Debian 包工具(dpkg, apt-get, apt-mark)

由 datahunter 在二, 14/10/2008 - 22:14 發表

最後更新: 2020-03-15

介紹

Debian 內的 package 是以 .deb 為檔尾

主要工具1: dpkg

/var/cache/debconf 是 dpkg 存放包 meta 資料的地方

ls /var/cache/debconf

config.dat  config.dat-old  passwords.dat  templates.dat  templates.dat-old

有關包的介紹及其狀態保存在

/var/lib/dpkg/status

Package: tcpd
Status: install ok installed
Priority: important
Section: net
Installed-Size: 212
Maintainer: Marco d'Itri <[email protected]>
Architecture: i386
Source: tcp-wrappers
Version: 7.6.q-16
Replaces: libwrap0 (<< 7.6-8)
Depends: libc6 (>= 2.7-1), libwrap0 (>= 7.6-4~), debconf (>= 0.5) | debconf-2.0
Description: Wietse Venema's TCP wrapper utilities
 Wietse Venema's network logger, also known as TCPD or LOG_TCP.
 .
 These programs log the client host name of incoming telnet,
 ftp, rsh, rlogin, finger etc. requests.
 .
 Security options are:
  - access control per host, domain and/or service;
  - detection of host name spoofing or host address spoofing;
  - booby traps to implement an early-warning system.

.....................................................

install:

dpkg -i <package.deb>

remore:

dpkg -r <package.deb>

purge:

dpkg -P <package.deb>

安裝包內信息: (--info)

dpkg -I <package.deb>

 new debian package, version 2.0.
 size 119334 bytes: control archive= 2535 bytes.
      92 bytes,     5 lines      conffiles
     624 bytes,    17 lines      control
    2735 bytes,    37 lines      md5sums
     964 bytes,    36 lines   *  postinst             #!/bin/sh
     445 bytes,    19 lines   *  postrm               #!/bin/sh
     266 bytes,    11 lines   *  prerm                #!/bin/sh
 Package: vsftpd
 Version: 2.0.7-1+lenny1
 Architecture: i386
 Maintainer: Daniel Baumann <[email protected]>
 Installed-Size: 416
 Depends: libc6 (>= 2.7-1), libcap1, libpam0g (>= 0.99.7.1), libssl0.9.8 (>= 0.9.8f-5), libwrap0 (>= 7.6-4~), libpam-modules, adduser, netbase
 Recommends: logrotate
 Conflicts: ftp-server
 Provides: ftp-server
 Section: net
 Priority: extra
 Description: The Very Secure FTP Daemon
  A lightweight, efficient FTP server written from the ground up with
  security in mind.
  .
  vsftpd supports both anonymous and non-anonymous FTP, PAM authentication,
  bandwidth limiting, and the Linux sendfile() facility.

安裝包有會安裝什麼檔案: (--contents)

dpkg -c <package.deb>

drwxr-xr-x root/root         0 2011-09-09 03:47 ./
drwxr-xr-x root/root         0 2011-09-09 03:47 ./etc/
-rw-r--r-- root/root       132 2011-09-09 03:47 ./etc/ftpusers
-rw-r--r-- root/root      5083 2011-09-09 03:47 ./etc/vsftpd.conf
drwxr-xr-x root/root         0 2011-09-09 03:47 ./etc/logrotate.d/
-rw-r--r-- root/root       134 2011-09-09 03:47 ./etc/logrotate.d/vsftpd
................................................

# 顯示已安裝包裹的信息 , 如 Priority , Depends , Conflicts , Description (--status)

dpkg -s <package>

# 只顯示已安裝套件 [pattern] 的 Stats , Name , Version , Description (--list)

dpkg -l [pattern]

e.g.

dpkg -l "linux-image-*"

hi  linux-image-5.10.0-25-amd64          5.10.191-1   amd64        Linux 5.10 for 64-bit PCs (signed)
un  linux-image-5.10.0-25-amd64-unsigned <none>       <none>       (no description available)
ii  linux-image-amd64                    5.10.191-1   amd64        Linux for 64-bit PCs (meta-package)
un  linux-image-generic                  <none>       <none>       (no description available)

Desired=Unknown/Install/Remove/Purge/Hold

Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend

hi = Hold & Inst

ii = Install & Inst

# 列出已安裝 <package> 所包含的文件清單 (--listfiles)

dpkg -L <package>

# 在已安裝的套件中尋找特定檔案pattern所屬的套件 (--search)

dpkg -S <pattern>

很有用的功能:

--get-selections

--set-selections

--ignore-depends

dpkg -i lib-utils_1.00-10_all.deb

(Reading database ... 30234 files and directories currently installed.)
Preparing to replace lib-utils 1.00-10 (using lib-utils_1.00-10_all.deb) ...
Unpacking replacement lib-utils ...
dpkg: dependency problems prevent configuration of lib-utils:
lib-utils depends on libc6-i386 (>= 2.1.3); however:
  Package libc6-i386 is not installed.
dpkg: error processing lib-utils (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
lib-utils

# dpkg -i --ignore-depends=<package(s) to ignore> package.deb

dpkg -i --ignore-depends=libc6-i386 lib-utils_1.00-10_all.deb

(Reading database ... 30234 files and directories currently installed.)
Preparing to replace lib-utils 1.00-10 (using lib-utils_1.00-10_all.deb) ...
Unpacking replacement lib-utils ...
Setting up lib-utils (1.00-10) ...

主要工具2: apt-get

# 包的自動安裝或升級工具, 它會根據包裹的倚賴性而下載所需的包

# 它亦是 aptitude 的 back-end 來

apt-get [options] command (package)

# 移除以及任何倚賴這個包裹的其它包裹

apt-get [--purge] remove (package)

Upgrade apt-get

apt-get install apt

Command :

update # 更新包的資訊 (從 sources.list 下載 Packages.gz)

install X # 安裝 Package (支援 POSIX regular expression)

upgrade X # 升級所以已經安裝的包

remove # 移除某包

purge # 移除包並同時移除包的有關設定檔

check # 更新暫存區並檢查損壞的套件

dist-upgrade # 與 upgrade 類似, 並會安裝和移除包來滿足倚賴關係.

clean # 清空暫存區內的所有包

autoclean # 只清除暫存區內系統沒有安裝的包

Options:

-d 從網絡下載包回本地, 但不即時進行 install 或 upgrade

-f 不理會 "integrity check", 強制進行 install 或 upgrade

-s 模擬進行指令 ( simulate )

-t 選擇不同的版本, stable , testing , unstable

--reinstall 重裝某包的檔案, 但不影響設定檔

i.e. 修復誤刪除檔案問題

dpkg -L rsync | grep 'bin/rsync'

/usr/bin/rsync

rm -f /usr/bin/rsync

apt-get install --reinstall rsync

ls /usr/bin/rsync

apt-get source

相當檔案及目錄:

設定檔 /etc/apt/apt.conf

包的下載來源 /etc/apt/sources.list

# Default

# See sources.list(5) for more information, especially
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

暫存區位置 /var/cache/apt/archives

包的版本控制 /etc/apt/preferences

包的資訊位置 /var/lib/apt/lists/

apt-cache search

# 搜索滿足 <pattern> 的包裹和描述.

apt-cache search <pattern>

# 顯示 <package> 的完整的描述. (Installed-Size, MD5sum, Description)

apt-cache show <package>

# 顯示 <package> 和其它包裹的關係. (Reverse Depends, Dependencies:)

# (showpkg = depends + rdepends)

apt-cache showpkg <package>

apt-rdepends

auto-apt

reinstall:

apt-get --reinstall install asterisk-config

cron-apt

apt-utils

apt-build

apt-move

deborphan ( 移除多孤兒的 lib )

安裝:

apt-get install deborphan

應用:

deborphan
#列出已成為孤兒的 lib

deborphan -d
# 列出所有安裝了的 lib 的 dependency

包的 Preferences

* pinning is more reliable, than apt-mark

/etc/apt/preferences

不同 Source 的優先次序:

vi /etc/apt/preferences

Package: *
Pin: origin <Source>
Pin-Priority: 1001

Example1: Hold version to stable

當在同一個系統上用到不同版本的 Package 時, 那就要用 Pin 了

Pin 是用來解決它們的優先次序的

檔案: /etc/apt/preferences

Package: *
Pin: release a=stable
Pin-Priority: 700       <-- 數值愈大, 等級愈高

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

# a (archive), c (components), v (version), o (origin) and l (label).

Priority:

0 永不安裝
0 < P <=100 安裝了
100 < P <=500 將會安裝
P > 1000 永遠安裝它(就算整系統要升級)

Example1: Pin version

apt-cache policy systemd-sysv

systemd-sysv:
  Installed: 229-4ubuntu21.21
  Candidate: 229-4ubuntu21.22
  Version table:
...

apt list systemd-sysv

systemd-sysv/xenial-updates 229-4ubuntu21.22 amd64 [upgradable from: 229-4ubuntu21.21]
N: There are 2 additional versions. Please use the '-a' switch to see them.

apt list -a systemd-sysv

systemd-sysv/xenial-updates 229-4ubuntu21.22 amd64 [upgradable from: 229-4ubuntu21.21]
systemd-sysv/xenial-security,now 229-4ubuntu21.21 amd64 [installed,upgradable to: 229-4ubuntu21.22]
systemd-sysv/xenial 229-4ubuntu4 amd64

/etc/apt/preferences.d/pin_systemd-sysv

Package: systemd-sysv
Pin: version 229-4ubuntu21.21
Pin-Priority: 501

測試

apt-get upgrade systemd-sysv

Reading package lists... Done
Building dependency tree
Reading state information... Done
systemd-sysv is already the newest version (229-4ubuntu21.21).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

升級情況: apt-cache policy

apt-cache policy samba

samba:
  Installed: 2:3.6.3-2ubuntu2.3
  Candidate: 2:3.6.3-2ubuntu2.3
  Version table:
 *** 2:3.6.3-2ubuntu2.3 0
        500 http://hk.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:3.6.3-2ubuntu2.1 0
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     2:3.6.3-2ubuntu2 0
        500 http://hk.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

Hold Package Version

方式1: "dpkg --set-selections"

方式2: aptitude 不是系統預設有的

方式3: apt-mark

令 "apt-get upgrade" 不會升級它們, 但 "apt-get install" 仍會升級 !!

apt-get upgrade

...
The following packages have been kept back:
  systemd-sysv
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

apt-get upgrade systemd-sysv

...
The following held packages will be changed:
  systemd-sysv
The following packages will be upgraded:
  systemd-sysv
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.5 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
Do you want to continue? [Y/n]

apt-get install systemd-sysv

...
The following held packages will be changed:
  systemd-sysv
The following packages will be upgraded:
  systemd-sysv
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.5 kB of archives.
After this operation, 1,024 B of additional disk space will be used.

方式1: "dpkg --set-selections"

# hold package:

echo "package hold" | dpkg --set-selections

# Remove the hold:

echo "package install" | dpkg --set-selections

Example:

dpkg --get-selections | grep -w udev

udev                                            install

echo "samba udev" | dpkg --set-selections

dpkg --get-selections | grep -w udev

udev                                            hold

方式2: aptitude 不是系統預設有的

check:

aptitude show samba

hold:

aptitude hold package_name

unhold:

aptitude unhold package_name

方式3: apt-mark

apt-mark {hold | unhold | install | remove | purge} pkg...

apt-mark showhold | showinstall | showremove | showpurge pkg...

e.g.

apt-mark showhold

systemd
systemd-sysv
udev

apt-mark hold e2fslibs

e2fslibs set on hold.

詳見:

apt_preferences(7)

在 Proxy 的環境

一次性使用 Proxy:

export http_proxy=http://myproxy:myport

永久使用 Proxy:

/etc/apt/apt.conf

Acquire::http::Proxy   http://[[user][:pass]@]host[:port]/

Remark:

Acquire <-- downloading routines

當 /tmp 沒有 exec 時

可以加入以下設定解決

/etc/apt/apt.conf.d/00exectmp

DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};

Recommends Package

/etc/apt/apt.conf

APT::Install-Recommends "false";
APT::Install-Suggests "false";

dpkg-statoverride

`stat overrides' are a way to tell dpkg(1) to use a different owner or mode for a file when a package is installed.

Commands:

--list [glob-pattern]
--add <owner> <group> <mode> <file>
--remove <file> remove file from the database.

dpkg-statoverride --list

root crontab 2755 /usr/bin/crontab

troubleshoot:

dpkg: unrecoverable fatal error, aborting:
 syntax error: unknown user 'varnishlog' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)

statoverride 的DB:

/var/lib/dpkg/statoverride

格式是

    varnishlog varnishlog 750 /var/log/varnish
    root crontab 2755 /usr/bin/crontab

Mini Front End

wajig

simplified Debian package management front end

aptitude

sources.list format

Format:

deb uri distribution [component1] [component2] [...]

uri 支援:

cdrom, file, http, ftp, copy, ssh, rsh

* uri 後的 slash (/) 係有意思的

distribution can specify an exact path, in which case the components must be omitted and distribution must end with a slash (/)

This is useful for when only a particular sub-section of the archive denoted by the URI is of interest.

If distribution does not specify an exact path, at least one component must be present.

Distribution

- name alias (jessie, stretch, buster, sid)
- release class (oldstable, stable, testing, unstable)

Examples:

deb http://ftp.debian.org/debian squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free

Server:

http://ftp.debian.org/debian/

內有 dists, pool 目錄

http://ftp.debian.org/debian/dists/squeeze/

內有 contrib, main, non-free 目錄

Bypass other packages

# 應用: 在 Unprivileged Container 行 wireguard

apt install --no-install-recommends wireguard-tools

dpkg-query

a tool to query the dpkg database (/var/lib/dpkg/info)

i.e. DB 結構

ls -1 /var/lib/dpkg/info/rsync.*

rsync.conffiles
rsync.list                  # dpkg -L rsync
rsync.md5sums
rsync.postinst
rsync.postrm
rsync.prerm

dpkg-query --control-list rsync

md5sums
prerm
postrm
postinst

dpkg-query --control-show rsync md5sums

File

preinst

This script executes before that package will be unpacked from its Debian archive (“.deb”) file.

- Stop services for packages which are being upgraded

postinst

This script typically completes any required configuration of the package

- ask the user for input, and/or warn the user that if he accepts default values

- start or restart a service

prerm

This script typically stops any daemons which are associated with a package.

postrm

modifies links or other files associated with foo, and/or removes files created by the package.

conffiles

Debian 通過將配置文件單獨標記

當軟件包升級的時候, 你將會被詢問是否要保留你的舊配置文件.

If neither the user nor the package maintainer has changed the file, it is left alone.

If one or the other has changed their version, then the changed version is preferred

The comparisons are done by calculating the MD5 message digests of the files

Tips

<1> How can I remove the Translation entries in apt?

/etc/apt/apt.conf.d/99translations

Acquire::Languages "none";

<2> Default-Release