APT - Advanced Package Tool

mail

apt-key

Example

List APT keys :

apt-key list

If a key import timeouts :

These timeouts are said to be caused mostly by corporate firewalls.
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
Executing: /tmp/apt-key-gpghome.XAz8ctHQ71/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
gpg: keyserver receive failed: Connection timed out

method 1 :

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
Executing: /tmp/apt-key-gpghome.6dUuQoRTI2/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 93C4A3FD7BB9C367
gpg: key 93C4A3FD7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported
gpg: Total number processed: 1
gpg:               imported: 1

method 2 (source) :

search key on keyserver(s) (some key servers here)
copy-paste key as text from web page into text file
apt-key add key.txt
then apt-get  as usual
mail

apt-cache

Usage

apt-cache performs a variety of operations on APT's package cache. apt-cache does not manipulate the state of the system but does provide operations to search and generate interesting output from the package metadata.

Flags

Flag Usage
pkgnames
pkgnames prefix
  • list the names of all packages known by APT
  • with prefix : list only those starting with prefix
search pattern
  • query the package tree (all available packages) for pattern
  • to query on names only, use the -n or --names-only option
  • pattern can be a RegExp
show package
  • show details of package : full version, dependencies, description, project homepage, ...
  • output more results than :
    aptitude show package
mail

apt-get and apt

Usage

The APT (details) can be used via several utilities (details : 1, 2) :
apt
designed for end-users (humans), its output may be changed between versions (i.e. not backward compatible like apt-get)
apt-get
lower-level and "back-end". Supports other APT-based tools
aptitude
details
Commands can generally be shortened :
  • apt-get update becomes apt update
  • apt-get upgrade becomes apt upgrade
  • apt-get install package becomes apt install package
  • apt-cache search package becomes apt search package
... which explains the mix of apt / apt-get in these pages

Flags

Command Usage Comments
  • apt-get clean
  • apt clean
clears out the local repository of retrieved packages by removing everything but the lock file from :
  • /var/cache/apt/archives/
  • /var/cache/apt/archives/partial/
apt-get dist-upgrade upgrades packages and dependencies
  • Don't forget to apt update before upgrading.
  • apt-get has a "smart" conflict resolution system which will attempt to upgrade the most important packages at the expense of less important ones if necessary.
  • apt-get dist-upgrade is allowed to do what apt-get upgrade can not : uninstall packages (such as obsolete libs) and install new ones (like ... new libs)
  • apt-get dist-upgrade has the power to remove packages, so carefully read the list of changes before accepting. Such changes may be beyond the scope of your current upgrade anyway.
apt download package download package into the current directory. package can be installed with dpkg -i package
  • Doesn't require root privileges
  • Doesn't seem to resolve dependencies
apt-get install package install package and the required dependencies
apt-get install --reinstall package reinstall package
apt-get purge package uninstall package and remove configuration files
apt-get remove package uninstall package and leave configuration files
apt-get remove --purge package
is equivalent to
apt-get purge package
apt-get -s, --simulate, --dry-run,
  • perform a simulation of events that would occur based on the current system state but do not actually change the system.
  • for apt-get only, not available for apt
apt-get update resynchronize the package tree from its source. Sources are defined in /etc/apt/sources.list
This must precede apt-get (dist-)?upgrade.
details about status codes
apt-get upgrade install the newest version of installed packages only
  • Don't forget to apt update before upgrading.
  • This only upgrades what can be upgraded. It doesn't install new packages or remove old ones.
  • Packages that require, to be upgraded, either to install a new package or to remove an installed one, are not upgraded. Such packages will be listed after : The following packages have been kept back: (details)
apt-get -y -y, --yes or --assume-yes : assume yes as answer to all prompts and run non-interactively If an undesirable situation, such as changing a held package, trying to install a unauthenticated package or removing an essential package occurs then apt-get will abort.

About /etc/apt/sources.list (source) :

The distribution can be either the release code name / alias (squeeze, wheezy, jessie, sid) or the release class (oldstable, stable, testing, unstable) respectively.
If you have a system running Debian 7.0 Wheezy and don't want to upgrade when Debian Jessie releases, use "wheezy" instead of "stable" for the distribution.

Exit Status

apt update status codes (source) :

apt update is used to resynchronize the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list, and may return some of the statuses below :
Hit
apt needed to download a Release or InRelease file (because somehow it got deleted) and once it is downloaded, it checked the checksum of the Index file in it and found that the checksum mentioned there matches the checksum of the package file already downloaded that is in /var/lib/apt/lists. So, it won't download the package file again.
This is actually detected by receiving an HTTP 304 when requesting the Release/InRelease file.
Get
apt successfully downloaded a Release or InRelease file, checksummed it and found differences, then successfully downloaded the updated package file
Ign
apt tried to download something (such as translation or InRelease file), couldn't find it but that can be ignored, so proceed to the next thing. Because translation can be secondary priority and if InRelease file can't be found, it uses other method for authentication like using Release and Release.gpg pair.
This MAY be considered as a non-fatal error (like missing translation) : not found but not a problem.
Err
to do

Example

Installing a new package requires a ton of related packages (source) :

When trying to install nmap, a HUGE list of related packages appears. This is because nmap requires liblinear1, which recommends liblineartools, which in turns installs all the other packages. To disable this behavior, use the --no-install-recommends flag :
apt-get --no-install-recommends install nmap

When importing repository GPG key... (source)

I've had difficulties while installing Docker (with this procedure) when it came to import the repository GPG key :
apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
always failed in timeout .
The workaround was to explicitly instruct apt-key which proxy server to use (which it wasn't able to determine by itself, despite the http_proxy environment variable being properly set) :
apt-key adv --keyserver-options http-proxy="$http_proxy" --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D