Debian Software Management

SeaGL
Saturday, 2019Nov16
14:45 in Talks 3178

Hope you enjoyed TeaGL!

Happy Life Day

der.hans, CDE at Object Rocket, a rackspace company
https://www.ObjectRocket.com/

rackspace_remote_jobs_qr.SeaGL.png

Finding Hans

What can this strange device be?

Discover the Possibilities

What is software?

Programs

Libraries

Organization

Documentation

Community

How is software make available?

Packages (*.deb)

Where to get software?

Download from sketchy Warez sites!

Where to get software?

Repositories

Debian Releases

stable: Buster, 10

testing/frozen: Bullseye, 11

unstable: Sid

old stable: Stretch, 9

Ubuntu Releases

LTS == Long Term Support

18.04, Bionic, supported until April 2023

16.04, Xenial, supported until April 2021

14.04, Xenial, supported until April 2019

STR == Short Term Release

19.10, Dusty, supported until January, 2020

18.10, Cosmic, supported until July 2019

Testing

19.04, Eoan, releases October 17th, 2019

Ubuntu ESM Release

ESM == Extended Security Maintenance

18.04, Bionic, supported until April 2028

16.04, Xenial, supported until April 2024

14.04, Xenial, supported until April 2022

12.04, Xenial, supported until April 2019

Debian Branches

release

the main branch of the repo
deb http://deb.debian.org/debian stable main

security

security updates
deb http://deb.debian.org/debian-security/ stable/updates main

updates

proposed updates not yet in a point release
deb http://deb.debian.org/debian stable-updates main

backports

mostly testing, possibly unstable packages compiled for stable
deb http://deb.debian.org/debian stretch-backports main

debug

packages with debug symbols
deb http://deb.debian.org/debian stable-debug main

Ubuntu Branches

release

the main branch of the repo
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted

security

security updates
deb http://security.ubuntu.com/ubuntu xenial-security main restricted

updates

proposed updates not yet in a point release
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted

backports

packages for a newer release compiled for an older release
deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted

Debian Repositories

main

DFSG-compliant packages

contrib

DFSG-compliant software with dependenies that aren’t in main

non-free

software that does not comply with the DFSG

Ubuntu Repositories

main

Canonical-supported free and open-source software

restricted

community-maintained free and open-source software

universe

proprietary drivers for devices

multiverse

software restricted by copyright or legal issues

DFSG

Debian Free Software Guidelines

Debian’s independently written rules on whether or not something is Free Software

later adopted by the Open Source Initiative

Debian Social Contract

  1. Debian will remain 100% free
  2. Debian will give back to the free software community
  3. Debian will not hide problems
  4. Debian’s priorities are users and free software
  5. contrib and non-free for works that do not meet Debian’s free software standards

Dependencies

Dependencies are our f(r)iends!

Dependencies are awesome!
Everything works when you’re part of a team!

Package Binary Dependencies

depends

packages that must also be installed, default

recommends

packages that should also be installed, default

suggests

packages that are likely helpful

enhances

packages this package likely helps

Package Other Dependencies (Homework)

breaks

packages broken by this one

conflicts

packages that can’t be installed at the same time

provides

this package counts as meta-package

replaces

can take file ownership; fully replace package in conjunction with Conflicts

APT Package System

APT == Advanced Packaging Tool

Common APT Tools

apt

command line package management tool

apt-cache

command line package search tool

apt-get

command line package search tool

aptitude

command line package management tool

synaptic

graphical package management tool

KDE, GNOME, Mate, etc.

For each their own

Package Example

Full package description for the apt package.

Important parts covered in the next few slides.

$ apt-cache show apt
Package: apt
Architecture: amd64
Version: 1.6.1
Priority: important
Section: admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: APT Development Team <deity@lists.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3805
Provides: apt-transport-https (= 1.6.1)
Depends: adduser, gpgv | gpgv2 | gpgv1, ubuntu-keyring, libapt-pkg5.0 (>= 1.6.1)
, libc6 (>= 2.15), libgcc1 (>= 1:3.0), libgnutls30 (>= 3.5.6), libseccomp2 (>= 1
.0.1), libstdc++6 (>= 5.2)
Recommends: ca-certificates
Suggests: apt-doc, aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), gnupg | gnupg2 | gnupg1, powermgmt-base
Breaks: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~), aptitude (<< 0.8.10)
Replaces: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~)
Filename: pool/main/a/apt/apt_1.6.1_amd64.deb
Size: 1166400
MD5sum: 8703b482ccad77b727e47f23247162a6
SHA1: a363ab9d70d0d6cfe3d71e5c85cea6b361cc40d3
SHA256: 2ff201fadafd345f30c11824fa039d3ab9dfe34411d9ef45a7872a84498de9ff
Description-en: commandline package manager
 This package provides commandline tools for searching and
 managing as well as querying information about packages
 as a low-level access to all features of the libapt-pkg library.
 .
 These include:
  * apt-get for retrieval of packages and information about them
    from authenticated sources and for installation, upgrade and
    removal of packages together with their dependencies
  * apt-cache for querying available information about installed
    as well as installable packages
  * apt-cdrom to use removable media as a source for packages
  * apt-config as an interface to the configuration settings
  * apt-key as an interface to manage authentication keys
Description-md5: 9fb97a88cb7383934ef963352b53b4a7
Task: minimal
Build-Essential: yes
Supported: 5y

Package Anatomy 1

Package: apt
Architecture: amd64
Version: 1.6.1
Priority: important
Section: admin

Package Anatomy 2

Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: APT Development Team <deity@lists.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3805
Provides: apt-transport-https (= 1.6.1)

Package Anatomy 3

Depends: adduser, gpgv | gpgv2 | gpgv1, ubuntu-keyring, libapt-pkg5.0 (>= 1.6.1)
, libc6 (>= 2.15), libgcc1 (>= 1:3.0), libgnutls30 (>= 3.5.6), libseccomp2 (>= 1
.0.1), libstdc++6 (>= 5.2)
Recommends: ca-certificates
Suggests: apt-doc, aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), gnupg | gnupg2 | gnupg1, powermgmt-base
Breaks: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~), aptitude (<< 0.8.10)
Replaces: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~)

Package Anatomy 4

Filename: pool/main/a/apt/apt_1.6.1_amd64.deb
Size: 1166400
MD5sum: 8703b482ccad77b727e47f23247162a6
SHA1: a363ab9d70d0d6cfe3d71e5c85cea6b361cc40d3
SHA256: 2ff201fadafd345f30c11824fa039d3ab9dfe34411d9ef45a7872a84498de9ff

Package Anatomy 5

Description-en: commandline package manager
 This package provides commandline tools for searching and
 managing as well as querying information about packages
 as a low-level access to all features of the libapt-pkg library.
 .
 These include:
  * apt-get for retrieval of packages and information about them
    from authenticated sources and for installation, upgrade and
    removal of packages together with their dependencies
  * apt-cache for querying available information about installed
    as well as installable packages
  * apt-cdrom to use removable media as a source for packages
  * apt-config as an interface to the configuration settings
  * apt-key as an interface to manage authentication keys

Package Anatomy 6

Description-md5: 9fb97a88cb7383934ef963352b53b4a7
Task: minimal
Build-Essential: yes
Supported: 5y

apt<tab><tab>

$ apt<tab><tab>
apt                   aptd                  apt-key
apt-add-repository    aptdcon               apt-mark
apt-cache             apt-extracttemplates  apt-sortpkgs
apt-cdrom             apt-ftparchive        apturl
apt-config            apt-get               apturl-gtk

Under the Hood

$ dpkg<tab><tab>
dpkg                     dpkg-gencontrol          dpkg-scanpackages
dpkg-architecture        dpkg-gensymbols          dpkg-scansources
dpkg-buildflags          dpkg-log-summary         dpkg-shlibdeps
dpkg-buildpackage        dpkg-maintscript-helper  dpkg-source
dpkg-checkbuilddeps      dpkg-mergechangelogs     dpkg-split
dpkg-deb                 dpkg-name                dpkg-statoverride
dpkg-distaddfile         dpkg-parsechangelog      dpkg-trigger
dpkg-divert              dpkg-preconfigure        dpkg-vendor
dpkg-genbuildinfo        dpkg-query
dpkg-genchanges          dpkg-reconfigure

Upgrades

sudo apt update

sudo apt full-upgrade # formerly dist-upgrade

sudo apt upgrade

Security Only Upgrades

$ cat /etc/apt/sources.list.d/security.list
deb http://security.debian.org/ stable/updates main
sudo apt -o Dir::Etc::sourceparts=:: -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list full-upgrade

Release Upgrade

Debian: change the release codename in /etc/apt/sources.list*

Ubuntu: do-release-upgrade from ubuntu-release-upgrader-core package

Package Install

sudo apt install <package>

sudo apt install --no-install-recommends <package>

Package Search

apt-cache search <word>

apt search <word>

Package Info

apt show <package>

apt-cache show <package> # show all installable versions

Package Remove

sudo apt remove <package>

sudo apt purge <package>

Autoremove

The following package was automatically installed and is no longer required:
  libhunspell-1.4-0
Use 'apt autoremove' to remove it.

Install Specific Version

apt-cache search <package> | grep ^Version:

sudo apt install <package>=<version>

Install Specific Version Example

$ apt-cache show firefox-esr | grep ^Version:
Version: 60.4.0esr-1~deb9u1
Version: 60.3.0esr-1~deb9u1
$ sudo apt install firefox-esr=60.3.0esr-1~deb9u1
The following packages will be DOWNGRADED:
  firefox-esr

Install and Uninstall Together

$ sudo apt install vim-syntastic- vim-asciidoc+
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  vim-syntastic
The following NEW packages will be installed:
  vim-asciidoc
0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded.
Need to get 59.2 kB of archives.
After this operation, 699 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Reinstall

sudo apt -o APT::Get::ReInstall=true install <package>

sudo apt-get --reinstall <package>

tasksel

$ tasksel --list-tasks | tail
u ubuntustudio-fonts    Large selection of font packages
u ubuntustudio-graphics 2D/3D creation and editing suite
u ubuntustudio-photography      Photograph touchup and editing suite
u ubuntustudio-publishing       Publishing applications
u ubuntustudio-video    Video creation and editing suite
u vanilla-gnome-desktop Vanilla GNOME desktop
u xubuntu-core  Xubuntu minimal installation
u xubuntu-desktop       Xubuntu desktop
i openssh-server        OpenSSH server
i server        Basic Ubuntu server

File System

/etc/apt/sources.list

/etc/apt/sources.list.d/

/etc/apt/apt.conf.d/

secfix
$ cat /etc/apt/apt.conf.d/55redirects
Acquire::http::AllowRedirect "false";

Package Configuration Files

configuration file
    A file that affects the operation of a program, or provides site- or host-specific information, or otherwise customizes the behavior of a program. Typically, configuration files are intended to be modified by the system administrator (if needed or desired) to conform to local policy or to provide more useful site-specific behavior.
conffile
    A file listed in a package’s conffiles file, and is treated specially by dpkg
    /var/lib/dpkg/info/*.conffiles

Debian Configuration File Requirements

preserve local changes

preserve on removal

delete on purge

remove obsolete

maintainer scripts aren’t conffiles

maintainer scripts must correctly create, update, maintain and remove

idempotent

don’t change another package’s conffiles

Automagic Configuration

default to generally useful config

Do No Harm

Configuration file '/etc/firefox-esr/firefox-esr.js'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** firefox-esr.js (Y/I/N/O/D/Z) [default=N] ?

dpkg Droppings

dpkg-old

dpkg-dist

$ find /etc/ -name '*.dpkg-old'
/etc/firefox-esr/firefox-esr.js.dpkg-old

Pinning

man apt_preferences

apt-get -t

apt-cache policy <package>

$ cat /usr/share/doc/apt/examples/preferences
Package:  *
Pin:  release a=stable
Pin-Priority:  500

Package:  *
Pin:  release a=testing
Pin-Priority:  101

Package:  *
Pin:  release a=unstable
Pin-Priority:  99

Holding a Package

sudo apt-mark hold <package>

Replicating Installs

dpkg --get-selections

dpkg --set-selections

sudo apt-get -u dselect-upgrade

dpkg -l

apt-clone

ssh remote.box "dpkg --get-selections" | sudo dpkg --set-selections

Fixing Borktitude

apt --fix-broken install

dpkg-reconfigure -a

File Ownership

dpkg -S <filename>

dpkg -L <packagename>

apt-file

Snaps Pros

Snaps Cons

Snap Releases

stable: latest stable release of an application

candidate: release candidate (RC) of an application that is reaching the stable version

beta: unstable version that has reached a certain milestone

edge: daily/nightly build of an application under development

Snap Confinements

strict - default

devmode - can’t be released as stable

classic - requires review and approval before release

deb Package Creation

equivs

alien

dh-make-perl

dh-make-goland

debpear

gem2deb

Further deb Package Data

dpkg --status <package>

dpkg-query --showformat=${Conffiles}n --show <package>

apt-rdepends <package>

apt-listchanges <package>

apt-venv

Configuration Directory

etckeeper

/etc/default/

/etc/alternatives

Security

no root password

sudo

man apt-secure

debsescan

checksecurity

packages with setuid

Package Sleight of Hand

update-alternatives

dpkg-divert

System Cleaning

apt clean

deborphan

Homework

LHtalks_qr.SeaGL.png

Resources, shell

Resources, online documentation

Resources, repositories