Package Management
Overview
On Linux most system utilities and applications are installed through package management. A package is a file that contains everything needed for an application or library to be installed. A package manager is a utility that allows us to install, update, and remove packages on a system. Using a centralized system for managing installed files has several benefits. It allows us to:
- Automatically install dependencies of a package
- See a list of installed software for auditing purposes
- Easily remove packages which are no longer needed
- Update all installed packages with one command
Most of the software you install with package management is provided by your
distribution, and can be installed right from the command line with no extra
configuration. When installing software in packages, the installed files will
be placed in the system directories (typically /usr/bin,
/usr/lib, and /usr/share).
However some software is not packaged by distributions and so needs to be installed from the software provider. There are three ways you can install software not provided by your distribution (from best to worst):
- Installing a package repository, adding it to your package manager, and then installing the software from your package manager. This is the best approach, if possible, because it allows for all of the benefits listed above.
- Downloading a package from the provider, and installing that with your package manager. This will give us benefits 1–3 above, but will not allow us to easily update the package. We would need to manually download an updated package and install it again.
- Downloading and installing software totally outside of the package
manager. This could either be compiled binary software, or source
code that we compile ourselves and then install. Software installed
this way will normally be placed in
/usr/localor/opt. This provides none of the benefits listed above.
Package Managers
Different distributions use different package formats and package
management tools. Debian uses the .deb package format
and the apt package manager. There are actually a
number of commands related to the package manager:
dpkg: Deals with .deb files directly, lower-level than apt*apt-get, apt-cache: An older command-line interface for dealing with packages. Still common in documentation and examples.apt: A newer command-line interface. It uses the same internal code as apt-get, but has a nicer interface. This is what we'll use in this class.aptitude: And older competitor to apt-get. Generally there is no reason to use this these days.
Many other Linux distros are based on Debian (such as Ubuntu, Linux Mint, etc.) and so
use the exact same package system as Debian. Others, such as Red Hat, do not. Red Hat based
systems use .rpm package files and the dnf package manager.
The ideas are largely identical between systems. The Arch Linux wiki has a very helpful
comparison of package managers,
should you need to translate from one system to another.
sudo
Commands that make changes to the system, such as installing, updating and
removing packages, need to be done with root permissions. The most common
way to get root access is to use the sudo command. A single
command can be run as root by prefixing it with sudo:
$ sudo whoami root
We can also use sudo to get an interactive shell where all commands
will be run as root with the -i flag:
$ sudo -i # whoami root # ls
Incidentally, the whoami command can be used to find your
current username, or to check if you are running as root (or if you are
having an existential crisis). Also by convention a prompt which ends
with "$" is for a regular user while one ending in "#" indicates root.
It's super important to know when you are doing things as root!
apt
The most common package management tasks, along with examples are shown in the table below:
| Task | Sub-Command | Example |
|---|---|---|
| Search for packages | search | apt search nethack |
| Install specific package(s) | install | sudo apt install nethack-console |
| Show package info | show | apt show nethack-console |
| Remove package(s) | remove | sudo apt remove nethack-console |
| Update package lists | update | sudo apt update |
| Upgrade | upgrade | sudo apt upgrade |
| List all packages | list | apt list |
| List all installed packages | list | apt list --installed |
| Remove cached files | autoclean | sudo apt autoclean |
| Remove unneeded dependencies | autoremove | sudo apt autoremove |
| Show a cow | moo | apt moo |
apt update does not actually
update the system. It updates apt's sources themselves. The apt upgrade
command is needed to update packages.Configuring apt
The apt package manager is configured from the /etc/apt directory.
The most common configuration needed is to edit the repositories that apt pulls
from. This is done by either editing the sources.list file, or
by adding entries to the sources.list.d directory.
Many systems are configured using directories like this. If we want to automate adding a repository to apt, doing so by changing a text file in a script is tricky and error-prone. However, adding a file to an existing directory is much more straightforward.
Typically the sources.list file contains the official Debian
package repositories that we download system packages from. Here is a sample
of what this looks like:
deb http://deb.debian.org/debian/ trixie main non-free-firmware
deb-src http://deb.debian.org/debian/ trixie main non-free-firmware
deb http://security.debian.org/debian-security trixie-security main non-free-firmware
deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware
# trixie-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ trixie-updates main non-free-firmware
deb-src http://deb.debian.org/debian/ trixie-updates main non-free-firmware
Repositories that we add to the system (such as from third-party
software providers) are typically placed in the sources.list.d.
For instance, the CPSC server has the MongoDB database system installed
using a repository. We have a file in this directory called mongodb-org-7.0.list
with the following contents:
deb [arch=amd64,arm64] https://repo.mongodb.org/apt/debian bookworm/mongodb-org/7.0 main
If you make changes to the repository sources, you need to update apt using
the apt update command before you can install packages from them.
Best Practices
General recommendations for installing software on a system:
- Install the minimum amount of software you can. Each package installed is a potential vulnerability.
- Install things only through the package manager, ideally with a repository to facilitate updates.
- Document things that are installed outside of the package manager.
- Apply updates regularly.