The tools
apt-get --The Debian Advanced software Packet handling Tool
dpkg --The Debian Package Manager
apt-cache --The APT cache manipulator
aptitude --A high-level interface to the package manager. It has both an ncurses (2D) and a command line interface.
We 'll use apt-get, dpkg, and apt-cache.
First, let's get a root shell
$sudo -s
#
apt-get basics
apt-get stores the list of software repositories in /etc/apt/sources.list
There you can uncomment to add, and comment to remove repositories.
The following syntax is used to add repositories to /etc/apt/sources.list
$ head -3 /etc/apt/sources.list
#deb URL DISTRIBUTION main
deb http://de.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://deb.torproject.org/torproject.org lucid main
$
# are used to comment out lines
and the URLs are using HTTP.
To figure out the DISTRIBUTION codename use one of the following commands
n3 ~ # cat /etc/debian_version
squeeze/sid
n3 ~ #
or
n ~ # lsb_release -c
Codename: lucid
n ~ #
In Ubuntu you may want to add a repository from the
Archive Mirrors.
To resynchronize the package index files.
#apt-get update
To add a new package (let's say ninvaders) using apt-get
#apt-get install ninvaders
OK, done playing. Got a 20150, beat that!
To remove a package but not its configuration file(s).
#apt-get remove ninvaders
To remove a package and its configuration file(s) if any.
#apt-get purge ninvaders
To see a list of what updates are available we could do
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst
apt-get also has a nice wrapper-extender that can give us a nice summary of what updates are available
#/usr/lib/update-notifier/apt_check.py --human-readable
10 packages can be updated.
10 updates are security updates.
To upgrade an individual packet (let's say bind) and it's dependencies.
#apt-get install bind9
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
The following packages will be upgraded:
bind9 bind9-host bind9utils dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
10 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
OK, let's see the summary of what updates are available again.
#/usr/lib/update-notifier/apt_check.py --human-readable
0 packages can be updated.
0 updates are security updates.
To upgrade everything.
#apt-get upgrade
or upgrade everything and "intelligently handle changing dependencies with new versions of packages."
#apt-get dist-upgrade
To get the sources of a software packet we can use apt-get with the source option.
We need to have the appropriate deb-src repository in /etc/apt/sources.list.
Let's look at the ninvaders sources.
ares:~#mkdir ninvaders;cd ninvaders
ares:~/ninvaders#apt-get source ninvaders
Reading package lists... Done
Building dependency tree
Reading state information... Done
Need to get 44.0kB of source archives.
Get:1 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (dsc) [584B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (tar) [31.3kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (diff) [12.1kB]
Fetched 44.0kB in 0s (114kB/s)
gpgv: Signature made Thu 29 Sep 2005 10:39:03 AM UTC using DSA key ID 69351387
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./ninvaders_0.1.1-2.dsc
dpkg-source: info: extracting ninvaders in ninvaders-0.1.1
dpkg-source: info: unpacking ninvaders_0.1.1.orig.tar.gz
dpkg-source: info: applying ninvaders_0.1.1-2.diff.gz
dpkg-source: info: upstream files that have been modified:
ninvaders-0.1.1/globals.c
ninvaders-0.1.1/ind.html
ares:~/ninvaders#ls
ninvaders-0.1.1 ninvaders_0.1.1-2.diff.gz ninvaders_0.1.1-2.dsc ninvaders_0.1.1.orig.tar.gz
When it comes to updates on production boxes I do not care much about no security updates
and I like to test first the list of the security patches one by one in dev boxes before applying them
to the production boxes.
We can list all available updates using at least three easy ways.
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst
or
# /usr/lib/update-notifier/apt_check.py --p
or we can tweak the apt_chek.py script ( add two print statements ) to print
only the security updates and the cute summary and run it like
ubudevrat#/usr/lib/update-notifier/apt_check.1.py --human-readable
<apt_pkg.Version object: Pkg:'libpam-modules' Ver:'1.1.1-2ubuntu5.4' Section:'admin' Arch:'amd64' Size:385900 ISize:1236992 Hash:17691 ID:30444 Priority:2>
<apt_pkg.Version object: Pkg:'libplasma3' Ver:'4:4.4.5-0ubuntu1.2' Section:'libs' Arch:'amd64' Size:818294 ISize:3108864 Hash:53711 ID:30462 Priority:4>
<apt_pkg.Version object: Pkg:'libpam-runtime' Ver:'1.1.1-2ubuntu5.4' Section:'admin' Arch:'all' Size:115696 ISize:1277952 Hash:49884 ID:30446 Priority:2>
3 packages can be updated.
3 updates are security updates.
The changes of apt_check.py
# diff apt_check.py apt_check.1.py
134a135
> print cand_ver #g0#
144a146
> print ver #g0#
dpkg basics
To list the name, the version, and a description for all the software packages installed on a system
#dpkg -l
To list files installed by package-name (let 's say apache2)
# dpkg -L apache2
To find which package(s) own(s) a file (let 's say /usr/share/bug)
# dpkg -S /usr/share/bug/
To see the status of a specified package and an extended description (let 's say apache2)
# dpkg -s apache2
To install the foo package
#dpkg -i foo.deb
To list all files in foo.deb
#dpkg -c foo.deb
apt-cache
Let' s search for a regex in the names and descriptions of all available package lists.
For example to list all the software packets containing in their names or their descriptions the words security or intrusion or firewall
# apt-cache search "security|intrusion|firewall"
Or if we want to get a longer description for all available "intrusion detection" matches.
This will also show version number, size, dependencies, conflicts, priority, and other usual information.
# apt-cache search "intrusion detection" --full
If we know the name of the software packet we can use the show option.
#apt-cache show snort
I think that the above cover the basics.
Further
#man apt-get
#man dpkg
#man apt-cache
http://www.debian.org/doc/manuals/apt-howto/
http://wiki.debian.org/SecureApt
https://help.ubuntu.com/community/Repositories/CommandLine
https://help.ubuntu.com/community/AptGet/Howto
Software Management Tools Debian