The Debian package management system
5.4 Managing packages: APT
5.4.2 APT configuration
The above will take about one minute per server, which can be controlled with the -toption. Make sure to read theapt-spy (8)manpage for further information on this option.
As mirrors can only be selected per country, users in countries with a large number of mirrors (such as the United States) will not findapt-spyvery useful. It is, how-ever, possible to cap the number of servers to be tested, using the-eoption. By restricting it to check only a small number of servers,apt-spyregains some of its value in large countries.
5.4.2 APT configuration
Most aspects ofAPTcan be customised. In fact, in the/etc/apt/apt.conffile, you can change the defaults for almost all command line switches. Instead of the default file, the$APT_CONFIGenvironment variable can be pointed to a different configuration file that will be used instead when set.
Configuration parameters are name-value pairs, split into groups according to their application. The name of the group is prepended to the parameter with a “::”
separator. The apt.conf (5)manpage describes the syntax. Available items are listed in the manpages of the corresponding commands (e.g.apt-get (1)and apt-cache (1)).
17http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
APT::Cache-Limit 16777216;
APT::Get::Show-Upgraded true;
APT::Get::Default-Release "sarge";
APT::Get::Purge false;
Acquire::Queue-Mode host;
Acquire::Retries 0;
Alternatively, group prefixes can be scoped with curly braces. All in all, the syntax is reminiscent of C++ namespaces:
APT {
Cache-Limit 16777216;
Get {
Default-Release "sarge";
Show-Upgraded true;
Purge false;
}; }; Acquire {
Queue-Mode host;
Retries 0;
};
/etc/apt/apt.conf allows you to control the way in which APT invokesdpkg to handle the package files it downloads, or to interact with the package database.
For instance, you may letAPTinstructdpkgnever to downgrade a package and never to reinstall a package of the same version with the following snippet in /etc/apt/apt.conf:
DPkg {
Options { "--refuse-downgrade"; "--skip-same-version"; } };
If switches like this are part of your system administration policy, it is better to set them indpkg’s configuration to prevent them being ignored whendpkgis invoked directly rather than viaAPT(see chapter 5.3.8).
In addition to /etc/apt/apt.conf, the /etc/apt/apt.conf.d directory may contain files withAPTconfiguration snippets, which will be sourced in lexicographical or-der (see chapter 6.1.1). It might not be a bad idea to drop local configuration into different files below this directory to logically separate it into chunks at filesystem level.
Furthermore, everyAPTprogramme accepts additional settings with the--option command line flag. Thus, the following two commands are equivalent:
˜# apt-get install --download-only postfix
˜# apt-get install --option APT::Get::Download-Only=true postfix
Using theAPTconfiguration directives, you can also fine-tune the acquisition of DEB files from the various media. The top-levelAcquiregroup of configuration directives allows you to set parameters relevant to the HTTP, FTP, and CD-ROM media. For instance, default proxies for the two network protocols can be speci-fied, including user and password information. The user can override the proxies with the standard$http_proxyand$ftp_proxyenvironment variables, which take precedence over theAPTsettings.
APThooks
APTprovides three hooks for the user to run custom commands at various stages of interaction withdpkg. Two of these hooks are of particular interest to admin-istrators of specialised systems. For instance, on systems where/usr is generally mounted read-only, the following settings causeAPTto enable writing to the/usr filesystem for installations or upgrades:
DPkg {
Pre-Invoke { "mount -o remount,rw /usr"; }; Post-Invoke { "mount -o remount,ro /usr"; }; };
An additional hook, Pre-Install-Pkgsworks in a similar way. APTinvokes com-mands specified for this hook even beforePre-Invoke, feeding it the names of the DEB files to be installed onstdin. This hook is most commonly used by extensions, such asapt-listchanges(see chapter 5.11.2).
5.4.3 Installing packages
When the user requests a certain software to be installed,APTuses its dependency graph to find best the way of satisfying the user’s request. Fromdpkg, it knows about the set of installed packages and can thus figure out which additional pack-ages must be downloaded and handed todpkgfor installation. Similarly,APT iden-tifies conflicts. Wheredpkg(rightfully) fails in the face of a conflicts,APTsuggests the removal of any conflicting packages, giving priority to the user’s request (as opposed to refusing the installation due to the conflicts). It is therefore always a good idea to inspect the changes by a utility based onAPTbefore telling it to do its thing (see chapter 5.4.2 about theAPT::Get::Show-Upgradedoption).
For each package thatAPT needs to install, it enables an appropriate download method to retrieve the DEB file from a repository into its cache directory18. If mul-tiple repositories provide the same file, the repository mentioned first in/etc/apt/
sources.listwill be used.
18/var/cache/apt/archives
Finally,APTenlistsdpkgto remove any conflicting packages and subsequently in-stall the new packages from the DEB files it downloaded to the cache directory. In the following example, thepostfixDEB file is already in APT’s cache directory. The other package files needed to fulfillpostfix’s dependencies have not been cached, however, and APT thus fetches them from the location associated with the package.
˜# apt-get install postfix Reading Package Lists... Done Building Dependency Tree... Done
The following NEW packages will be installed:
adduser debconf debconf-i18n ifupdown iputils-ping
liblocale-gettext-perl libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl libwrap0 net-tools netbase netkit-inetd postfix tcpd
0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded.
Need to get 857kB/1636kB of archives.
After unpacking 6550kB of additional disk space will be used.
Do you want to continue? [Y/n] y [...]
Get:13 http://debian sarge/main tcpd 7.6.dbs-6 [72.6kB]
Get:14 http://debian sarge/main netbase 4.19 [40.2kB]
[...]
As opposed todpkg,APTdoes not use a database but computes package download locations and dependencies on every invocation (which makes it somewhat slow).
Similar todpkg, an optimised rewrite is on the to-do list. To do this,APTuses the files in/var/lib/apt/lists, whichapt-get updatehad downloaded previously. Thus, to service a request for a binary package,APTreads thePackagesfiles in the order of their repositories, as declared in/etc/apt/sources.listand computes the URI to be used in each case. It also reads theMD5sum for each DEB file from thePackages files for later verification of the downloaded data. You can makeAPToutput this information instead of carrying through with the request using the--print-uris switch:
’.../pool/main/p/postfix/postfix_2.1.5-1_i386.deb’
postfix_2.1.5-1_i386.deb 798936 e4062f342b5d77416ae4ef28dfed1ef8
You can also tellAPTto merely simulate and not actually install:
˜# apt-get install --simulate [...]
Inst postfix [2.1.5-1] (2.1.5-1 Debian:sarge) Conf postfix (2.1.5-1 Debian:sarge)
apt-getalso accepts POSIX-style regular expressions in place of package names:
˜# apt-get install libusb-\(0\.1-4\|-dev\) [...]
Note, selecting libusb-0.1-4 for regex ’libusb-(0.1-4|dev)’
Note, selecting libusb-dev for regex ’libusb-(0.1-4|dev)’
[...]
The following NEW packages will be installed:
libusb-0.1-4 libusb-dev [...]
APTautomatically checks the hash sum of each file it processes against its entry in the correspondingPackagesfile. Only when theMD5sums match will the in-stallation proceed. In case of a discrepancy,APTwill report anMD5mismatch and refuse to install or upgrade a package. In chapter 7.5 we will revisit package hash sums and introduce a means to verify downloads.
Updating theAPTdatabase
ThePackagesfiles, which are integral toAPT’s operation, must be updated regularly.
Even though thestablerelease does not change (other than when a new “r-release”
is made), the only way forAPTfor find out about newly available security updates (or newly available packages, if you are running something other thanstable), is by checking the registered repositories for updatedPackagesindex files. It is probably a good idea to update these files once a day, or at least once in a while, prior to use.
Thecron-aptpackage provides a flexible framework that allows you to automate this (and other)APTprocesses (see chapter 5.11.4). OutdatedPackagesfiles can causeAPTto fail when its indices point to files which have been removed in favour of newer versions.
To update the database, you simply run one command:
˜# apt-get update
Get:1 http://debian sarge/main Packages [3331kB]
[...]
Fetched 3331kB in 0s (24328kB/s) Reading Package Lists... Done
During the update, APTcleans /var/lib/apt/listsof any files belonging to repos-itories which are not referenced by /etc/apt/sources.list. If you pass the --no-list-cleanupoption (APT::Get::List-Cleanup),APTrefrains from erasing obsoleted files, which may be handy if you are only temporarily disabling a repository in the sources.listfile; you will not have to download it again when you put the reposi-tories back inAPT’s package sources.
Dependency resolution in action
When resolving dependencies,APTtries to make sane choices. Apart from auto-matically pulling in packages on which a requested package depends,APTremoves conflicting packages that are already installed in an effort to honour any request the user makes. Whenever a request does anything in addition to what the user wanted, apt-getwill ask for confirmation after displaying the proposed changes to the package selection. This is to prevent inadvertently deinstalling conflicting packages or pulling in hundreds of dependencies. If no extra actions are required, APTwill not prompt.
As shown in chapter 5.4.2,APTcan be made to always prompt for confirmation by settingAPT::Get::Show-Upgraded true. Similarly, settingAPT::Get::Assume-Yes trueor specifying --yesin theAPT command line causesAPT to always bypass confirmation and continue. Avoid this option; confirmations are a good thing in the productivity domain19.
At times, a package may depend on any one of a set of packages. For instance, apache2depends on “apache2-mpm-worker|apache2-mpm-prefork| apache2-mpm-perchild”, and thus requires any one of these three to be installed. By default, APTwill install the first package, unless another one is explicitly requested:
˜# apt-get install apache2 [...]
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-worker libapr0 libexpat1 libmagic1 mime-support openssl ssl-cert
[...]
˜# apt-get install apache2 apache2-mpm-perchild [...]
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-perchild libapr0 libexpat1 libmagic1 mime-support openssl ssl-cert
[...]
If the preference isnotto install one package but pick any other,APTcan be told to choose the next one in the row by instructing it not to use the first choice to satisfy the dependency:
19Youdouse the-iflag withrmandmvwhen working as root, right?
˜# apt-get install apache2 apache2-mpm-worker-[...]
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-prefork libapr0 libexpat1 libmagic1 mime-support openssl ssl-cert
[...]
You can use plus and minus signs to influenceAPT’s decision; appending a minus to a package explicitly removes it (and appending a plus to a package in anapt-get removeinvocation installs the package, as one might expect).
Debian also knows about the concept of virtual packages (see chapter 5.7.3). You cannot install virtual packages directly, but packages may depend on them.
˜# apt-get install mail-transport-agent Reading Package Lists... Done
Building Dependency Tree... Done
Package mail-transport-agent is a virtual package provided by:
zmailer 2.99.56-2 [...]
postfix 2.1.5-1 [...]
courier-mta 0.47-3
You should explicitly select one to install.
E: Package mail-transport-agent has no installation candidate
For instance,atdepends onmail-transport-agent. Since every package providing a Mail Transfer Agent (MTA) in Debian includes this virtual package, new MTAs can be used to satisfyat’s dependency without requiring a change toat. If a package depends on a virtual package,APTchooses a package with the virtual package for installation. To override the choice, you can do the same as above:
˜# apt-get install at [...]
The following NEW packages will be installed:
at courier-authdaemon courier-base courier-mta [...]
Do you want to continue? [Y/n] n
˜# apt-get install postfix at [...]
The following NEW packages will be installed:
adduser at debconf [...] postfix [...]
Note that order matters on theapt-get installcommand line20. If you were to installatand thenpostfix,APTwould also pull incourier-mta’s dependencies even though it will not installcourier-mtain the end. Thus,APTscans the command
20http://bugs.debian.org/122304
line and appends all dependencies, resolving conflicts by giving priority to packages pulled in later.
Reinstalling packages
It may be necessary at times to ask for a package to be reinstalled. Maybe the root user deleted a file by accident, or a modification to the configuration files went out of control. WhenAPTis told to install an already installed package, it will not comply with the request:
˜# apt-get install postfix [...]
postfix is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 31 not upgraded.
The--reinstallswitch forcesAPTto perform the installation again, regardless:
˜# apt-get install --reinstall postfix [...]
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0B/795kB of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue? [Y/n] y [...]
As long as the required DEB file is still cached (above), you can also usedpkgdirectly for the reinstallation. Thus, the following is equivalent to tellingAPTto reinstall a package:
˜# apt-get --download-only install postfix
˜# dpkg --install /var/cache/apt/archives/postfix_2.1.5-1_i386.deb