apt
Files for an installed package
_$: dpkg -L <paquete>
_$: dpkg --listfiles <paquete>
Find to which package belongs a file
_$: dpkg-query -S /bin/zless
gzip: /bin/zless
So zless
belongs to the gzip
package. Let’s check that:
_$: dpkg-query -L gzip | grep zless
/bin/zless
/usr/share/man/man1/zless.1.gz
Search a package by name
_$: apt-cache search <package>
Check the size of a package
_$: apt-cache show <package>
Download packages limiting bandwith
Example: Limit the download to 150 KB/s.
_$: apt-get -o Acquire::http::Dl-Limit=150 upgrade
Check installed packages
_$: dpkg-query -l
_$: dpkg-query -l "java*"
Install packages with dpkg
_$: dpkg --install <package>
If the package has unmet dependencies, it will fail. To solve that:
_$: apt-get -f install
_$: dpkg --install <package>
Alternatively, we can use gdebi
so that dependencies are taken care of automatically:
_$: gdebi <package>
Check the version of a package
_$: dpkg -s <package>
Change sources
If we want to change the URLs from which the packages will be download, we can update the /etc/apt/sources.list
file with sed
:
_$: sed -i 's/us.archive/archive/g' /etc/apt/sources.list
This way, if you are not in US, your packages will be downloaded from a closer mirror.
Kernel update
If you read this warning:
The following packages have been kept back:
linux-headers-server linux-image-server linux-server
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
you need to update the following packages:
_$: apt-get install linux-headers-server linux-image-server linux-server
_$: apt-get dist-upgrade [--dry-run]
Clean the package cache
_$: apt-get clean
Check the packages that come with tasksel
List package groups:
_$: tasksel --list-tasks
List packages of a group:
_$: tasksel --task-packages server | sort
Install a group of packages:
_$: apt-get install $(tasksel --task-packages server)
System restart required
Only a kernel update should force a system restart, but some other packages (e.g. libssl
) also ask for a system restart. We can avoid it:
1) Check wich packages are asking for a system restart:
_$: cat /var/run/reboot-required.pkgs
libssl1.0.0
There is a script to update that file. You can run it:
_$: /usr/share/update-notifier/notify-reboot-required
2) Find all services that must be restarted because they depend on a library that no longer exists in the system:
_$: ps xh -o pid \
| while read PROCID; do
grep '\.so\>.* (deleted)$' /proc/$PROCID/maps 2> /dev/null
if [ $? -eq 0 ]; then
CMDLINE=$(sed -e 's/\x00/ /g' < /proc/$PROCID/cmdline)
echo -e "\tPID $PROCID $CMDLINE\n"
fi
done
7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
PID 1221 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid
7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
PID 1232 spamd child
7fabb480c000-7fabb49bd000 r-xp 00000000 fc:00 337 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
PID 1234 spamd child
7ff33b527000-7ff33b52b000 r-xp 00000000 fc:00 218 /lib/x86_64-linux-gnu/libuuid.so.1.3.0 (deleted)
...
PID 2000 /usr/sbin/apache2 -k start
7f1849c99000-7f1849e4a000 r-xp 00000000 fc:00 337 /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (deleted)
...
7f184a074000-7f184a0c8000 r-xp 00000000 fc:00 336 /lib/x86_64-linux-gnu/libssl.so.1.0.0 (deleted)
...
PID 2028 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
_$: service restart spamassin
_$: service restart apache
_$: service restart fail2ban
_$: mv /var/run/reboot-required /var/run/reboot-required.bak
_$: mv /var/run/reboot-required.pkgs /var/run/reboot-required.pkgs.bak
_$: /usr/share/update-notifier/notify-reboot-required
_$: cat /var/run/reboot-required.pkgs
[empty]
3) Remove the files that trigger that warning:
_$: rm /var/run/reboot-required /var/run/reboot-required.pkgs
Add repository
Example: Add the repository for the obnam
backup program.
_$: apt-get install python-software-properties
_$: add-apt-repository ppa:chris-bigballofwax/obnam-ppa
Automatic updates
_$: apt-get install unattended-upgrades
_$: dpkg-reconfigure unattended-upgrades
We will only install automatically the security updates:
/etc/apt/apt.conf.d/50unattended-upgrades:
------------------------------------------
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
...
And configure them to run unattended:
/etc/apt/apt.conf.d/10periodic:
-------------------------------
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";
You can find the log file in /var/log/apt/history.log
.