apt

Files for an installed package

_$: dpkg -L <paquete>
_$: dpkg --listfiles <paquete>

Find to which package belongs a file

_$: dpkg-query -S /bin/zless
gzip: /bin/zless

So zless belongs to the gzip package. Let’s check that:

_$: dpkg-query -L gzip | grep zless
/bin/zless
/usr/share/man/man1/zless.1.gz

Search a package by name

_$: apt-cache search <package>

Check the size of a package

_$: apt-cache show <package>

Download packages limiting bandwith

Example: Limit the download to 150 KB/s.

_$: apt-get -o Acquire::http::Dl-Limit=150 upgrade

Check installed packages

_$: dpkg-query -l
_$: dpkg-query -l "java*"

Install packages with dpkg

_$: dpkg --install <package>

If the package has unmet dependencies, it will fail. To solve that:

_$: apt-get -f install
_$: dpkg --install <package>

Alternatively, we can use gdebi so that dependencies are taken care of automatically:

_$: gdebi <package>

Check the version of a package

_$: dpkg -s <package>

Change sources

If we want to change the URLs from which the packages will be download, we can update the /etc/apt/sources.list file with sed:

_$: sed -i 's/us.archive/archive/g' /etc/apt/sources.list

This way, if you are not in US, your packages will be downloaded from a closer mirror.

Kernel update

If you read this warning:

The following packages have been kept back:
  linux-headers-server linux-image-server linux-server
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

you need to update the following packages:

_$: apt-get install linux-headers-server linux-image-server linux-server
_$: apt-get dist-upgrade [--dry-run]

Clean the package cache

_$: apt-get clean

Check the packages that come with tasksel

List package groups:

_$: tasksel --list-tasks

List packages of a group:

_$: tasksel --task-packages server | sort

Install a group of packages:

_$: apt-get install $(tasksel --task-packages server)

System restart required

Only a kernel update should force a system restart, but some other packages (e.g. libssl) also ask for a system restart. We can avoid it:

1) Check wich packages are asking for a system restart:

_$: cat /var/run/reboot-required.pkgs
libssl1.0.0

There is a script to update that file. You can run it:

_$: /usr/share/update-notifier/notify-reboot-required

2) Find all services that must be restarted because they depend on a library that no longer exists in the system:

_$: ps xh -o pid \
| while read PROCID; do
  grep '\.so\>.* (deleted)$' /proc/$PROCID/maps 2> /dev/null
  if [ $? -eq 0 ]; then
    CMDLINE=$(sed -e 's/\x00/ /g' < /proc/$PROCID/cmdline)
    echo -e "\tPID $PROCID $CMDLINE\n"
  fi
done

7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
	PID 1221 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid

7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
	PID 1232 spamd child

7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
	PID 1234 spamd child

7ff33b527000-7ff33b52b000 r-xp 00000000 fc:00 218                        /lib/x86_64-linux-gnu/libuuid.so.1.3.0 (deleted)
...
	PID 2000 /usr/sbin/apache2 -k start 

7f1849c99000-7f1849e4a000 r-xp 00000000 fc:00 337                        /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
7f184a074000-7f184a0c8000 r-xp 00000000 fc:00 336                        /lib/x86_64-linux-gnu/libssl.so.1.0.0 (deleted)
...
	PID 2028 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock

_$: service restart spamassin
_$: service restart apache
_$: service restart fail2ban

_$: mv /var/run/reboot-required      /var/run/reboot-required.bak
_$: mv /var/run/reboot-required.pkgs /var/run/reboot-required.pkgs.bak

_$: /usr/share/update-notifier/notify-reboot-required
_$: cat /var/run/reboot-required.pkgs
[empty]

3) Remove the files that trigger that warning:

_$: rm /var/run/reboot-required  /var/run/reboot-required.pkgs

Add repository

Example: Add the repository for the obnam backup program.

_$: apt-get install python-software-properties
_$: add-apt-repository ppa:chris-bigballofwax/obnam-ppa

Automatic updates

_$: apt-get install unattended-upgrades
_$: dpkg-reconfigure unattended-upgrades

We will only install automatically the security updates:

/etc/apt/apt.conf.d/50unattended-upgrades:
------------------------------------------
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};
...

And configure them to run unattended:

/etc/apt/apt.conf.d/10periodic:
-------------------------------
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";

You can find the log file in /var/log/apt/history.log.