Software Packet Management Tools Debian Ubuntu

The tools

apt-get --The Debian Advanced software Packet handling Tool

dpkg --The Debian Package Manager

apt-cache --The APT cache manipulator

aptitude --A high-level interface to the package manager. It has both an ncurses (2D) and a command line interface.

We 'll use apt-get, dpkg, and apt-cache.

First, let's get a root shell
$sudo -s
#


apt-get basics

apt-get stores the list of software repositories in /etc/apt/sources.list
There you can uncomment to add, and comment to remove repositories.

The following syntax is used to add repositories to /etc/apt/sources.list
$  head -3 /etc/apt/sources.list
#deb     URL DISTRIBUTION main
deb http://de.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://deb.torproject.org/torproject.org lucid main
$
# are used to comment out lines and the URLs are using HTTP.
To figure out the DISTRIBUTION codename use one of the following commands
n3 ~ # cat /etc/debian_version 
squeeze/sid
n3 ~ #
or
n ~ # lsb_release -c
Codename: lucid
n ~ # 
In Ubuntu you may want to add a repository from the Archive Mirrors.

To resynchronize the package index files.
#apt-get update


To add a new package (let's say ninvaders) using apt-get
#apt-get install ninvaders
OK, done playing. Got a 20150, beat that!

To remove a package but not its configuration file(s).
#apt-get remove ninvaders


To remove a package and its configuration file(s) if any.
#apt-get purge ninvaders


To see a list of what updates are available we could do
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst  


apt-get also has a nice wrapper-extender that can give us a nice summary of what updates are available
#/usr/lib/update-notifier/apt_check.py --human-readable
10 packages can be updated.
10 updates are security updates.


To upgrade an individual packet (let's say bind) and it's dependencies.
#apt-get install bind9
Reading package lists... Done
Building dependency tree       
Reading state information... Done

...

The following packages will be upgraded:
  bind9 bind9-host bind9utils dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
10 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


OK, let's see the summary of what updates are available again.
#/usr/lib/update-notifier/apt_check.py --human-readable
0 packages can be updated.
0 updates are security updates.


To upgrade everything.
#apt-get upgrade


or upgrade everything and "intelligently handle changing dependencies with new versions of packages."
#apt-get dist-upgrade


To get the sources of a software packet we can use apt-get with the source option. We need to have the appropriate deb-src repository in /etc/apt/sources.list. Let's look at the ninvaders sources.
ares:~#mkdir ninvaders;cd ninvaders
ares:~/ninvaders#apt-get source ninvaders
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Need to get 44.0kB of source archives.
Get:1 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (dsc) [584B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (tar) [31.3kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (diff) [12.1kB]
Fetched 44.0kB in 0s (114kB/s)    
gpgv: Signature made Thu 29 Sep 2005 10:39:03 AM UTC using DSA key ID 69351387
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./ninvaders_0.1.1-2.dsc
dpkg-source: info: extracting ninvaders in ninvaders-0.1.1
dpkg-source: info: unpacking ninvaders_0.1.1.orig.tar.gz
dpkg-source: info: applying ninvaders_0.1.1-2.diff.gz
dpkg-source: info: upstream files that have been modified: 
 ninvaders-0.1.1/globals.c
 ninvaders-0.1.1/ind.html
ares:~/ninvaders#ls
ninvaders-0.1.1  ninvaders_0.1.1-2.diff.gz  ninvaders_0.1.1-2.dsc  ninvaders_0.1.1.orig.tar.gz


When it comes to updates on production boxes I do not care much about no security updates and I like to test first the list of the security patches one by one in dev boxes before applying them to the production boxes.

We can list all available updates using at least three easy ways.
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst

or
# /usr/lib/update-notifier/apt_check.py --p

or we can tweak the apt_chek.py script ( add two print statements ) to print only the security updates and the cute summary and run it like
ubudevrat#/usr/lib/update-notifier/apt_check.1.py --human-readable
<apt_pkg.Version object: Pkg:'libpam-modules' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'amd64' Size:385900 ISize:1236992 Hash:17691 ID:30444 Priority:2>
<apt_pkg.Version object: Pkg:'libplasma3' Ver:'4:4.4.5-0ubuntu1.2' Section:'libs'  Arch:'amd64' Size:818294 ISize:3108864 Hash:53711 ID:30462 Priority:4>
<apt_pkg.Version object: Pkg:'libpam-runtime' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'all' Size:115696 ISize:1277952 Hash:49884 ID:30446 Priority:2>
3 packages can be updated.
3 updates are security updates.


The changes of apt_check.py
# diff apt_check.py apt_check.1.py 
134a135
>      print cand_ver #g0#
144a146
>   print ver #g0#



dpkg basics

To list the name, the version, and a description for all the software packages installed on a system
#dpkg -l


To list files installed by package-name (let 's say apache2)
 # dpkg -L apache2


To find which package(s) own(s) a file (let 's say /usr/share/bug)
# dpkg -S /usr/share/bug/


To see the status of a specified package and an extended description (let 's say apache2)
# dpkg -s apache2


To install the foo package
#dpkg -i foo.deb


To list all files in foo.deb
#dpkg -c foo.deb


apt-cache

Let' s search for a regex in the names and descriptions of all available package lists. For example to list all the software packets containing in their names or their descriptions the words security or intrusion or firewall
# apt-cache search "security|intrusion|firewall"


Or if we want to get a longer description for all available "intrusion detection" matches. This will also show version number, size, dependencies, conflicts, priority, and other usual information.
# apt-cache search "intrusion detection" --full


If we know the name of the software packet we can use the show option.
#apt-cache show snort


I think that the above cover the basics.


Further

#man apt-get
#man dpkg
#man apt-cache
http://www.debian.org/doc/manuals/apt-howto/
http://wiki.debian.org/SecureApt
https://help.ubuntu.com/community/Repositories/CommandLine
https://help.ubuntu.com/community/AptGet/Howto






Software Management Tools Debian