will remove them<syntaxhighlight lang="console">
 +
$ sudo aptitude purge ?config-files
 
</syntaxhighlight>
 
</syntaxhighlight>
 
[[Category:Debian Release]]
 
[[Category:Debian Release]]
[[Category:Install]]
+
[[Category:Linux Server]]

Latest revision as of 07:35, 10 October 2017

Configure

HTTPS

By default, Apt is able to use http sources but not https ones. This might cause problem with some external repositories. 

$ sudo apt install apt-transport-https

sources.list

Here is the /etc/apt/sources.list for a Debian Jessie distribution.

The file is referencing versions names instead of the stable and testing aliases. The reason is that we don't want a massive uncontrolled upgrade on the day of the release of the next stable. 

# Standard Debian repository
deb https://deb.debian.org/debian stretch main contrib non-free
deb-src https://deb.debian.org/debian stretch main contrib non-free

# Security updates
# No mirror is used here to avoid issues with propagation delay
deb https://security.debian.org/ stretch/updates main contrib non-free
deb-src https://security.debian.org/ stretch/updates main contrib non-free

# stable-updates repo
# Contain some package that are known to change frequently like antivirus or timezone data
deb https://deb.debian.org/debian stretch-updates main contrib non-free
deb-src https://deb.debian.org/debian stretch-updates main contrib non-free

# Backport repo
# Contains packages from the next release that where modified to work on the current one
# Note that security is not assured by security team so updates might be slower than for other packages
deb https://deb.debian.org/debian stretch-backports main contrib non-free
deb-src https://deb.debian.org/debian stretch-backports main contrib non-free

# Testing
# For package that are not backported but where you want the new version
# Be very careful when installing these as they might bring incompatibility with the rest of the system
# Security is the lowest of the sources here. No security team, and updates might get blocked waiting for other migrations
deb https://deb.debian.org/debian buster main contrib non-free
deb-src https://deb.debian.org/debian buster main contrib non-free

apt.conf

The file /etc/apt/apt.conf stores settings of apt. You can create the file if it doesn't exist. 

# Select the default release. Check /etc/apt/preference for more flexibility
# Only needed when non-standard sources are present like backport or testing
APT::Default-Release "stretch";

# When adding new sources in sources.list, you can hit the APT cache limit
# This line increases its size
APT::Cache-Limit "100000000";

Pinning

Setup

Create file /etc/apt/preferences 

Explanation: This priority correspond to the default set by "APT::Default-Release"
Explanation: We make it explicit
Package: *
Pin: release o=Debian, n=stretch
Pin-Priority: 990

Explanation: Assign the same priority than stable release so these are picked if they are newer
Package: *
Pin: release o=Debian, n=stretch-updates
Pin-Priority: 990

Explanation: Lower than stable as we don't want them installed by default.
Explanation: Higher than testing, we prefer to install from backports than testing.
Package: *
Pin: release o=Debian Backports, n=stretch-backports
Pin-Priority: 900


Explanation: Lower than others
Explanation: Higher than 500 so it's still preferred over external sources
Package: *
Pin: release o=Debian, n=buster
Pin-Priority: 700

Debugging

By default, it might be hard to understand why a particular version of a package is chosen for updates. Thankfully, apt-cache can help us with that. 

$ apt-cache policy | grep -Ev Translation-..$
Package files:
 100 /var/lib/dpkg/status
     release a=now
 700 http://httpredir.debian.org/debian/ stretch/non-free amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=non-free
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/contrib amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=contrib
     origin httpredir.debian.org
 700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
     release o=Debian,a=testing,n=stretch,l=Debian,c=main
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/non-free amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=non-free
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/contrib amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=contrib
     origin httpredir.debian.org
 900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
     release o=Debian Backports,a=jessie-backports,n=jessie-backports,l=Debian Backports,c=main
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/non-free amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/contrib amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=jessie-updates,l=Debian,c=main
     origin httpredir.debian.org
 990 http://security.debian.org/ jessie/updates/non-free amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/contrib amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org/ jessie/updates/main amd64 Packages
     release v=8,o=Debian,a=stable,n=jessie,l=Debian-Security,c=main
     origin security.debian.org
 990 http://httpredir.debian.org/debian/ jessie/non-free amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=non-free
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/contrib amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=contrib
     origin httpredir.debian.org
 990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages
     release v=8.3,o=Debian,a=stable,n=jessie,l=Debian,c=main
     origin httpredir.debian.org
Pinned packages:

$ apt-cache policy linux-image-amd64
linux-image-amd64:
  Installed: 4.3+70~bpo8+1
  Candidate: 4.3+70~bpo8+1
  Version table:
     4.3+70 0
        700 http://httpredir.debian.org/debian/ stretch/main amd64 Packages
 *** 4.3+70~bpo8+1 0
        900 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16+63 0
        990 http://httpredir.debian.org/debian/ jessie/main amd64 Packages

Tools

needrestart

After a successful upgrade, needrestart will check if any daemon need to be restarted. If so, it will show a dialog where you can choose which ones should be restarted automatically.

It will also warn you in case the system need to be restarted. 

$ sudo apt install needrestart

reboot-notifier

Sends you a daily email in case your server need to be restarted

Important: Your server needs be able to send Emails before you install this. 

$ sudo apt install  reboot-notifier

You can configure the destination email address in /etc/default/reboot-notifier.

apt-listchanges

Parse changelogs when you upgrade a package and display it. It will also send a copy by email so you can have a look latter in case you missed something.

$ sudo apt install apt-listchanges

apticron

Apticron will check for updates and send you emails with changelogs

Important: Your server needs be able to send Emails before you install this. 

$ sudo apt install apticron

To configure apticron, edit /etc/apticron/apticron.conf and changes the following settings

EMAIL="youremail@example.org"
NOTIFY_HOLDS="0"
NOTIFY_NEW="0"

System Maintenance

Manually installed packages

Both apt and aptitude can automatically remove packages that are not used any more. This allows to keep a clean system over time. However it requires the system to know which packages were automatically installed.

To list packages that are marked as manually installed, you can use

$ apt-mark showmanual

Remove useless configuration files

When deinstalling a package, configuration files are kept in case you need to reinstall it latter. Overtime, this can led to a lot of useless files in /etc.

To list the removed packages that still have configuration files, you can use:

$ aptitude search ?config-files

After inspection of the list, this command will remove them

$ sudo aptitude purge ?config-files
Retrieved from ‘https://wiki.meurisse.org/index.php?title=Apt&oldid=665