6.2. aptitude、apt-get和 apt 命令

APT is a vast project, whose original plans included a graphical interface. It is based on a library which contains the core application, and apt-get is the first front end — command-line based — which was developed within the project. apt is a second command-line based front end provided by APT which overcomes some design mistakes of apt-get.

Both tools are built on top of the same library and are thus very close, but the default behavior of apt has been improved for interactive use and to actually do what most users expect. The APT developers reserve the right to change the public interface of this tool to further improve it. On the opposite, the public interface of apt-get is well defined and will not change in any backwards incompatible way. It is thus the tool that you want to use when you need to script package installation requests.

Numerous other graphical interfaces then appeared as external projects: synaptic, aptitude (which includes both a text mode interface and a graphical one — even if not complete yet), wajig, etc. The most recommended interface, apt, is the one that we will use in the examples given in this section. Note, however, that apt-get and aptitude have a very similar command line syntax. When there are major differences between these three commands, these will be detailed.

6.2.1. 开端

For any work with APT, the list of available packages needs to be updated; this can be done simply through apt update. Depending on the speed of your connection and configuration, the operation can take a while, since it involves downloading a certain number of (usually compressed) files (Packages, Sources, Translation-*language-code*), which have gradually become bigger and bigger as Debian has developed (at least 10 MB of data for the main section). Of course, installing from a CD-ROM/DVD set does not require any downloading — in this case, the operation is very fast.

TIP Incremental updates

The aim of the apt update command is to download for each package source the corresponding Packages (or Sources) file. However, even after a xz compression, these files can remain rather large (the Packages.xz for the main section of Buster takes more than 7 MB). If you wish to update regularly, these downloads can take up a lot of time.

To speed up the process APT can download “diff” files containing the changes since the previous update, as opposed to the entire file. To achieve this, official Debian mirrors distribute different files which list the differences between one version of the Packages file and the following version. They are generated at each update of the archives and a history of one week is kept. Each of these “diff” files only takes a few dozen kilobytes for Unstable, so that the amount of data downloaded by a weekly apt update is often divided by 10. For Stable and Testing, which change less, the gain is even more noticeable.

However, it can sometimes be of interest to force the download of the entire Packages file, especially when the last upgrade is very old and when the mechanism of incremental differences would not contribute much. This can also be interesting when network access is very fast but when the processor of the machine to upgrade is rather slow, since the time saved on the download is more than lost when the computer calculates the new versions of these files (starting with the older versions and applying the downloaded differences). To do that, you can use the APT configuration parameter Acquire::PDiffs and set it to false.

  1. $

The Acquire::* options also control other aspects of the download, and even the download methods. Acquire::Languages can limit or disable the download of Translation-*language-code* files and save even more time. For a complete reference see apt.conf(5).

6.2.2. 安装和卸载

With APT, packages can be added or removed from the system, respectively with apt install *package* and apt remove *package*. In both cases, APT will automatically install the necessary dependencies or delete the packages which depend on the package that is being removed. The apt purge *package* command involves a complete uninstallation by deleting the configuration files as well.

TIP 多次安装同一批软件包

在几台电脑上安装同一批软件包会很实用。这很容易做到。

首先,从电脑中取得所安装软件包的列表作为用于复制的“模板”。

  1. $

pkg-list 文件内容是已安装软件包的清单。然后,用以下的指令把 pkg-list 文件复制在欲更新的电脑:

  1. ## Update dpkg's database of known packages↵
  2. # avail=`mktemp`
  3. # apt-cache dumpavail > "$avail"
  4. # dpkg --merge-avail "$avail"
  5. # rm -f "$avail"
  6. ## Update dpkg's selections↵
  7. # dpkg --set-selections < pkg-list
  8. ## Ask apt-get to install the selected packages↵
  9. # apt-get dselect-upgrade

The first commands record the list of available packages in the dpkg database. Then dpkg --set-selections restores the selection of packages that you wish to install, and the apt-get invocation executes the required operations! aptitude does not have this command.

TIP 同时进行卸载和安装

在命令 apt (或 apt-get、或 aptitude) 加入后缀就可以同时安装指定的软件包与移除其他软件包。在 apt install 命令加入 “-” 及希望移除的软件包名称。在 apt remove 命令加入 “+” 及希望安装的软件包名称。

下面的例子展示两种不同方法来安装package1 和卸载package2

  1. # apt install package1 package2-
  1. # apt remove package1+ package2

This can also be used to exclude packages which would otherwise be installed, for example, due to an automatic installation of Recommends. In general, the dependency solver will use that information as a hint to look for alternative solutions.

技巧 apt --reinstallaptitude reinstall

在软件包中的文件发生移除或更改时,系统有时候可能会受损。恢复这些文件最简单的方法是重装受影响的软件包。不幸的是,包系统会认为后者已安装而拒绝重新安装;为了避免此情况,使用aptapt-get命令的 --reinstall选项。如下命令会重新安装postfix,即使它已存在:

  1. #

aptitude命令行略微不同,但可通过aptitude reinstall postfix获得同样的结果。

该问题不与dpkg同时出现,但管理员极少直接使用它。

注意!使用apt --reinstall命令恢复受到攻击时变更的软件包,不会当然地恢复系统原本的样子。第 14.7 节 “处理被攻陷的机器”详述了受损系统要采取的必要步骤。

These commands will not restore the configuration files. But as you have learned in 第 5.2.3 节 “校验,配置文件列表” (see also sidebar 更进一步 强制 dpkg 询问配置文件问题), you can use the following command to be asked to install the unmodified version and even restore any deleted configuration file as well.

  1. #

Some packages don’t ship the configuration file found in /etc with the package. Instead they create it during installation by either copying a skeleton or writing it by a script. The file /etc/inputrc, for example, is a copy of /usr/share/readline/inputrc. In such cases the commands shown above won’t work.

If the file sources.list mentions several distributions, it is possible to give the version of the package to install. A specific version number can be requested with apt install *package*=*version*, but indicating its distribution of origin (Stable, Testing or Unstable) — with apt install *package*/*distribution* — is usually preferred. With this command, it is possible to go back to an older version of a package (if, for instance, you know that it works well), provided that it is still available in one of the sources referenced by the sources.list file. Otherwise the snapshot.debian.org archive can come to the rescue (see sidebar 进阶旧包版本: snapshot.debian.org).

例 6.4. Installation of the Unstable version of spamassassin

  1. #

If the package to install has been made available to you under the form of a simple .deb file without any associated package repository, it is still possible to use APT to install it together with its dependencies (provided that the dependencies are available in the configured repositories) with a simple command: apt install ./*path-to-the-package.deb*. The leading ./ is important to make it clear that we are referring to a filename and not to the name of a package available in one of the repositories.

更进一步 .deb 文件的缓存

APT keeps a copy of each downloaded .deb file in the directory /var/cache/apt/archives/. In case of frequent updates, this directory can quickly take a lot of disk space with several versions of each package; you should regularly sort through them. Two commands can be used: apt-get clean entirely empties the directory; apt-get autoclean only removes packages which can no longer be downloaded (because they have disappeared from the Debian mirror) and are therefore clearly useless (the configuration parameter APT::Clean-Installed can prevent the removal of .deb files that are currently installed).

6.2.3. 系统升级

常规升级是推荐的,因为它们包含最新的安全更新。要升级,可使用apt upgradeapt-get upgradeaptitude safe-upgrade(当然需在apt update之后)。该命令会查找要升级的已安装包,同时不移除任何包。也就是说,目标是确保可能的侵入式升级最小化。apt-get命令略苛刻于 aptitudeapt命令,因为它会拒绝安装未预先安装的软件包。

apt 会选择最新的版本号 (除了来自 实验版 与 稳定反向植入版,其缺省忽略版本号)。若指定 测试版 或 不稳定版 于 sources.list 内,则 apt upgrade 会把 稳定版 系统切换至 测试版 或 不稳定版,这些都不是您要的。

To tell apt to use a specific distribution when searching for upgraded packages, you need to use the -t or --target-release option, followed by the name of the distribution you want (for example, apt -t stable upgrade). To avoid specifying this option every time you use apt, you can add APT::Default-Release "stable"; in the file /etc/apt/apt.conf.d/local.

对于非常重要的升级,如从一个 Debian 主版本变更为下一版本,你需要使用apt full-upgrade。使用此命令,apt将会完全升级,即使必须移除一些废弃包或者安装新的依赖包。这也适用于日常使用 Debian Unstable并每天跟随其演化的用户。它是如此简便以至于几乎无需解释:APT的声誉基于此项强大的功能。

不同于 aptaptitudeapt-get 不知道 full-upgrade 命令。反而,您应使用 apt-get dist-upgrade (”升级发行版”),此古老且知名的命令也被 aptaptitude 接受给读者相当的便利。

The results of these operations are logged into /var/log/apt/history.log and /var/log/apt/term.log, whereas dpkg keeps its log in a file called /var/log/dpkg.log.

6.2.4. 配置选项

Besides the configuration elements already mentioned, it is possible to configure certain aspects of APT by adding directives in a file of the /etc/apt/apt.conf.d/ directory or /etc/apt/apt.conf itself. Remember, for instance, that it is possible for APT to tell dpkg to ignore file conflict errors by specifying DPkg::options { "--force-overwrite"; }.

若只能经由代理服务器近用网页,添加像这样的一列 Acquire::http::proxy "http://*yourproxy*:3128"。对 FTP 代理服务器,用 Acquire::ftp::proxy "ftp://*yourproxy*"。更多的配置选项,参考 apt.conf(5) 手册页以 man apt.conf 命令 (手删的详情,见 第 7.1.1 节 “手册页面”) 查看。

基本 结尾是 .d 的文件夹名称

结尾是 .d 数据使用机会愈来愈多。每个文件夹内的配置档系供多个文件使用。所以,在 /etc/apt/apt.conf.d/ 内的文件都是供 APT 配置之用。APT 以字顺方式纳入他们,最后一个文件可以修正在前的配置。

此结构对机器的管理者与软件包维护带来若干弹性。确实,管理者容易修改软件的配置,只需在有问题的文件夹添加文件而不必变动既有的文件。需要调整另个软件的配置,以确保与既有软件相依,软件包维护者以同样的方法就能达成。Debian 的政策禁止修改其他软件包的配置档 — 只有被授权者才能修改。软件包升级时,用户应保留选择配置档版本的权力。外部修改此文件时将启动该选项,管理者就知道是外来的修改。

没有 .d 文件夹时,外部软件包就不能在没有修改配置档的前提下修改程序设置。所以,必须邀请用户选择修改方式,并列出在文件 /usr/share/doc/*package*/README.Debian 内的选项。

视应用程序的需要,可直接使用或由外部脚本管理 .d 文件夹,将所有文件串联成一个配置档。更动文件夹内容后,必须再运行脚本,才能纳入该等变动。还有一件重要的事,千万不要直接运行自动生成的配置档,因为下次运行脚本后将失去所有的东西。受到环境的限制才被迫选择指定的方法 (直接使用 .d 文件夹或由该文件夹产生的文件),不论何种方法,配置的弹性收益远大于其带来的复杂性。Exim 4 邮件服务器是产生文件方法的范例之一:可用多个文件 (/etc/exim4/conf.d/*) 配置串联成 /var/lib/exim4/config.autogenerated 再由 update-exim4.conf 命令运行。

6.2.5. 包的优先级管理

配置 APT 最重要的层面之一是管理每个软件包来源的优先性。例如,从 测试版、不稳定 或 实验版 中选取一个或多个软件包。可以指令每个软件包的优先性 (视其版本或发行版,同个软件包可以有多个优先性)。这些优先性将影响 APT 的行为:每个软件包总是选择最优先的版本 (除非旧于已安装的版本或优先性小于 1000)。

APT 设置若干缺省的优先性。已安装软件包版本的优先性是 100。未安装版本缺省优先性为 500,若是另个发布的目标则可跳至 990 (以 -t 命令行选项或 APT::Default-Release 配置指令调整)。

You can modify the priorities by adding entries in a file in /etc/apt/preferences.d/ or the /etc/apt/preferences file with the names of the affected packages, their version, their origin and their new priority.

APT will never install an older version of a package (that is, a package whose version number is lower than the one of the currently installed package) except if its priority is higher than 1000 (or it is explicitely requested by the user, see 第 6.2.2 节 “安装和卸载”). APT will always install the highest priority package which follows this constraint. If two packages have the same priority, APT installs the newest one (whose version number is the highest). If two packages of same version have the same priority but differ in their content, APT installs the version that is not installed (this rule has been created to cover the case of a package update without the increment of the revision number, which is usually required).

In more concrete terms, a package whose priority is

< 0

will never be installed,

1..99

will only be installed if no other version of the package is already installed,

100..499

will only be installed if there is no other newer version installed or available in another distribution,

500….989

will only be installed if there is no newer version installed or available in the target distribution,

990..1000

will be installed except if the installed version is newer,

> 1000

will always be installed, even if it forces APT to downgrade to an older version.

When APT checks /etc/apt/preferences and /etc/apt/preferences.d/, it first takes into account the most specific entries (often those specifying the concerned package), then the more generic ones (including, for example, all the packages of a distribution). If several generic entries exist, the first match is used. The available selection criteria include the package’s name and the source providing it. Every package source is identified by the information contained in a Release file that APT downloads together with the Packages files. It specifies the origin (usually “Debian” for the packages of official mirrors, but it can also be a person’s or an organization’s name for third-party repositories). It also gives the name of the distribution (usually Stable, Testing, Unstable or Experimental for the standard distributions provided by Debian) together with its version (for example, 10 for Debian Buster). Let’s have a look at its syntax through some realistic case studies of this mechanism.

特例实验性的优先性

若把 Experimental 列在 sources.list 文件内,几乎不会安装对应软件包因为其 APT 优先性为1。当然这是特例,避免用户意外安装 Experimental 软件包。这些软件包只能以指令 aptitude install *软件包名称*/experimental 安装 — 用户键入此指令时自然知道其风险。还是有可能 (虽然 建议) 把 Experimental 内的软件包视为其他发行版而给予优先性 100。在 /etc/apt/preferences 文件内给予特定的条目就行了:

  1. Package: *
  2. Pin: release a=experimental
  3. Pin-Priority: 500

暂时假设您只需用到 Debian 稳定版的软件包。除非特别指明,不会安装其他版本的软件包。可以在 /etc/apt/preferences 文件内写入以上的条目:

  1. Package: *
  2. Pin: release a=stable
  3. Pin-Priority: 900
  4.  
  5. Package: *
  6. Pin: release o=Debian
  7. Pin-Priority: -10

a=stable 设置发行版的名称。o=Debian 限制来自 “Debian” 的软件包。

Let’s now assume that you have a server with several local programs depending on the version 5.24 of Perl and that you want to ensure that upgrades will not install another version of it. You could use this entry:

  1. Package: perl
  2. Pin: version 5.24*
  3. Pin-Priority: 1001

To gain a better understanding of the mechanisms of priority and distribution or repository properties to pin do not hesitate to execute apt-cache policy to display the default priority associated with each package source, or apt-cache policy *package* to display the default priority for each available version and source of a package as explained in 秘诀 apt-cache policy.

The reference documentation for the files /etc/apt/preferences and /etc/apt/preferences.d/ is available in the manual page apt_preferences(5), which you can display with man apt_preferences.

秘诀/etc/apt/preferences 内的评论

/etc/apt/preferences 文件没有放置评论的官方语法,但可以在每个条目的 “Explanation” 字段置入若干说明:

  1. Explanation: The package xserver-xorg-video-intel provided
  2. Explanation: in experimental can be used safely
  3. Package: xserver-xorg-video-intel
  4. Pin: release a=experimental
  5. Pin-Priority: 500

6.2.6. 在多个发行版工作

apt 是很奇妙的工具,可从其他发行版提取软件包。例如,安装 稳定版 系统之后,或许想要在不偏离系统原来状态下,试试 测试版 或 不稳定版 的软件包。

混用不同版本软件包出问题时,Even if you will occasionally encounter problems while mixing packages from different distributions, apt 可以处理得极为恰当把风险降到最低。最好的方法是把所有的发行版置于 /etc/apt/sources.list 文件内 (某些人总是置入三个发行版,不过还是要记得 不稳定版 是有经验用户的专属。) 且在 APT::Default-Release 参数中设置偏好的发行版 (见 第 6.2.3 节 “系统升级”) 。

假设 稳定版 是您的参考版本,但是 测试版 与 不稳定版 也列在 sources.list 文件内。在这个情况下,您可使用 apt install *软件包名称*/testing 安装来自 测试版 的软件包。若因相依性未满足而安装失败,可以在 测试版 内加入 -t testing 参数。同样的方式也适用于 不稳定版。

在此情况下,除了已经被其他发行版升级之外,升级 (upgradefull-upgrade) 只在 稳定版 内完成:其他的升级在各自的发行版内处理。稍后以 APT 缺省的优先性说明此行为。请使用 apt-cache policy (见专栏 秘诀 apt-cache policy) 查看指定的优先性。

每件事都围绕在 APT 只处理高于或等于已安装版本号软件包的前提下 (假设 /etc/apt/preferences 还未强迫优先性高于 1000 的某些软件包)。

假设从Let’s assume that you have installed version 1 of a first package from 稳定版 安装第一个软件包的第一版且从and that version 2 and 3 are available respectively in 测试版 与 不稳定版 安装同软件包的第二版与第三版水。已安装的版本优先性为 100 但在but the version available in 稳定版 (相同的) 优先性为 990 (因为它是目标发布版的一部分)。在 测试版 与 不稳定版 的软件包其优先性为 500 (缺省不安装版本的优先性)。获选者为优先性 990 的版本1。软件包 “留在 稳定版 内”。

Let’s take the example of another package whose version 2 has been installed from Testing. Version 1 is available in Stable and version 3 in Unstable. Version 1 (of priority 990 — thus lower than 1000) is discarded because it is lower than the installed version. This only leaves version 2 and 3, both of priority 500. Faced with this alternative, APT selects the newest version, the one from Unstable. If you don’t want a package installed from Testing to migrate to Unstable, you have to assign a priority lower than 500 (490 for example) to packages coming from Unstable. You can modify /etc/apt/preferences to this effect:

  1. Package: *
  2. Pin: release a=unstable
  3. Pin-Priority: 490

6.2.7. 自动追踪已安装的软件包

One of the essential functionalities of apt is the tracking of packages installed only through dependencies. These packages are called “automatic”, and often include libraries.

With this information, when packages are removed, the package managers can compute a list of automatic packages that are no longer needed (because there is no “manually installed” packages depending on them). apt-get autoremove or apt autoremove will get rid of those packages. aptitude does not have this command because it removes them automatically as soon as they are identified. In all cases, the tools display a clear message listing the affected packages.

把软件包标记为自动是个好习惯,不需要时就被自动移除。apt-mark auto *软件包名称* 会标记该软件包为自动而 apt-mark manual *软件包名称* 则不标记。aptitude markautoaptitude unmarkauto 作用相同只是功能较多 (见 第 6.5.1 节 “aptitude)。命令交互接口的 aptitude 也可查看多个软件包的 “自动旗标”。

自动安装软件包出现在系统内。系由于从命令行取得该等信息,可使用 aptitude why *软件包名称* (aptapt-get 没有类似的功能):

  1. $

其他 deborphandebfoster

In days where apt, apt-get and aptitude were not able to track automatic packages, there were two utilities producing lists of unnecessary packages: deborphan and debfoster. Both can still be useful.

deborphan scans the libs and oldlibs sections (in the absence of supplementary instructions) by default looking for the packages that are currently installed and that no other package depends on. The resulting list can then serve as a basis to remove unneeded packages.

debfoster 还有其他用法,极类似 APT:维护一个已安装的软件包以及需要互调用的软件包清单。系统内出现新的软件包且 debfoster 不知道它需要那些软件包,则在屏幕显示其相依的软件包清单。此程序提供新的选择:移除软件包 (或许连同相依者),标记为必要,或暂时忽略它。