Debian 包工具(dpkg, apt-get)

介紹

 

Debian 內的 package 是以  .deb 為檔尾


目錄

  • 主要工具1: dpkg
  • 主要工具2: apt-get
  • deborphan ( 移除多孤兒的 lib )
  • 包的 preferences
  • 在 Proxy 的環境
  • Recommends Package
  • Package File Permission (dpkg-statoverride)
  • Mini Front End
  • sources.list format
  • tips
  • troubleshoot

 


主要工具1: dpkg

/var/cache/debconf/ 是存放資料的地方

有關包的介紹及其狀態保存在

/var/lib/dpkg/status

Package: tcpd
Status: install ok installed
Priority: important
Section: net
Installed-Size: 212
Maintainer: Marco d'Itri <md@linux.it>
Architecture: i386
Source: tcp-wrappers
Version: 7.6.q-16
Replaces: libwrap0 (<< 7.6-8)
Depends: libc6 (>= 2.7-1), libwrap0 (>= 7.6-4~), debconf (>= 0.5) | debconf-2.0
Description: Wietse Venema's TCP wrapper utilities
 Wietse Venema's network logger, also known as TCPD or LOG_TCP.
 .
 These programs log the client host name of incoming telnet,
 ftp, rsh, rlogin, finger etc. requests.
 .
 Security options are:
  - access control per host, domain and/or service;
  - detection of host name spoofing or host address spoofing;
  - booby traps to implement an early-warning system.

.....................................................

 

install:

dpkg -i <package.deb> 

remore:

dpkg -r <package.deb>

purge:

dpkg -P <package.deb> 

 

安裝包內信息: (--info)

dpkg -I <package.deb>

 new debian package, version 2.0.
 size 119334 bytes: control archive= 2535 bytes.
      92 bytes,     5 lines      conffiles
     624 bytes,    17 lines      control
    2735 bytes,    37 lines      md5sums
     964 bytes,    36 lines   *  postinst             #!/bin/sh
     445 bytes,    19 lines   *  postrm               #!/bin/sh
     266 bytes,    11 lines   *  prerm                #!/bin/sh
 Package: vsftpd
 Version: 2.0.7-1+lenny1
 Architecture: i386
 Maintainer: Daniel Baumann <daniel@debian.org>
 Installed-Size: 416
 Depends: libc6 (>= 2.7-1), libcap1, libpam0g (>= 0.99.7.1), libssl0.9.8 (>= 0.9.8f-5), libwrap0 (>= 7.6-4~), libpam-modules, adduser, netbase
 Recommends: logrotate
 Conflicts: ftp-server
 Provides: ftp-server
 Section: net
 Priority: extra
 Description: The Very Secure FTP Daemon
  A lightweight, efficient FTP server written from the ground up with
  security in mind.
  .
  vsftpd supports both anonymous and non-anonymous FTP, PAM authentication,
  bandwidth limiting, and the Linux sendfile() facility.

 

安裝包有會安裝什麼檔案: (--contents)

dpkg -c <package.deb>

drwxr-xr-x root/root         0 2011-09-09 03:47 ./
drwxr-xr-x root/root         0 2011-09-09 03:47 ./etc/
-rw-r--r-- root/root       132 2011-09-09 03:47 ./etc/ftpusers
-rw-r--r-- root/root      5083 2011-09-09 03:47 ./etc/vsftpd.conf
drwxr-xr-x root/root         0 2011-09-09 03:47 ./etc/logrotate.d/
-rw-r--r-- root/root       134 2011-09-09 03:47 ./etc/logrotate.d/vsftpd
................................................

 

顯示已安裝包裹的信息 , 如 Priority , Depends , Conflicts , Description  (--status)

dpkg -s <package> 

只顯示已安裝套件 (pattern) 的 Stats , Name , Version , Description (--list)

dpkg -l (pattern) 

列出已安裝 <package> 安裝的所有文件清單 (--listfiles)

dpkg -L <package> 

已安裝的套件中尋找特定檔案pattern所屬的套件 (--search)

dpkg -S <pattern>

 

很有用的功能:

--get-selections

--set-selections

 

--ignore-depends

dpkg -i lib-utils_1.00-10_all.deb

(Reading database ... 30234 files and directories currently installed.)
Preparing to replace lib-utils 1.00-10 (using lib-utils_1.00-10_all.deb) ...
Unpacking replacement lib-utils ...
dpkg: dependency problems prevent configuration of lib-utils:
lib-utils depends on libc6-i386 (>= 2.1.3); however:
  Package libc6-i386 is not installed.
dpkg: error processing lib-utils (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
lib-utils

# dpkg -i --ignore-depends=<package(s) to ignore> package.deb

dpkg -i --ignore-depends=libc6-i386 lib-utils_1.00-10_all.deb

(Reading database ... 30234 files and directories currently installed.)
Preparing to replace lib-utils 1.00-10 (using lib-utils_1.00-10_all.deb) ...
Unpacking replacement lib-utils ...
Setting up lib-utils (1.00-10) ...

 


主要工具2: apt-get

 

apt-get [options] command (package)

# 包的自動安裝或升級工具, 它會根據包裹的倚賴性而下載所需的包
# 它亦是 aptitude 的 back-end 來    

apt-get [--purge] remove (package)
移除以及任何倚賴這個包裹的其它包裹

 

command :

update                    更新包的資訊 ( 從 sources.list 下載 Packages.gz)

install                     安裝 ( 支援 POSIX regular expression )

upgrade                  升級所以已經安裝的包

remove                   移除某包
purge                     移除包並同時移除包的有關設定檔

check                     更新暫存區並檢查損壞的套件

dist-upgrade           與 upgrade 類似, 並會安裝和移除包來滿足倚賴關係.

clean                      清空暫存區內的所有包
autoclean                只清除暫存區內系統沒有安裝的包

        

options:

-d                從網絡下載包回本地, 但不即時進行 install 或 upgrade

-f                 不理會 "integrity check", 強制進行 install 或 upgrade

-s                模擬進行指令 ( simulate )

-t                 選擇不同的版本, stable , testing , unstable

--reinstall      重裝某包的檔案, 但不影響設定檔

 


apt-get source

 

相當檔案及目錄:

設定檔                /etc/apt/apt.conf

包的下載來源        /etc/apt/sources.list

# Default

# See sources.list(5) for more information, especially
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

暫存區位置          /var/cache/apt/archives

包的版本控制        /etc/apt/preferences

包的資訊位置        /var/lib/apt/lists/

 


apt-cache search

 

# 搜索滿足 <pattern> 的包裹和描述.

apt-cache search <pattern>

# 顯示 <package> 的完整的描述. (Installed-Size, MD5sum, Description)

apt-cache show <package>

# 顯示 <package> 和其它包裹的關係. (Reverse Depends, Dependencies:)

# (showpkg = depends + rdepends)

apt-cache showpkg <package>
 

 


apt-rdepends

 

 


auto-apt

 

reinstall:

apt-get --reinstall  install asterisk-config

 


cron-apt
 

 

 


apt-utils

 


apt-build

 


apt-move

 


deborphan ( 移除多孤兒的 lib )

 

安裝:

apt-get install deborphan

應用:

deborphan
#列出已成為孤兒的 lib

deborphan -d
# 列出所有安裝了的 lib 的 dependency

 


包的 preferences

 

 * pinning is more reliable, than apt-mark

Pin

不同 Source 的優先次序:

vi /etc/apt/preferences

Package: *
Pin: origin <Source>
Pin-Priority: 1001

Example1: hold version to stable

當在同一個系統上用到不同版本的 Package 時, 那就要用 Pin 了

Pin 是用來解決它們的優先次序的

檔案: /etc/apt/preferences

Package: *
Pin: release a=stable
Pin-Priority: 700       <-- 數值愈大, 等級愈高

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

# a (archive), c (components), v (version), o (origin) and l (label).

Example1: pin version

pinning is more reliable, than apt-mark

apt-cache policy systemd-sysv

systemd-sysv:
  Installed: 229-4ubuntu21.21
  Candidate: 229-4ubuntu21.22
  Version table:
...

apt list systemd-sysv

systemd-sysv/xenial-updates 229-4ubuntu21.22 amd64 [upgradable from: 229-4ubuntu21.21]
N: There are 2 additional versions. Please use the '-a' switch to see them.

apt list -a systemd-sysv

systemd-sysv/xenial-updates 229-4ubuntu21.22 amd64 [upgradable from: 229-4ubuntu21.21]
systemd-sysv/xenial-security,now 229-4ubuntu21.21 amd64 [installed,upgradable to: 229-4ubuntu21.22]
systemd-sysv/xenial 229-4ubuntu4 amd64

/etc/apt/preferences.d/pin_systemd-sysv

Package: systemd-sysv
Pin: version 229-4ubuntu21.21
Pin-Priority: 501

測試

apt-get upgrade systemd-sysv

Reading package lists... Done
Building dependency tree
Reading state information... Done
systemd-sysv is already the newest version (229-4ubuntu21.21).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Priority:

  • 0 永不安裝
  • 0 < P <=100  安裝了
  • 100 < P <=500  將會安裝
  • P > 1000 永遠安裝它(就算整系統要升級)

升級情況: apt-cache policy

apt-cache policy samba

samba:
  Installed: 2:3.6.3-2ubuntu2.3
  Candidate: 2:3.6.3-2ubuntu2.3
  Version table:
 *** 2:3.6.3-2ubuntu2.3 0
        500 http://hk.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:3.6.3-2ubuntu2.1 0
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     2:3.6.3-2ubuntu2 0
        500 http://hk.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

Hold Package:

令 "apt-get upgrade" 不會升級它們, 但 "apt-get install" 會 !!

apt-get upgrade

...
The following packages have been kept back:
  systemd-sysv
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

apt-get upgrade systemd-sysv

...
The following held packages will be changed:
  systemd-sysv
The following packages will be upgraded:
  systemd-sysv
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.5 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
Do you want to continue? [Y/n]

apt-get install systemd-sysv

...
The following held packages will be changed:
  systemd-sysv
The following packages will be upgraded:
  systemd-sysv
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/11.5 kB of archives.
After this operation, 1,024 B of additional disk space will be used.

方式1: "dpkg --set-selections"

# hold package:

echo "package hold" | dpkg --set-selections

# Remove the hold:

echo "package install" | dpkg --set-selections

Example:

dpkg --get-selections | grep -w udev

udev                                            install

echo "samba udev" | dpkg --set-selections

dpkg --get-selections | grep -w udev

udev                                            hold

 

方式2: aptitude 不是系統預設有的

check:

aptitude show samba

hold:

aptitude hold package_name

unhold:

aptitude unhold package_name

方式3: apt-mark

apt-mark {hold | unhold | install | remove | purge} pkg...

apt-mark showhold | showinstall | showremove | showpurge pkg...

i.e.

apt-mark showhold

systemd
systemd-sysv
udev

apt-mark hold e2fslibs

e2fslibs set on hold.

詳見:

apt_preferences(7)

 


在 Proxy 的環境

 

一次性:

export http_proxy=http://myproxy:myport

永久:

/etc/apt/apt.conf

Acquire::http::Proxy   http://[[user][:pass]@]host[:port]/

Remark:

Acquire <-- downloading routines

 


當 /tmp 沒有 exec 時

 

可以加入以下設定解決

DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};

 

 


Recommends Package

 

/etc/apt/apt.conf

APT::Install-Recommends "false";
APT::Install-Suggests "false";

 


 

dpkg-statoverride

`stat  overrides'  are a way to tell dpkg(1) to use a different owner or mode for a file when a package is installed.

Commands:

  • --list [glob-pattern]
  • --add <owner> <group> <mode> <file>
  • --remove <file>          remove file from the database.

dpkg-statoverride --list

root crontab 2755 /usr/bin/crontab

troubleshoot:

dpkg: unrecoverable fatal error, aborting:
 syntax error: unknown user 'varnishlog' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)

statoverride 的DB:

/var/lib/dpkg/statoverride

格式是

    varnishlog varnishlog 750 /var/log/varnish
    root crontab 2755 /usr/bin/crontab

 

 


Mini Front End

 

  • wajig

simplified Debian package management front end

  • aptitude

 


sources.list format

 

Format:

deb uri distribution [component1] [component2] [...]

uri 支援:

cdrom, file, http, ftp, copy, ssh, rsh

 * uri 後的 slash (/) 係有意思的

distribution can specify an exact path, in which case the components must be omitted and distribution must end with a slash (/)

This is useful for when only a particular sub-section of the archive denoted by the URI is of interest. 

If distribution does not specify an exact path, at least one component must be present.

Distribution

- name alias (jessie, stretch, buster, sid)
- release class (oldstable, stable, testing, unstable)

Examples:

deb http://ftp.debian.org/debian squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free

Server:

http://ftp.debian.org/debian/

內有 dists, pool 目錄

http://ftp.debian.org/debian/dists/squeeze/

內有 contrib, main, non-free 目錄

 


Tips

 

<1> How can I remove the Translation entries in apt?

/etc/apt/apt.conf.d/99translations

Acquire::Languages "none";

<2> Default-Release

/etc/apt/apt.conf

APT::Default-Release "squeeze-lts";

 


Troubleshoot

 

<1> "Problem with MergeList"

rm -rf /var/lib/apt/lists/partial

 

<2> W: GPG error: http://server squeeze-lts Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553

gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553

gpg --list-keys

gpg --export --armor 8B48AD6246925553 > missingkey.gpg

apt-key add missingkey.gpg