Product SiteDocumentation Site

6.2. aptitude, apt-get, and apt Commands

APT is a vast project, whose original plans included a graphical interface. It is based on a library which contains the core application, and apt-get is the first front end — command-line based — which was developed within the project. apt is a second command-line based front end provided by APT which overcomes some design mistakes of apt-get.
Both tools are built on top of the same library and are thus very close, but the default behavior of apt has been improved for interactive use and to actually do what most users expect. The APT developers reserve the right to change the public interface of this tool to further improve it. Conversely, the public interface of apt-get is well defined and will not change in any backwards incompatible way. It is thus the tool that you want to use when you need to script package installation requests.
Numerous other graphical interfaces then appeared as external projects: synaptic, aptitude (which includes both a text mode interface and a graphical one — even if not complete yet), wajig, etc. The most recommended interface, apt, is the one that we will use in the examples given in this section. Note, however, that apt-get and aptitude have a very similar command line syntax. When there are major differences between these three commands, these will be detailed.

6.2.1. Inicjalizacja

For any work with APT, the list of available packages needs to be updated; this can be done simply through apt update. Depending on the speed of your connection and configuration, the operation can take a while, since it involves downloading a certain number of (usually compressed) files (Packages, Sources, Translation-language-code), which have gradually become bigger and bigger as Debian has developed (at least 10-16 MB of data for the main section). Of course, installing from a CD-ROM/DVD set does not require any downloading — in this case, the operation is very fast.

TIP Incremental updates

The aim of the apt update command is to download for each package source the corresponding Packages (or Sources) file. However, even after a xz compression, these files can remain rather large (the Packages.xz for the main section of Unstable takes more than 8 MB). If you wish to update regularly, these downloads can take up a lot of time.
To speed up the process, APT can download “diff” files containing the changes since the previous update, as opposed to the entire file. To achieve this, official Debian mirrors distribute different files which list the differences between one version of the Packages file and the following version. They are generated at each update of the archives and a history of one week is kept. Each of these “diff” files only takes a few dozen kilobytes for Unstable, so that the amount of data downloaded by a weekly apt update is often divided by 10. For Stable and Testing, which change less, the gain is even more noticeable.
However, it can sometimes be of interest to force the download of the entire Packages file, especially when the last upgrade is very old and when the mechanism of incremental differences would not contribute much. This can also be interesting when network access is very fast but when the processor of the machine to upgrade is rather slow, since the time saved on the download is more than lost when the computer calculates the new versions of these files (starting with the older versions and applying the downloaded differences). To do that, you can use the APT configuration parameter Acquire::PDiffs and set it to false. 
$ sudo apt -o "Acquire::PDiffs=false" update
The Acquire::* options also control other aspects of the download, and even the download methods. Acquire::Languages can limit or disable the download of Translation-language-code files and save even more time. For a complete reference see apt.conf(5).

6.2.2. Instalacja i Usuwanie

With APT, packages can be added or removed from the system, respectively with apt install package and apt remove package. In both cases, APT will automatically install the necessary dependencies or delete the packages which depend on the package that is being removed. The apt purge package command involves a complete uninstallation by deleting the configuration files as well.

WSKAZÓWKA Instalowanie tego samego zestawu pakietów kilka razy

Może okazać się przydatne, aby systematycznie instalować tą samą listę pakietów na kilku komputerach. Można tego dokonać całkiem łatwo.
Najpierw należy uzyskać listę pakietów zainstalowanych na komputerze służącym za "wzór" do skopiowania. 
$ dpkg --get-selections >pkg-list
The pkg-list file then contains the list of installed packages. Next, transfer the pkg-list file onto the computers you want to update and use the following commands: 
## Aktualizacja bazy danych znanych pakietów programu dpkg
# avail=`mktemp`
# apt-cache dumpavail > "$avail"
# dpkg --merge-avail "$avail"
# rm -f "$avail"
## Aktualizacja zaznaczeń programu dpkg
# dpkg --set-selections < pkg-list
## Instalacja wybranych pakietów przy użyciu apt-get
# apt-get dselect-upgrade
The first commands record the list of available packages in the dpkg database. Then dpkg --set-selections restores the selection of packages that you wish to install, and the apt-get invocation executes the required operations! aptitude does not have this command.

WSKAZÓWKA Usuwanie i instalacja w tym samym czasie

It is possible to ask apt (or apt-get, or aptitude) to install certain packages and remove others on the same command line by adding a suffix. With an apt install command, add “-” to the names of the packages you wish to remove. With an apt remove command, add “+” to the names of the packages you wish to install.
Następny przykład ukazuje dwa różne sposoby na zainstalowanie pakiet1 i usunięcie pakiet2. 
# apt install package1 package2-
# apt remove package1+ package2
This can also be used to exclude packages which would otherwise be installed, for example, due to an automatic installation of Recommends. In general, the dependency solver will use that information as a hint to look for alternative solutions.

TIP apt --reinstall and aptitude reinstall

The system can sometimes be damaged after the removal or modification of files in a package. The easiest way to retrieve these files is to reinstall the affected package. Unfortunately, the packaging system finds that the latter is already installed and politely refuses to reinstall it; to avoid this, use the --reinstall option of the apt and apt-get commands. The following command reinstalls postfix even if it is already present: 
# apt --reinstall install postfix
Składnia komendy aptitude jest nieco inna, ale osiąga ten sam rezultat z pomocą aptitude reinstall postfix.
Problem ten nie występuje w przypadku dpkg, ale administrator rzadko korzysta z niej bezpośrednio.
Be careful! Using apt --reinstall to restore packages modified during an attack will certainly not recover the system as it was. Sekcja 14.7, „Dealing with a Compromised Machine” details the necessary steps to take with a compromised system.
These commands will not restore the configuration files. But as you have learned in Sekcja 5.2.3, „Checksums, List of Configuration Files, et al.” (see also sidebar IDĄC DALEJ Wymuszanie pytań o pliki konfiguracyjne w dpkg), you can use the following command to be asked to install the unmodified version and even restore any deleted configuration file as well. 
# apt --reinstall -o Dpkg::Options::="--force-confask,confmiss" install package
Some packages don't ship the configuration file found in /etc with the package. Instead they create it during installation by either copying a skeleton or writing it by a script. The file /etc/inputrc, for example, is a copy of /usr/share/readline/inputrc. In such cases the commands shown above won't work.
If the file sources.list mentions several distributions, it is possible to give the version of the package to install. A specific version number can be requested with apt install package=version, but indicating its distribution of origin (Stable, Testing or Unstable) — with apt install package/distribution — is usually preferred. With this command, it is possible to go back to an older version of a package (if, for instance, you know that it works well), provided that it is still available in one of the sources referenced by the sources.list file. Otherwise the snapshot.debian.org archive can come to the rescue (see sidebar GOING FURTHER Old package versions: snapshot.debian.org and archive.debian.org).

Przykład 6.4. Installation of the Unstable version of spamassassin

# apt install spamassassin/unstable
If the package to install has been made available to you under the form of a simple .deb file without any associated package repository, it is still possible to use APT to install it together with its dependencies (provided that the dependencies are available in the configured repositories) with a simple command: apt install ./path-to-the-package.deb. The leading ./ is important to make it clear that we are referring to a filename and not to the name of a package available in one of the repositories.

IDĄC DALEJ Mechanizm cache plików .deb

APT keeps a copy of each downloaded .deb file in the directory /var/cache/apt/archives/. In case of frequent updates, this directory can quickly take a lot of disk space with several versions of each package; you should regularly sort through them. Two commands can be used: apt-get clean entirely empties the directory; apt-get autoclean only removes packages which can no longer be downloaded (because they have disappeared from the Debian mirror) and are therefore clearly useless (the configuration parameter APT::Clean-Installed can prevent the removal of .deb files that are currently installed).

6.2.3. Uaktualnienie systemu

Regular upgrades are recommended, because they include the latest security updates. To upgrade, use apt upgrade, apt-get upgrade or aptitude safe-upgrade (of course after apt update). This command looks for installed packages which can be upgraded without removing any packages. In other words, the goal is to ensure the least intrusive upgrade possible. apt-get is slightly more demanding than aptitude or apt because it will refuse to install packages which were not installed beforehand.
apt will generally select the most recent version number (except for packages from Experimental and stable-backports, which are ignored by default whatever their version number). If you specified Testing or Unstable in your sources.list, apt upgrade will switch most of your Stable system to Testing or Unstable, which might not be what you intended.
To tell apt to use a specific distribution when searching for upgraded packages, you need to use the -t or --target-release option, followed by the name of the distribution you want (for example, apt -t stable upgrade). To avoid specifying this option every time you use apt, you can add APT::Default-Release "stable"; in the file /etc/apt/apt.conf.d/local.
For more important upgrades, such as the change from one major Debian version to the next, you need to use apt full-upgrade. With this instruction, apt will complete the upgrade even if it has to remove some obsolete packages or install new dependencies. This is also the command used by users who work daily with the Debian Unstable release and follow its evolution day by day. It is so simple that it hardly needs explanation: APT's reputation is based on this great functionality.
Unlike apt and aptitude, apt-get doesn't know the full-upgrade command. Instead, you should use apt-get dist-upgrade (”distribution upgrade”), the historical and well-known command that apt and aptitude also accept for the convenience of users who got used to it.
The results of these operations are logged into /var/log/apt/history.log and /var/log/apt/term.log, whereas dpkg keeps its log in a file called /var/log/dpkg.log.

6.2.4. Opcje konfiguracyjne

Besides the configuration elements already mentioned, it is possible to configure certain aspects of APT by adding directives in a file of the /etc/apt/apt.conf.d/ directory or /etc/apt/apt.conf itself. Remember, for instance, that it is possible for APT to tell dpkg to ignore file conflict errors by specifying DPkg::options { "--force-overwrite"; }.
If the Web can only be accessed through a proxy, add a line like Acquire::http::proxy "http://yourproxy:3128". For an FTP proxy, write Acquire::ftp::proxy "ftp://yourproxy". To discover more configuration options, read the apt.conf(5) manual page (for details on manual pages, see Sekcja 7.1.1, „Podręcznik systemowy”).

WRACAJĄC DO PODSTAW Katalogi zakończone na .d

Katalogi zakończone przyrostkiem .d są coraz częściej stosowane. Każdy katalog zawiera ustawienia konfiguracyjne podzielone pomiędzy wiele plików. W związku z tym wszystkie pliki w katalogu /etc/apt/apt.conf.d/ to instrukcje konfiguracji APTa. APT uwzględnia je w kolejności alfabetycznej, tak więc ostatnie z nich mogą modyfikować element konfiguracyjny zdefiniowany w jednym z pierwszych.
Taka struktura zapewnia pewną elastyczność administratorowi maszyny oraz zarządcom pakietów. Rzeczywiście, administrator może z łatwością zmienić konfigurację oprogramowania dodając w tym katalogu przygotowany wcześniej plik, bez konieczności modyfikacji istniejących. Zarządcy pakietów używają tego samego podejścia kiedy muszą dopasować konfigurację innego oprogramowania, aby zapewnić ich bezproblemowe współistnienie. Polityka Debiana wyraźnie zakazuje modyfikacji plików konfiguracyjnych innych pakietów — tylko użytkownik ma takie prawo. Przypomnijmy, że podczas uaktualnienia pakietu użytkownik otrzymuje wybór, którą wersję pliku konfiguracyjnego należy zatrzymać w przypadku wykrycia zmian. Wszelkie zewnętrzne zmiany w pliku uruchomiłyby takie zapytanie, które zastanowiłoby administratora przekonanego o tym, że nic nie zmieniał.
Without a .d directory, it is impossible for an external package to change the settings of a program by modifying its configuration file directly. Instead it must either invite the user to do it themselves and lists the operations to be done in the file /usr/share/doc/package/README.Debian, or it must create a file diversion for the configuration file using the dpkg-divert command and then install its own configuration file for the software in question. The latter is sometimes used by third party packages which try to handle configuration files of software components they use.
W zależności od aplikacji katalog .d jest używany bezpośrednio lub zarządzany przez zewnętrzy skrypt, który scali wszystkie pliki w celu stworzenia końcowej konfiguracji. Ważne jest, aby uruchamiać ten skrypt po każdej zmianie w tym katalogu tak, aby najnowsze zmiany były brane pod uwagę. Tak samo ważne jest, aby nie pracować bezpośrednio z plikiem utworzonym automatycznie, ponieważ wszystkie zmiany zostaną utracone po ponownym uruchomieniu skryptu. Wybrana metoda (katalog .d używany bezpośrednio lub plik utworzony na jego podstawie) jest zazwyczaj podyktowana przez ograniczenia implementacyjne, ale w obu przypadkach zyski z elastyczności konfiguracji przeważają nad komplikacjami związanymi z jej obsługą. Serwer poczty Exim 4 jest przykładem metody tworzenia pliku: może być skonfigurowany przez kilka plików (/etc/exim4/conf.d/*), które są scalone w /var/lib/exim4/config.autogenerated przy użyciu komendy update-exim4.conf.

6.2.5. Zarządzanie Priorytetami Pakietów

Jednym z najważniejszych aspektów w konfiguracji APTa jest zarządzanie priorytetami związanymi z każdym ze źródeł pakietów. Przykładowo, chciałbyś rozszerzyć dystrybucję o jeden lub dwa nowsze pakiety z Testowego, Niestabilnego lub Eksperymentalnego. Możliwe jest przypisanie priorytetu do każdego dostępnego pakietu (ten sam pakiet może mieć wiele priorytetów, zależnie od jego wersji lub dystrybucji, z której pochodzi). Priorytety wpływają bowiem na zachowanie APTa: dla każdego pakietu zawsze zostanie wybrana wersja z najwyższym priorytetem (z wyjątkiem przypadku, gdy jego wersja jest starsza niż zainstalowana i jego priorytet jest mniejszy niż 1000).
APT definiuje kilka domyślnych priorytetów. Każda zainstalowana wersja pakietu ma priorytet 100. Niezainstalowana wersja pakietu ma domyślnie priorytet 500, ale może zostać podniesiony do 990 jeżeli jest częścią wydania docelowego (zdefiniowanego opcją -t lub instrukcja konfiguracyjną APT::Default-Release).
You can modify the priorities by adding entries in a file in /etc/apt/preferences.d/ or the /etc/apt/preferences file with the names of the affected packages, their version, their origin and their new priority.
APT will never install an older version of a package (that is, a package whose version number is lower than the one of the currently installed package) except if its priority is higher than 1000 (or it is explicitly requested by the user, see Sekcja 6.2.2, „Instalacja i Usuwanie”). APT will always install the highest priority package which follows this constraint. If two packages have the same priority, APT installs the newest one (whose version number is the highest). If two packages of same version have the same priority but differ in their content, APT installs the version that is not installed (this rule has been created to cover the case of a package update without the increment of the revision number, which is usually required).
In more concrete terms, a package whose priority is
< 0
will never be installed,
1..99
will only be installed if no other version of the package is already installed,
100..499
will only be installed if there is no other newer version installed or available in another distribution,
500....989
will only be installed if there is no newer version installed or available in the target distribution,
990..1000
will be installed except if the installed version is newer,
> 1000
will always be installed, even if it forces APT to downgrade to an older version.
When APT checks /etc/apt/preferences and /etc/apt/preferences.d/, it first takes into account the most specific entries (often those specifying the concerned package), then the more generic ones (including, for example, all the packages of a distribution). If several generic entries exist, the first match is used. The available selection criteria include the package's name and the source providing it. Every package source is identified by the information contained in a Release file that APT downloads together with the Packages files. It specifies the origin (usually “Debian” for the packages of official mirrors, but it can also be a person's or an organization's name for third-party repositories). It also gives the name of the distribution (usually Stable, Testing, Unstable or Experimental for the standard distributions provided by Debian) together with its version (for example, 11 for Debian Bullseye). Let's have a look at its syntax through some realistic case studies of this mechanism.

SZCZEGÓLNY PRZYPADEK Priorytet eksperymentalnego

If you listed Experimental in your sources.list file, the corresponding packages will almost never be installed because their default APT priority is 1. This is of course a specific case, designed to keep users from installing Experimental packages by mistake. The packages can only be installed by typing aptitude install package/experimental — users typing this command can only be aware of the risks that they take. It is still possible (though not recommended) to treat packages of Experimental like those of other distributions by giving them a priority of 500. This is done with a specific entry in /etc/apt/preferences: 
Package: *
Pin: release a=experimental
Pin-Priority: 500
Załóżmy, że chcesz używać tylko pakietów ze stabilnej wersji Debiana. Te dostarczane w innych wersjach nie powinny być instalowane, chyba że na bezpośrednie żądanie. Mógłbyś dodać następujące wpisy w pliku /etc/apt/preferences: 
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release o=Debian
Pin-Priority: -10
a=stable definiuje nazwę wybranej dystrybucji. o=Debian ogranicza zakres pakietów do tych, których źródłem jest "Debian".
Let's now assume that you have a server with several local programs depending on the version 5.28 of Perl and that you want to ensure that upgrades will not install another version of it. You could use this entry: 
Package: perl
Pin: version 5.28*
Pin-Priority: 1001
To gain a better understanding of the mechanisms of priority and distribution or repository properties to pin do not hesitate to execute apt-cache policy to display the default priority associated with each package source, or apt-cache policy package to display the default priority for each available version and source of a package as explained in Sekcja 6.3.1, „The apt-cache policy Command”.
The reference documentation for the files /etc/apt/preferences and /etc/apt/preferences.d/ is available in the manual page apt_preferences(5), which you can display with man apt_preferences.

WSKAZÓWKA Komentarze w pliku /etc/apt/preferences

Nie istnieje oficjalna składnia do umieszczania komentarzy w pliku /etc/apt/preferences, ale można wprowadzić pewne opisy tekstowe przez dodanie jednego lub więcej pól “Explanation” na początku każdego wpisu: 
Explanation: Pakiet xserver-xorg-video-intel dostarczony
Explanation: w eksparymentalnym może być bezpiecznie używany
Package: xserver-xorg-video-intel
Pin: release a=experimental
Pin-Priority: 500

6.2.6. Praca z Kilkoma Dystrybucjami

apt being such a marvelous tool, it is tempting to pick packages coming from other distributions. For example, after having installed a Stable system, you might want to try out a software package available in Testing or Unstable without diverging too much from the system's initial state.
Even if you will occasionally encounter problems while mixing packages from different distributions, apt manages such coexistence very well and limits risks very effectively. The best way to proceed is to list all distributions used in /etc/apt/sources.list (some people always put the three distributions, but remember that Unstable is reserved for experienced users) and to define your reference distribution with the APT::Default-Release parameter (see Sekcja 6.2.3, „Uaktualnienie systemu”).
Let's suppose that Stable is your reference distribution but that Testing and Unstable are also listed in your sources.list file. In this case, you can use apt install package/testing to install a package from Testing. If the installation fails due to some unsatisfiable dependencies, let it solve those dependencies within Testing by adding the -t testing parameter. The same obviously applies to Unstable.
In this situation, upgrades (upgrade and full-upgrade) are done within Stable except for packages already upgraded to another distribution: those will follow updates available in the other distributions. We will explain this behavior with the help of the default priorities set by APT below. Do not hesitate to use apt-cache policy (Sekcja 6.3.1, „The apt-cache policy Command”) to verify the given priorities.
Wszystko to jest związane z faktem, że APT rozpatruje tylko pakiety mające większy lub równy numer wersji w porównaniu z zainstalowanym (zakładając, że nie użyto /etc/apt/preferences do wymuszenia wartości priorytetów większych niż 1000).
Załóżmy, że zainstalowano wersję 1 pierwszego pakietu ze Stabilnego, a wersje 2 i 3 są dostępne odpowiednio w Testowym i Niestabilnym. Zainstalowana wersja ma priorytet 100, ale wersja dostępna w Stabilnym (ta sama) ma priorytet 990 (ponieważ jest częścią docelowego wydania). Pakiety w Testowym i Niestabilnym mają priorytet 500 (domyślny priorytet dla wersji niezainstalowanej). Zwycięzcą jest więc wersja 1 posiadająca priorytet 990. W związku z tym pakiet "zostaje w Stabilnym".
Let's take the example of another package whose version 2 has been installed from Testing. Version 1 is available in Stable and version 3 in Unstable. Version 1 (of priority 990 — thus lower than 1000) is discarded because it is lower than the installed version. This only leaves version 2 and 3, both of priority 500. Faced with this alternative, APT selects the newest version, the one from Unstable. If you don't want a package installed from Testing to migrate to the version in Unstable, you have to assign a priority lower than 500 (490 for example) to packages coming from Unstable. You can modify /etc/apt/preferences to this effect: 
Package: *
Pin: release a=unstable
Pin-Priority: 490

6.2.7. Śledzenie Automatycznie Zainstalowanych Pakietów

One of the essential functionalities of apt is the tracking of packages installed only through dependencies. These packages are called “automatic”, and often include libraries.
With this information, when packages are removed, the package managers can compute a list of automatic packages that are no longer needed (because there is no “manually installed” packages depending on them). apt-get autoremove or apt autoremove will get rid of those packages. aptitude does not have this command because it removes them automatically as soon as they are identified. In all cases, the tools display a clear message listing the affected packages.
Dobrym nawykiem jest zaznaczanie jako automatycznych tych pakietów, które nie są bezpośrednio wymagane, dzięki czemu są one automatycznie usuwane w momencie, kiedy nie są już potrzebne. apt-mark auto pakiet zaznaczy pakiet jako automatyczny, podczas gdy apt-mark manual pakiet działa przeciwnie. aptitude markauto i aptitude unmarkauto działają w ten sam sposób, niemniej jednak oferują więcej możliwości zaznaczania wielu pakietów naraz (patrz Sekcja 6.5.1, „aptitude). Interaktywny, konsolowy interfejs aptitude również pozwala na łatwy przegląd "flag automatyczności" wielu pakietów.
People might want to know why an automatically installed package is present on the system. To get this information from the command line, you can use aptitude why package (apt and apt-get have no similar feature): 
$ aptitude why python3-debian
i   aptitude         Suggests apt-xapian-index
p   apt-xapian-index Depends  python3-debian (>= 0.1.14)

ALTERNATYWA deborphan i debfoster

In days where apt, apt-get and aptitude were not able to track automatic packages, there were two utilities producing lists of unnecessary packages: deborphan and debfoster. Both can still be useful.
deborphan scans the libs and oldlibs sections by default (in the absence of supplementary instructions) looking for the packages that are currently installed and that no other package depends on. The resulting list can then serve as a basis to remove unneeded packages.
debfoster stosuje bardziej złożone podejście, bardzo podobne do APTa: zarządza listą pakietów, które zostały bezpośrednio zainstalowane i zapamiętuje pakiety, które są naprawdę wymagane pomiędzy kolejnymi wywołaniami. Jeżeli w systemie pojawią się nowe pakiety i debfoster nie rozpozna ich jako wymagane pakiety, to zostaną wyświetlone na ekranie razem z listą ich zależności. W takiej sytuacji program oferuje wybór: usunięcie pakietu (prawdopodobnie razem z pakietem, który od niego zależy), oznaczenie go jako bezpośrednio wymagany lub tymczasowe zignorowanie.

6.2.8. APT Patterns

Patterns allow you to specify complex search queries to select the packages you want to install or show. They were first implemented for aptitude (see Sekcja 6.5, „Interfejsy: aptitude, synaptic), but now APT can also make use of them.
For example, we can use apt list ?automatic to list all the packages automatically installed. To find packages automatically installed no longer depended upon by manually installed packages the pattern ?garbage can be used.
Logic patterns can be combined with other packages to form more complex expressions. For instance, we could use a pattern like ?and(PATTERN, PATTERN). See apt-patterns(7) and glob(7) for all the patterns you can use and the complex expressions you can create with them.