Differences between revisions 1 and 15 (spanning 14 versions)
Revision 1 as of 2019-08-23 17:26:36
Size: 618
Editor: nodiscc
Comment: draft refactoring of https://wiki.debian.org/AptConf and other apt configuration pages
Revision 15 as of 2019-08-23 19:25:01
Size: 5186
Editor: nodiscc
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
 * AptKeys
 * preferences
 * AptSources
 * apt.conf.d
 * SourcesLists - lists of software repositories (sources)
 * AptKeys - keys for secure verification of packages authenticity
 * {{{apt_preferences}}} and {{{apt.conf}}} described below
Line 12: Line 11:
=== apt.conf.d
Line 14: Line 12:
Apt accepts configuratino files (without extension) in {{{/etc/apt/apt.conf.d/}}}. These are processed by Apt in numeric/alphabetical order. {{{/etc/apt/apt.conf}}} is also valid but deprecated.

== apt_preferences ==

See [[DebianMan:apt_preferences.5|man 5 apt_preferences]]

=== Apt pinning ===

When multiple Apt repositories are enabled, a package can exist in several of them. To know which one should be installed, Apt assigns '''priorities''' to packages. The default is {{{500}}}.

 * If the packages have the same priority, the package with a higher version number (most recent) wins.
 * If packages have different priorities, the one with the higher priority wins.

'''Pinning''' allows changing priorities for only some packages/repositories, so that you can:

 * Prefer a DebianBackports package over a Stable one: by default DebianBackports repositories have a lower priority than stable ({{{100}}}). They won't be installed unless explicitely configured to (or the package only exists in backports).
 * Prefer a DebianStable package over an experimental/unstable repo: you may want to add a third-party repository with more recent versions, but only allow some of them to be installed.

With a few exceptions it is not recommended to mix repositories/releases unless their are specially prepared . '''See DontBreakDebian.'''

To view priority of a specific package, use [[DebianMan:apt-cache.1|apt-cache policy]]:

{{{
$ apt-cache policy claws-mail
claws-mail:
  Installed : (none)
  Candidate : 3.14.1-3+b1
 Version table :
     3.17.1-1~bpo9+1 100
        100 https://deb.debian.org/debian stretch-backports/main amd64 Packages
     3.14.1-3+b1 500
        500 https://deb.debian.org/debian stretch/main amd64 Package
}}}

In that case the package that would be installed ({{{Candidate}}}) would be the older, {{{3.14}}} version from {{{stretch/main}}}. {{{stretch-backports/main}}} has a newer version {{{3.17}}}, but a lower priority ({{{100}}} vs {{{500}}} for stretch)

If '''we really, always want the newer package''' from {{{stretch-backports}}}, we can configure Apt to do so. Considering your Apt sources are:

{{{
# Debian stable
deb http://deb.debian.org/debian stable main #default priority 500
deb http://deb.debian.org/debian stable-backports main #default priority 100
}}}

Tell Apt to prefer the package (higher priority) from {{{stretch-backports}}}. Edit the file {{{/etc/apt/preferences.d/99debian-backports}}} (create it):

{{{
Package: claws-mail
Pin: release a=stretch-backports
Pin-Priority: 900
}}}

Now installing the {{{claws-mail}}} package will install the newer version.

To '''prevent installation of newer packages from a third-party repository''', even if it has equal priority, edit the file {{{/etc/apt/preferences.d/99my-custom-repository}}}:

{{{
# Never prefer packages from the my-custom-repo repository
Package: *
Pin: origin o=my-custom-repo
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: origin o=my-custom-repo
Pin-Priority: 500
}}}


File naming in {{{/etc/apt/preferences.d/}}} is free but the last in alphabetical order takes precedence.




=== apt.conf ===

See [[DebianMan:apt.conf.5|man 5 apt.conf]]

Apt accepts configuration files (without extension) in {{{/etc/apt/apt.conf.d/}}}. These are processed by Apt in numeric/alphabetical order. {{{/etc/apt/apt.conf}}} is also valid but deprecated.
Line 18: Line 94:
 * {{{Dpkg::Pre-Install-Pkgs {"mycommand";};: executes {{{mycommand}}} before package installation/unpacking by Dpkg.  * {{{Dpkg::Pre-Install-Pkgs {"mycommand";};}}}: executes {{{mycommand}}} before package installation/unpacking by Dpkg.
 * {{{Dpkg::Pre-Invoke {"mycommand";};}}}: executes {{{mycommand}}} before apt calls dpkg
 * {{{Dpkg::Post-Invoke {"mycommand";};}}}: executes {{{mycommand}}} after apt calls dpkg
 * {{{Pre-Install-Pkgs}}}: ??? '''TODO''' /* package filename in /var/cache/apt/archives/ is passed as stdin */
 * {{{APT::Default-Release "testing";}}}: sets the default Debian release used by Apt ('''TODO''' use case?)
 * {{{APT::Cache-Limit 10000000;}}}: '''??? TODO'''
 * {{{Apt::Get::Purge;}}}: '''??? TODO'''
 * {{{Acquire::http::Proxy "http://proxy:8080";}}}: sets the proxy for HTTP downloads
 * {{{Acquire::https::Proxy "https://proxy:8443";}}}: sets the proxy for HTTPS downloads
 * {{{Acquire::http::Timeout "2";}}}: sets the timeout for HTTP downloads
 * {{{Acquire::https::Timeout "2";}}}: sets the timeout for HTTPS downloads
 * {{{Acquire::ftp::Timeout "2";}}}: sets the timeout for FTP downloads


If you really have to use FTP, this sets the FTP proxy:

{{{
 Acquire::ftp
 {
   Proxy "ftp://proxy:2121/";
   ProxyLogin
   {
      "USER $(SITE_USER)@$(SITE)";
      "PASS $(SITE_PASS)";
   }
 }
}}}



== Command line options ==

PackageManagementTools such as {{{apt}}}, {{{aptitude}}}, {{{apt-get}}}... allow you to set specific configuration options for a single run. See their respective ManPages.

WIP: refactoring of https://wiki.debian.org/AptConf and other apt configuration pages


Apt is configured by several resources, including:

  • ?SourcesLists - lists of software repositories (sources)

  • ?AptKeys - keys for secure verification of packages authenticity

  • apt_preferences and apt.conf described below

apt_preferences

See man 5 apt_preferences

Apt pinning

When multiple Apt repositories are enabled, a package can exist in several of them. To know which one should be installed, Apt assigns priorities to packages. The default is 500.

  • If the packages have the same priority, the package with a higher version number (most recent) wins.
  • If packages have different priorities, the one with the higher priority wins.

Pinning allows changing priorities for only some packages/repositories, so that you can:

  • Prefer a DebianBackports package over a Stable one: by default DebianBackports repositories have a lower priority than stable (100). They won't be installed unless explicitely configured to (or the package only exists in backports).

  • Prefer a DebianStable package over an experimental/unstable repo: you may want to add a third-party repository with more recent versions, but only allow some of them to be installed.

With a few exceptions it is not recommended to mix repositories/releases unless their are specially prepared . See DontBreakDebian.

To view priority of a specific package, use apt-cache policy:

$ apt-cache policy claws-mail
claws-mail:
  Installed : (none)
  Candidate : 3.14.1-3+b1
 Version table :
     3.17.1-1~bpo9+1 100
        100 https://deb.debian.org/debian stretch-backports/main amd64 Packages
     3.14.1-3+b1 500
        500 https://deb.debian.org/debian stretch/main amd64 Package

In that case the package that would be installed (Candidate) would be the older, 3.14 version from stretch/main. stretch-backports/main has a newer version 3.17, but a lower priority (100 vs 500 for stretch)

If we really, always want the newer package from stretch-backports, we can configure Apt to do so. Considering your Apt sources are:

# Debian stable
deb http://deb.debian.org/debian stable main #default priority 500
deb http://deb.debian.org/debian stable-backports main #default priority 100

Tell Apt to prefer the package (higher priority) from stretch-backports. Edit the file /etc/apt/preferences.d/99debian-backports (create it):

Package: claws-mail
Pin: release a=stretch-backports
Pin-Priority: 900

Now installing the claws-mail package will install the newer version.

To prevent installation of newer packages from a third-party repository, even if it has equal priority, edit the file /etc/apt/preferences.d/99my-custom-repository:

# Never prefer packages from the my-custom-repo repository
Package: *
Pin: origin o=my-custom-repo
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: origin o=my-custom-repo
Pin-Priority: 500

File naming in /etc/apt/preferences.d/ is free but the last in alphabetical order takes precedence.

apt.conf

See man 5 apt.conf

Apt accepts configuration files (without extension) in /etc/apt/apt.conf.d/. These are processed by Apt in numeric/alphabetical order. /etc/apt/apt.conf is also valid but deprecated.

These files can contain various directives:

  • Dpkg::Pre-Install-Pkgs {"mycommand";};: executes mycommand before package installation/unpacking by Dpkg.

  • Dpkg::Pre-Invoke {"mycommand";};: executes mycommand before apt calls dpkg

  • Dpkg::Post-Invoke {"mycommand";};: executes mycommand after apt calls dpkg

  • Pre-Install-Pkgs: ??? TODO

  • APT::Default-Release "testing";: sets the default Debian release used by Apt (TODO use case?)

  • APT::Cache-Limit 10000000;: ??? TODO

  • Apt::Get::Purge;: ??? TODO

  • Acquire::http::Proxy "http://proxy:8080";: sets the proxy for HTTP downloads

  • Acquire::https::Proxy "https://proxy:8443";: sets the proxy for HTTPS downloads

  • Acquire::http::Timeout "2";: sets the timeout for HTTP downloads

  • Acquire::https::Timeout "2";: sets the timeout for HTTPS downloads

  • Acquire::ftp::Timeout "2";: sets the timeout for FTP downloads

If you really have to use FTP, this sets the FTP proxy:

 Acquire::ftp
 {
   Proxy "ftp://proxy:2121/";
   ProxyLogin
   {
      "USER $(SITE_USER)@$(SITE)";
      "PASS $(SITE_PASS)";
   }
 }

Command line options

PackageManagementTools such as apt, aptitude, apt-get... allow you to set specific configuration options for a single run. See their respective ?ManPages.