|
Size: 618
Comment: draft refactoring of https://wiki.debian.org/AptConf and other apt configuration pages
|
Size: 7340
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| WIP: refactoring of https://wiki.debian.org/AptConf and other apt configuration pages | '''WIP:''' refactoring of AptConf, AptPreferences and other apt configuration pages . [[nodiscc]] |
| Line 7: | Line 9: |
| * AptKeys * preferences * AptSources * apt.conf.d |
* SourcesLists - lists of software repositories (sources) * AptKeys - keys for secure authentication of packages * {{{apt_preferences}}} and {{{apt.conf}}} described below |
| Line 12: | Line 13: |
| === apt.conf.d | ---- |
| Line 14: | Line 15: |
| Apt accepts configuratino files (without extension) in {{{/etc/apt/apt.conf.d/}}}. These are processed by Apt in numeric/alphabetical order. {{{/etc/apt/apt.conf}}} is also valid but deprecated. | <<TableOfContents(4)>> == apt_preferences (APT pinning) == ''ManPage: [[DebianMan:apt_preferences.5|man 5 apt_preferences]]'' When multiple Apt repositories are enabled, a package can exist in several of them. To know which one should be installed, Apt assigns '''priorities''' to packages. The default is {{{500}}}. * If the packages have the same priority, the package with a higher version number (most recent) wins. * If packages have different priorities, the one with the higher priority wins. '''Pinning''' allows changing priorities for only some packages/repositories, so that you can: * Prefer a DebianBackports package over a DebianStable one: by default Debian backports repositories have a lower priority than stable ({{{100}}}). They won't be installed or upgraded unless explicitly configured to (or the package only exists in backports). * Only allow ''some'' packages from a third-party repository, and ignore the other even if more recent: you may want to add experimental/unstable/third-party repositories with extra/more recent software, but only allow some of these packages to be installed. * Force a package downgrade (not recommended) {{{#!wiki debian <!> With a few exceptions (DebianBackports) it is not recommended to mix repositories/releases unless they were specially prepared . '''See DontBreakDebian.'''. Don't enable DebianUnstable repositories on DebianStable. When pinning, '''you must ensure compatibility of packages by yourself''' since Debian does not guarantee it. }}} To view the priority of a specific package, use [[DebianMan:apt-cache.1|apt-cache policy mypackage]]: {{{ $ apt-cache policy claws-mail claws-mail: Installed : (none) Candidate : 3.14.1-3+b1 Version table : 3.17.1-1~bpo9+1 100 100 https://deb.debian.org/debian stretch-backports/main amd64 Packages 3.14.1-3+b1 500 500 https://deb.debian.org/debian stretch/main amd64 Package }}} In the example above, the package that would be installed ({{{Candidate}}}) would be the older, {{{3.14}}} version from {{{stretch/main}}}. {{{stretch-backports/main}}} has a newer version {{{3.17}}}, but a lower priority ({{{100}}} vs {{{500}}} for stretch) To view the global priority for each Apt source (repository): {{{ $ apt-cache policy Package files: # The default DebianStable repository with a priority of 500 500 https://deb.debian.org/debian stable/main amd64 Packages o=Debian,n=stable,l=Debian,c=main,b=amd64 origin deb.debian.org # The repository for Debian PointReleases (security and grave bug fixes ~every 2 months) 500 https://deb.debian.org/debian stable-updates/main amd64 Packages release o=Debian,a=oldstable-updates,n=stable-updates,l=Debian,c=main,b=amd64 origin deb.debian.org # The DebianSecurity repository with short response time for security fixes 500 http://security.debian.org stable/updates/main amd64 Packages release v=9,o=Debian,a=oldstable,n=stable,l=Debian-Security,c=main,b=amd64 origin security.debian.org # The DebianBackports repository, comes with a default priority of 100 100 https://deb.debian.org/debian stable-backports/main amd64 Packages release o=Debian Backports,a=stable-backports,n=stable-backports,l=Debian Backports,c=main,b=amd64 origin deb.debian.org # The priority of locally installed packages 100 /var/lib/dpkg/status release a=now }}} ---- === Force installation of a newer package === To tell Apt to install a package from {{{stretch-backports}}}, even if the package has a higher priority in {{{stretch}}}: {{{ apt install -t stretch-backports claws-mail }}} Note that the package will not be automatically upgraded when running an AptUpgrade. '''To allow upgrades of this package''' from {{{stretch-backports}}}, set a higher priority) for this package coming from the {{{stretch-backports}}} release. Edit the file {{{/etc/apt/preferences.d/99debian-backports}}} (create it): {{{ Package: claws-mail Pin: release a=stretch-backports Pin-Priority: 900 }}} Now installing the {{{claws-mail}}} package will install the newer version. Running an AptUpgrade will automatically pick up newer versions from {{{stable-backports}}}. Running {{{apt-cache policy}}} again you would see: {{{ Pinned packages: claws-mail -> 3.17.1-1~bpo9+1 with priority 600 }}} ---- === Prevent/selective installation from third-party a repository === To '''prevent installation of newer packages from a third-party repository''' (DontBreakDebian), even if it has equal priority, edit the file {{{/etc/apt/preferences.d/99my-custom-repository}}}: {{{ # Never prefer packages from the my-custom-repo repository Package: * Pin: origin o=my-custom-repo Pin-Priority: 1 # Allow upgrading only my-specific-software from my-custom-repo Package: my-specific-software Pin: origin o=my-custom-repo Pin-Priority: 500 }}} File naming in {{{/etc/apt/preferences.d/}}} is free but the last in alphabetical order takes precedence. ---- == apt.conf == See [[DebianMan:apt.conf.5|man 5 apt.conf]] Apt accepts configuration files (without extension) in {{{/etc/apt/apt.conf.d/}}}. These are processed by Apt in numeric/alphabetical order. {{{/etc/apt/apt.conf}}} is also valid but deprecated. |
| Line 18: | Line 145: |
| * {{{Dpkg::Pre-Install-Pkgs {"mycommand";};: executes {{{mycommand}}} before package installation/unpacking by Dpkg. | * {{{Dpkg::Pre-Install-Pkgs {"mycommand";};}}}: executes {{{mycommand}}} before package installation/unpacking by Dpkg. * {{{Dpkg::Pre-Invoke {"mycommand";};}}}: executes {{{mycommand}}} before apt calls dpkg * {{{Dpkg::Post-Invoke {"mycommand";};}}}: executes {{{mycommand}}} after apt calls dpkg * {{{Pre-Install-Pkgs}}}: ??? '''TODO''' /* package filename in /var/cache/apt/archives/ is passed as stdin */ * {{{APT::Default-Release "testing";}}}: sets the default Debian release used by Apt ('''TODO''' use case?) * {{{APT::Cache-Limit 10000000;}}}: '''??? TODO''' * {{{Apt::Get::Purge;}}}: '''??? TODO''' * {{{Acquire::http::Proxy "http://proxy:8080";}}}: sets the proxy for HTTP downloads * {{{Acquire::https::Proxy "https://proxy:8443";}}}: sets the proxy for HTTPS downloads * {{{Acquire::http::Timeout "2";}}}: sets the timeout for HTTP downloads * {{{Acquire::https::Timeout "2";}}}: sets the timeout for HTTPS downloads * {{{Acquire::ftp::Timeout "2";}}}: sets the timeout for FTP downloads If you really have to use FTP, this sets the FTP proxy: {{{ Acquire::ftp { Proxy "ftp://proxy:2121/"; ProxyLogin { "USER $(SITE_USER)@$(SITE)"; "PASS $(SITE_PASS)"; } } }}} == Command line options == PackageManagementTools such as {{{apt}}}, {{{aptitude}}}, {{{apt-get}}}... allow you to set specific configuration options for a single run. See their respective ManPages. ---- CategoryPackageManagement | CategorySoftware | CategorySystemAdministration |
WIP: refactoring of AptConf, AptPreferences and other apt configuration pages
Apt is configured by several resources, including:
?SourcesLists - lists of software repositories (sources)
?AptKeys - keys for secure authentication of packages
apt_preferences and apt.conf described below
Contents
apt_preferences (APT pinning)
ManPage: man 5 apt_preferences
When multiple Apt repositories are enabled, a package can exist in several of them. To know which one should be installed, Apt assigns priorities to packages. The default is 500.
- If the packages have the same priority, the package with a higher version number (most recent) wins.
- If packages have different priorities, the one with the higher priority wins.
Pinning allows changing priorities for only some packages/repositories, so that you can:
Prefer a DebianBackports package over a DebianStable one: by default Debian backports repositories have a lower priority than stable (100). They won't be installed or upgraded unless explicitly configured to (or the package only exists in backports).
Only allow some packages from a third-party repository, and ignore the other even if more recent: you may want to add experimental/unstable/third-party repositories with extra/more recent software, but only allow some of these packages to be installed.
- Force a package downgrade (not recommended)
With a few exceptions (DebianBackports) it is not recommended to mix repositories/releases unless they were specially prepared . See DontBreakDebian.. Don't enable DebianUnstable repositories on DebianStable. When pinning, you must ensure compatibility of packages by yourself since Debian does not guarantee it.
To view the priority of a specific package, use apt-cache policy mypackage:
$ apt-cache policy claws-mail
claws-mail:
Installed : (none)
Candidate : 3.14.1-3+b1
Version table :
3.17.1-1~bpo9+1 100
100 https://deb.debian.org/debian stretch-backports/main amd64 Packages
3.14.1-3+b1 500
500 https://deb.debian.org/debian stretch/main amd64 PackageIn the example above, the package that would be installed (Candidate) would be the older, 3.14 version from stretch/main. stretch-backports/main has a newer version 3.17, but a lower priority (100 vs 500 for stretch)
To view the global priority for each Apt source (repository):
$ apt-cache policy
Package files:
# The default DebianStable repository with a priority of 500
500 https://deb.debian.org/debian stable/main amd64 Packages
o=Debian,n=stable,l=Debian,c=main,b=amd64
origin deb.debian.org
# The repository for Debian PointReleases (security and grave bug fixes ~every 2 months)
500 https://deb.debian.org/debian stable-updates/main amd64 Packages
release o=Debian,a=oldstable-updates,n=stable-updates,l=Debian,c=main,b=amd64
origin deb.debian.org
# The DebianSecurity repository with short response time for security fixes
500 http://security.debian.org stable/updates/main amd64 Packages
release v=9,o=Debian,a=oldstable,n=stable,l=Debian-Security,c=main,b=amd64
origin security.debian.org
# The DebianBackports repository, comes with a default priority of 100
100 https://deb.debian.org/debian stable-backports/main amd64 Packages
release o=Debian Backports,a=stable-backports,n=stable-backports,l=Debian Backports,c=main,b=amd64
origin deb.debian.org
# The priority of locally installed packages
100 /var/lib/dpkg/status
release a=now
Force installation of a newer package
To tell Apt to install a package from stretch-backports, even if the package has a higher priority in stretch:
apt install -t stretch-backports claws-mail
Note that the package will not be automatically upgraded when running an ?AptUpgrade.
To allow upgrades of this package from stretch-backports, set a higher priority) for this package coming from the stretch-backports release. Edit the file /etc/apt/preferences.d/99debian-backports (create it):
Package: claws-mail Pin: release a=stretch-backports Pin-Priority: 900
Now installing the claws-mail package will install the newer version. Running an ?AptUpgrade will automatically pick up newer versions from stable-backports. Running apt-cache policy again you would see:
Pinned packages:
claws-mail -> 3.17.1-1~bpo9+1 with priority 600
Prevent/selective installation from third-party a repository
To prevent installation of newer packages from a third-party repository (DontBreakDebian), even if it has equal priority, edit the file /etc/apt/preferences.d/99my-custom-repository:
# Never prefer packages from the my-custom-repo repository Package: * Pin: origin o=my-custom-repo Pin-Priority: 1 # Allow upgrading only my-specific-software from my-custom-repo Package: my-specific-software Pin: origin o=my-custom-repo Pin-Priority: 500
File naming in /etc/apt/preferences.d/ is free but the last in alphabetical order takes precedence.
apt.conf
See man 5 apt.conf
Apt accepts configuration files (without extension) in /etc/apt/apt.conf.d/. These are processed by Apt in numeric/alphabetical order. /etc/apt/apt.conf is also valid but deprecated.
These files can contain various directives:
Dpkg::Pre-Install-Pkgs {"mycommand";};: executes mycommand before package installation/unpacking by Dpkg.
Dpkg::Pre-Invoke {"mycommand";};: executes mycommand before apt calls dpkg
Dpkg::Post-Invoke {"mycommand";};: executes mycommand after apt calls dpkg
Pre-Install-Pkgs: ??? TODO
APT::Default-Release "testing";: sets the default Debian release used by Apt (TODO use case?)
APT::Cache-Limit 10000000;: ??? TODO
Apt::Get::Purge;: ??? TODO
Acquire::http::Proxy "http://proxy:8080";: sets the proxy for HTTP downloads
Acquire::https::Proxy "https://proxy:8443";: sets the proxy for HTTPS downloads
Acquire::http::Timeout "2";: sets the timeout for HTTP downloads
Acquire::https::Timeout "2";: sets the timeout for HTTPS downloads
Acquire::ftp::Timeout "2";: sets the timeout for FTP downloads
If you really have to use FTP, this sets the FTP proxy:
Acquire::ftp
{
Proxy "ftp://proxy:2121/";
ProxyLogin
{
"USER $(SITE_USER)@$(SITE)";
"PASS $(SITE_PASS)";
}
}
Command line options
PackageManagementTools such as apt, aptitude, apt-get... allow you to set specific configuration options for a single run. See their respective ?ManPages.
CategoryPackageManagement | CategorySoftware | CategorySystemAdministration