APT # The basics ## Packages * Under Linux, any lib/software/... is provided through packages. * Depending on the distribution, the package format changes (as well as the related tools): * `.deb`: Debian-based distribution (Ubuntu, Mint, etc.) * `.rpm`: Fedora, Redhat, etc. * ... * In this tutorial, we only focus on Debian. * Most of commands support autocompletion (Tab) ## root / `sudo` * Commands related to Linux packages generally requires root privileges * ... because they modify the system (= files outside of your home directory). * Under Linux [`sudo`](https://linux.die.net/man/8/sudo) (super user do) is often installed to run system commands using a user profile (if the user is allowed to run `sudo`!) * To become root: * Debian-based: `su -` * Ubuntu-based: `sudo -s` * Note that under Debian, `sudo` is not installed by default. * If you use a graphical package manager like [`gnome-software`](https://doc.ubuntu-fr.org/gnome-software) or [`discover`](https://apps.kde.org/fr/discover/), it will prompt your password (if you are sudoer). # `apt`, `apt-get`, `aptitude` * APT stands for _Advanced System Package_. * [`apt-get`](https://manpages.debian.org/testing/apt/apt-get.8.en.html), [`apt`](https://manpages.debian.org/testing/apt/apt.8.html) or [`aptitude`](https://manpages.debian.org/testing/aptitude/aptitude.8.en.html) are used to install, update, or remove software. * Unless specified, these commands are interchangeable. * [`apt-get`](https://manpages.debian.org/testing/apt/apt-get.8.en.html) is always available; * [`apt`](https://manpages.debian.org/testing/apt/apt.8.html) is available on modern systems; * [`aptitude`](https://manpages.debian.org/testing/aptitude/aptitude.8.en.html) is not installed by default. * It is useful to handle complex use cases (e.g., upgrading the system release). ## Basic usage ```bash su - # Become root apt update # Fetch list of available packags apt upgrade # Upgrade installed packages apt install sudo # Install the "sudo" package ``` Or with sudo: ```bash sudo apt update # Fetch list of available packags sudo apt upgrade # Upgrade installed packages sudo apt install typespeed # Install the "sudo" package ``` In the rest of the tutorial we use the 2nd version to highlight when root privileges are required. ## Configuration files * By convention, under Linux, the system configuration is stored in `/etc/`. * One subdirectory per application (e.g., `/etc/apt/`) * Under Debian-based distributions, for specific applications, a configuration file `/etc/foo` may be enriched by `/etc/foo.d/*` auxiliary files. * _Example:_ * The standard APT repositories are defined in `/etc/apt/sources.list` * The Custom APT repositories are defined in `/etc/apt/sources.list.d/*.list` ## `/etc/apt/sources.list` ``` deb http://ftp.fr.debian.org/debian/ testing main contrib non-free non-free-firmware deb http://security.debian.org testing-security main contrib non-free non-free-firmware deb http://ftp.fr.debian.org/debian/ testing-updates main contrib non-free non-free-firmware ``` This file defines: * the [system release]; * the mirror URLs.; * the repository (e.g. `main`). Depends on the distribution; * the system release. Releases: * Debian: Toy story character names (`sid` is always unstable). * Ubuntu: adj+animal stored by lexicographic order * In Debian, also: `old-stable`/`stable`/`testing`/`unstable` keywords Do not use repository from other distributions/release, or read about `/etc/apt/preferences`! __Exercice:__ * Could you find on [ftp.fr.debian.org/debian/](http://ftp.fr.debian.org/debian/) where is the `.deb` package related to `typespeed`? * Same exercice using [packages.debian.org](https://packages.debian.org). * Keep in mind you rarely download yourself `.deb` packages, this is the job of `apt`. ## Removing packages * _Removing_ and _purging_ a package is different. * `apt remove` does not clean `/etc` * `apt purge` cleans `/etc` * `apt purge` and `apt remove` do not remove: * user data, i.e., what is in `/home`; * system data, i.e. what is in `/etc/*` and `/var/*`. * Remove when you want to keep the system configuration, otherwise, purge. # Searching packages ## `apt-cache` * [`apt-cache`](https://manpages.debian.org/testing/apt/apt-cache.8.en.html) is used to query (cached) packages _metadata_: * package description; * version; * dependencies... ```sh apt-cache search games apt show typespeed ``` ## `apt-file` * [`apt-file`](https://manpages.debian.org/stretch/apt-file/apt-file.1.en.html) is used to query packages _contents_: ```sh sudo apt install apt-file sudo apt-file update apt-file list core-utils apt-file search bin/ls ``` ## Some naming conventions * Often, an application is provided by the package having the same name. As a consequence, their name often relates to other naming convention. * `x*`: graphical application, using only X11 (ex: `xterm`); * `k*` (often): KDE application (ex: `konsole`); * `*dm`: graphical connection manager (ex: `lightdm`); * `task-*`: packages used to common set of packages (ex: `task-french-kde-desktop`); * `*-l10n` or `*-i18n`: packages related to internationalization (ex: `libreoffice-l10n-fr`); * ̀`lib*`: packages related to library (ex: `libssl3`); * `lib*-dev`: packages required to compile something else (ex: `libssl-dev`); * `python-*`: packages related to Python2; * `python3-*`: packages related to Python3 (ex: `python3-numpy`). ## Virtual packages and meta packages * _Meta packages:_ package with no content, only dependencies (ex: `task-*`, `*-all`). * _Virtual packages:_ package that can be used as a dependency, but not installable. * Don't try to install them, you waste your time! * They are used to define some abstract dependencies. * A virtual package is "installed" if one of its "dependency" is installed. # APT in depth ## `apt update` Under Linux, `/var/lib` stores the application related data. `apt update`: * locks the APT database `/var/lib/apt/lock`; * downloads list of packages in `/var/lib/apt/lists`; * compares the current and available versions of the installed packages; * releases `/var/lib/apt/lock`. If you interrupt APT, you might have to manually remove `/var/lib/apt/lock`. ```sh rm /var/lib/apt/lock ``` ## `apt upgrade` * Marks all the "upgradable" package as "to be upgraded" (using `dpkg`). * Downloads the needed `.deb` from the appropriate mirrors into `/var/cache/apt/archives`. * Match package signature against those trusted by the system. * Deploy each package in the right order (using `dpkg`). * If you lack disk space: ```sh sudo apt clean # Clears /var/apt/cache ``` ## `apt install ...` * Same principle, for a given list of packages * Note that from `dpkg` perspective, explicit installation and dependencies do not have the same status. * This enables `dpkg` to understand what could be auto cleaned when uninstalling some packages ## `apt purge` and `apt remove` * Thanks to `apt-cache`, `apt` knows exactly what files have been deployed by a package. * `apt remove` and `apt purge` remove these file (except those in `/etc/` for `apt remove`). * `apt` should remove most of the dependencies that are no more needed. * If not, run: ```sh sudo apt autoremove # Removes packages that are no more needed ``` ## `deborphan` Sometimes, `apt autoremove` is not enough! * [`deborphan`](https://manpages.debian.org/testing/deborphan/deborphan.1.fr.html) (Debian orphans) lists the packages that are no more needed. * [`deborphan`](https://manpages.debian.org/testing/deborphan/deborphan.1.fr.html) is useful when you run important migration (_e.g._, system release upgrade). In such cases, `apt autoremove` is often not enough. ```sh deborphan # Lists orphans sudo apt purge $(deborphan) # Purges orphans ``` * You might have to run this last command multiple times. # `dpkg` ## The debian package database * [`dpkg`](https://manpages.debian.org/testing/dpkg/dpkg.1.en.html) stands for Debian Package. It is the low-level package tool. * Its database keeps track of the status of each (partially) installed package. ```sh dpkg -l dpkg -l | grep typespeed # Nothing appears sudo apt install typespeed # Install typespeed dpkg -l | grep typespeed # ii = installed sudo apt remove typespeed dpkg -l | grep typespeed # rc = remove but configured sudo apt purge typespeed dpkg -l | grep typespeed # Nothing appears ``` ## Some `dpkg` commands * Below, we illustrate how APT orchestrates [`dpkg`](https://manpages.debian.org/testing/dpkg/dpkg.1.en.html). ```sh sudo dpkg --purge typespeed sudo dpkg --install /var/cache/apt/archives/typespeed*.deb ``` * If you manually download a deb, `dpkg --install` (aka `dpkg -i`) is your friend. * Purge every "rc" package: ```sh sudo apt purge $(dpkg -l | grep ^rc | cut -d" " -f3) ``` # aptitude ## Upgrade Command line: ```sh sudo aptitude update sudo aptitude upgrade ``` Interface: ```sh sudo aptitude ``` ## Organization * Top: menus * Below: tabs * Below: selection: hierarchy of folder and packages * Folder: collapsed `---` vs expanded `\--` * Below: metadata related to the selection ## Example: upgrade * U: update * Shift + U: mark "upgradeable" as "to be upgraded" * G: go (recap) * G: go (apply) * Q: quit ## Main shortcuts * Ctrl + U: open menu (useful to discover shortcuts) * Q: quit current tab (or `aptitude` if there is a single tab) * U: update * Shift + U: mark "upgradeable" as "to be upgraded" * Up, Down: move selection * Enter$: expand / collapse folder * +: install selection * -: remove selection * _: purge selection * /: search package matching a given regular expression * N: move to the next search ## Colors Packages and dependencies are colored as follows: * install * upgrade * remove or purge * held * broken ## Migration 1. Change the system release by modyfying `/etc/apt/sources.list` (and `/etc/apt/sources.list.d`) ```sh sudo nano /etc/apt/sources.list ``` * (ctrl X) to quit 2. Run aptitude ```sh sudo aptitude ``` 3. Update (U), upgrade (Shift + U) 4. Fix broken packages (B * Inspect dependencies * Select appropriate deps (+) / purge inappropriate deps (_). * Examinate (Enter) deps (creates a new tab, close it (Q). 5. Go to recap (G) and check if it is OK. 6. If so, let's go (G). 7. Quit (Q) 8. Cleaning: ```sh sudo apt autoremove sudo apt purge $(deborphan) # Repeat while it cleans ``` # Practicals ## Installing Virtualbox ### Windows / MacOS * [Download and run the installer](https://www.virtualbox.org/) ### Ubuntu * As we can see [here](https://packages.ubuntu.com/mantic/virtualbox), `virtualbox` is provided by the `multiverse` repository. To enable it, follow [this tutorial](https://askubuntu.com/questions/89096/how-do-i-enable-the-multiverse-repository). * Then, run: ```sh sudo apt update sudo apt install virtualbox ``` ### Debian The installation is currently a bit tricky under Debian Trixie. * Trixie (current Debian testing) 1. Create/modify `/etc/apt/source.list.d/sid.list`: ```sh sudo nano /etc/apt/source.list.d/sid.list ```
2. Put inside: ``` deb http://ftp.fr.debian.org/debian/ sid main contrib non-free ``` Save and quit (Ctrl+X). 3. Create/modify `/etc/apt/preferences.d/sid`: ```sh sudo nano /etc/apt/preferences.d/sid ```
4. Put inside: ```sh Package: * Pin: release o=Debian,a=testing Pin-priority: 990 Package: * Pin: release o=Debian,a=sid Pin-priority: 90 ```
This indicates that you prefer `testing` package over `sid` packages if possible. 5. Reindex the repositories and install `virtualbox`: ```sh sudo apt update sudo apt install virtualbox virtualbox-dkms ```
6. If you have enabled the [secure boot](https://wiki.debian.org/SecureBoot), you have to sign the Virtualbox module, otherwise you can't load it: * Become root and create your keys if not yet done: ```bash su - # Ubuntu: sudo su - cd /root openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -days 36500 -subj "/CN=My Name/" -nodes mokutil --import MOK.der mokutil --list-new ```
* Reboot your PC and enroll your keys in the BIOS. * Boot Linux and sign the Virtualbox modules. To do so, use the `sign-file` in the `/usr/lib/linux-kbuild-*/scripts` directory matching your kernel. ```bash PRIV="/root/MOK.priv" DER="/root/MOK.der" PATH="/usr/lib/linux-kbuild-$(uname -r | cut -d"." -f1,2)/scripts:$PATH" PATH="/usr/lib/linux-kbuild-$(uname -r | cut -d"-" -f1,2)/scripts:$PATH" for ko in $(ls -1 /lib/modules/$(uname -r)/updates/dkms); do sign-file sha256 $PRIV $DER $ko; done ```
* You should now be able to load the `vboxdrv` module: ```sh sudo modprobe vboxdrv sudo dmesg | tail ```
7. Run `virtualbox`. * Other Debian releases: 1. Follow [these steps](https://wiki.debian.org/VirtualBox). 2. If you use a secure boot, we refer you to the step 6 for Debian Trixie. ### Other Linux distributions * Hopefully, virtualbox is directly installable through your package manager! ## Installing the virtual system During the tutorial, you could download this Debian Virtual box image [here](http://137.194.54.111/index.html), especially if you are at LINCS premises. 1. Run `virtualbox`. 2. Create a new virtual machine (for instance, named _Debian_). 3. Load the `Debian.vdi` file you just downloaded. Otherwise, install Debian by yourself: 1. Download [an ISO of a Debian installer](https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso). 2. In virtualbox, create a new Debian virtual machine with the default parameter. 3. Run the virtual machine and in the corresponding windows, load the iso file and boot on it. 4. Use the default installation (press enter during the whole installation except when your password is prompt). 5. Once the installation is finish, release the iso and restart the VM. ## Exercices ### Install a simple package 1. Install `typespeed`.

Solution

```bash sudo apt update sudo apt install typespeed ```

2. Check the `dpkg` database status of `typespeed`.

Solution

```bash dpkg -l | grep typespeed ```

3. What is the path of the downloaded `.deb` file?

Solution

```bash ls /var/cache/apt/archives/typespeed*deb ```

4. Remove `typespeed` and check its status in the `dpkg` database.

Solution

```bash sudo apt remove typespeed dpkg -l | grep typespeed ```

5. Purge `typespeed` and check its status in the `dpkg` database.

Solution

```bash sudo apt purge typespeed dpkg -l | grep typespeed ```

6. How would you list the commands provided by the `typespeed` package?

Solution

```bash sudo apt install apt-file sudo apt-file update apt-file list typespeed | grep bin/ ```

7. Run the game.

Solution

Just run: ```bash typespeed ```
Note you do not need to provide the absolute path, as the binary is installed in a directory listed in the `PATH` environment variable: ```bash which typespeed echo $PATH ```

### Searching and installing packages 1. Find the packages related to SSH server and a SSH client.

Solution

There are several packages related to SSH: ```bash apt search ssh apt-cache search ssh ```
The package `openssh-server` (resp. `openssh-client`) is related to the server.

2. What happens if you run the following command? Why? ```sh apt install ssh ```

Solution

To understand what installs this command, look the dependencies ```bash apt show ssh ```
* We observe that the `ssh` packages depends on `openssh-server` and `openssh-client`. * Thus, installing `ssh` will install `openssh-server` and `openssh-client`. * In the end, this command installs the SSH client and the SSH server.

4. Try if you can connect locally to your own SSH server. Why does it work? ```sh ssh localhost ```

Solution

* It works out-of-the-box, because installing the `openssh-server` package automatically runs the SSH server. * The package installs many files, including `/etc/init.d/ssh` (script to start the SSH server) and `/usr/sbin/sshd` (the SSH server binary). * This Debian package also involve various scripts (for more details, you could extract the `.deb` contents using `dpkg-deb`). * The post install script invokes `/etc/init.d/ssh` which has starts `/usr/sbin/sshd` with the appropriate options.

### Migration to a newer system release 1. Migrate the VM to Debian Sid.

Solution

Updates the sources (change the release to `sid`) ```sh sudo nano /etc/apt/sources.list ```
Save and quit. Then run: ```sh sudo aptitude ``` * Update and upgrade (U, Maj+U). * If there are broken packages, iterate on them using B and determine why it blocks. Depending on the situation, you might need to purge the package or to fix its dependencies. * Once there is no more broken packages, run the upgrade (G, G). Then quit (Q).

2. Clean the cache and the obsolete deps / packages.

Solution

Remove the obsolete packages: ```bash sudo apt autoremove sudo apt purge $( deborphan ) ```
Repeat the last command while it purges packages: ```bash sudo apt purge $( dpkg -l | grep "^rc" | cut -d" " -f3 ) ```

### Installing more advanced packages * Install Xorg (graphical server) using `aptitude` in interactive mode. * Comment about the `xserver-xorg-video-all` package using `aptitude`. * Knowing that you can find the VGA card model using `lspci`, how to remove the useless `xserver-xorg-video-*` package? What about `xserver-xorg-video-all`? * Install a lightweight graphical interface (e.g., `icewm`) and a graphical connection manager (e.g., `lighdm`). * Log in and run a terminal. ### Installing non-standard packages * Install [chrome](https://www.google.com/intl/en_en/chrome/) using `dpkg`.

Solution

```sh wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb sudo dpkg -i google-chrome-stable_current_amd64.deb sudo apt-get install -f rm google-chrome-stable_current_amd64.deb ```

### Add new repository * Inception practical! Install [virtualbox](https://wiki.debian.org/VirtualBox) in your VM :)

Solution

See the steps in the section _"Installing Virtualbox > Debian"_