Product SiteDocumentation Site

第 6 章 维护和更新:APT 工具

6.1. 写入sources.list文件
6.1.1. 句法
6.1.2. 给Stable 使用者的仓库
6.1.3. 给测试/非稳定 版本用户的仓库
6.1.4. Non-Official Resources: mentors.debian.net
6.1.5. Debian 软件包 缓存 代理
6.2. aptitude, apt-get, and apt Commands
6.2.1. 开端
6.2.2. 安装和卸载
6.2.3. System Upgrade
6.2.4. Configuration Options
6.2.5. Managing Package Priorities
6.2.6. Working with Several Distributions
6.2.7. Tracking Automatically Installed Packages
6.3. The apt-cache Command
6.4. Frontends: aptitude, synaptic
6.4.1. aptitude
6.4.2. synaptic
6.5. Checking Package Authenticity
6.6. Upgrading from One Stable Distribution to the Next
6.6.1. Recommended Procedure
6.6.2. Handling Problems after an Upgrade
6.7. Keeping a System Up to Date
6.8. Automatic Upgrades
6.8.1. Configuring dpkg
6.8.2. Configuring APT
6.8.3. Configuring debconf
6.8.4. Handling Command Line Interactions
6.8.5. The Miracle Combination
6.9. Searching for Packages
Debian 之所以如此受系统管理员欢迎,是因为项目提供的软件极易安装,整个系统的更新也极为简单。这一独特的优点主要得归功于 APT 程序,其特性在 Falcot 公司得到系统管理员们热情的研究。
是高级软件包管理器 的缩写。它的‘高级’之处在于对软件包的管理方法不同。APT并不是简单地独立评估每个包,而是将包看做一个整体系统,根据现有的和兼容的已有包找到最佳组合(包括依赖于这个软件包的其他包)。
APT needs to be given a “list of package sources”: the file /etc/apt/sources.list will list the different repositories (or “sources”) that publish Debian packages. APT will then import the list of packages published by each of these sources. This operation is achieved by downloading Packages.xz or a variant using a different compression method (such as Packages.gz or .bz2) files (in case of a source of binary packages) and Sources.xz or a variant (in case of a source of source packages) and by analyzing their contents. When an old copy of these files is already present, APT can update it by only downloading the differences (see sidebar TIP Incremental upgrade).

6.1. 写入sources.list文件

6.1.1. 句法

/etc/apt/sources.list 文件中每个有效的代码行包括对源的描述,由三个被空格分开的部分组成。
第一个区域指示源的类型:
  • deb” 表示二进制软件包,
  • deb-src” for source packages.
The second field gives the base URL of the source (combined with the filenames present in the Packages.gz files, it must give a full and valid URL): this can consist in a Debian mirror or in any other package archive set up by a third party. The URL can start with file:// to indicate a local source installed in the system's file hierarchy, with http:// to indicate a source accessible from a web server, or with ftp:// for a source available on an FTP server. The URL can also start with cdrom: for CD-ROM/DVD-ROM/Blu-ray disc based installations, although this is less frequent, since network-based installation methods are more and more common.
最后这一区域的句法取决于仓库的结构。从最简单的例子开始,你可以很简单地描述一个软件源的子目录 (必须用到结尾处的斜线)(通常用 “./” 表示子目录不存在 - 这个软件源就位于给定的 URL上)。 不过一般来讲,仓库的结构类似于一个 Debian 的镜像, 包括很多分支,每一分支有很多组成部分。通常命名选定的分支(由 “codename” 来命名 - 参看附栏中的目录COMMUNITY Bruce Perens, a controversial leader 或是由对应的 “suites” — stable, testing, unstable ),然后命名下面的组成部分(或分区)(从main, contribnon-free中选择) 来激活一个典型的 Debian 镜像。
The cdrom entries describe the CD/DVD-ROMs you have. Contrary to other entries, a CD-ROM is not always available since it has to be inserted into the drive and since only one disc can be read at a time. For those reasons, these sources are managed in a slightly different way, and need to be added with the apt-cdrom program, usually executed with the add parameter. The latter will then request the disc to be inserted in the drive and will browse its contents looking for Packages files. It will use these files to update its database of available packages (this operation is usually done by the apt update command). From then on, APT can require the disc to be inserted if it needs one of its packages.

6.1.2. 给Stable 使用者的仓库

下面是一个用来运行 Stable 版本Debian系统的标准 sources.list 文件:

例 6.1. /etc/apt/sources.list 给 Debian Stable 使用者的文件

# Security updates
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

## Debian mirror

# Base repository
deb http://ftp.debian.org/debian jessie main contrib non-free
deb-src http://ftp.debian.org/debian jessie main contrib non-free

# Stable updates
deb http://ftp.debian.org/debian jessie-updates main contrib non-free
deb-src http://ftp.debian.org/debian jessie-updates main contrib non-free

# Stable backports
deb http://ftp.debian.org/debian jessie-backports main contrib non-free
deb-src http://ftp.debian.org/debian jessie-backports main contrib non-free
This file lists all sources of packages associated with the Jessie version of Debian (the current Stable as of this writing). We opted to name “jessie” explicitly instead of using the corresponding “stable“ alias (stable, stable-updates, stable-backports) because we don't want to have the underlying distribution changed outside of our control when the next stable release comes out.
大多数软件包来源于“基础仓库”,它拥有所有的软件包,但极少更新(大概每两个月根据“点发布”更新)。其他仓库不完全(不包括所有软件包),不过可以支持更新(软件包是较新版本)。接下来的几章将会介绍这些仓库管理的目的和规则。
请注意,当你所需要的软件包版本存在于几个仓库中时,在文件sources.list中所列出的第一个会被使用。因此,非官方来源的包一般在此文件末尾处。
本节提到的稳定Stable 对于Oldstable 一样适用。后者只是同时维护的较旧Stable 版本。

6.1.2.1. 安全更新

安全更新一般不在 Debian 镜像通常所在的网络上,而是在security.debian.org(位于 Debian 系统管理员Debian System Administrators维护的小范围网络)。其上的文档包括为那些稳定版本准备的安全更新(由 Debian 安全团队和/或软件包维护者预备)。
服务器上也有针对测试版的安全更新。这类更新经常通过从非稳定版流入测试版,因此单独存在于服务器上的更新不常见。

6.1.2.2. 稳定更新

稳定更新对安全性不敏感,在下一个稳定版本点发布前,它还是很重要,需要推送给使用者。
This repository will typically contain fixes for critical bugs which could not be fixed before release or which have been introduced by subsequent updates. Depending on the urgency, it can also contain updates for packages that have to evolve over time… like spamassassin's spam detection rules, clamav's virus database, or the daylight-saving time rules of all timezones (tzdata).
实际上,这个仓库是 计划-更新proposed-updates 的子库,是由稳定更新管理员小心选定的。

6.1.2.3. 计划更新

一旦发布,稳定分布只每两个月更新一次。接下来的更新在计划更新仓库里准备(由稳定发布管理员监督)。
这个仓库中通常有安全更新和稳定更新的文档,还有更多:软件包维护者可能在这里修复一些不需要马上发布的重要的漏洞。
Anyone can use this repository to test those updates before their official publication. The extract below uses the jessie-proposed-updates alias which is both more explicit and more consistent since wheezy-proposed-updates also exists (for the Oldstable updates):
deb http://ftp.debian.org/debian jessie-proposed-updates main contrib non-free

6.1.2.4. Stable Backports

The stable-backports repository hosts “package backports”. The term refers to a package of some recent software which has been recompiled for an older distribution, generally for Stable.
When the distribution becomes a little dated, numerous software projects have released new versions that are not integrated into the current Stable (which is only modified to address the most critical problems, such as security problems). Since the Testing and Unstable distributions can be more risky, package maintainers sometimes offer recompilations of recent software applications for Stable, which has the advantage to limit potential instability to a small number of chosen packages.
The stable-backports repository is now available on the usual Debian mirrors. But backports for Squeeze are still hosted on a dedicated server (backports.debian.org), and requires the following sources.list entry:
deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
Backports from stable-backports are always created from packages available in Testing. This ensures that all installed backports will be upgradable to the corresponding stable version once the next stable release of Debian is available.
Even though this repository provides newer versions of packages, APT will not install them unless you give explicit instructions to do so (or unless you have already done so with a former version of the given backport):
$ sudo apt-get install package/jessie-backports
$ sudo apt-get install -t jessie-backports package

6.1.3. 给测试/非稳定 版本用户的仓库

下面是一个标准 sources.list文件,用于系统运行 Debian 测试非稳定 版本:

例 6.2. /etc/apt/sources.list file for users of Debian Testing/Unstable

↵
# Unstable↵
deb http://ftp.debian.org/debian unstable main contrib non-free↵
deb-src http://ftp.debian.org/debian unstable main contrib non-free↵
↵
# Testing↵
deb http://ftp.debian.org/debian testing main contrib non-free↵
deb-src http://ftp.debian.org/debian testing main contrib non-free↵
↵
# Stable↵
deb http://ftp.debian.org/debian stable main contrib non-free↵
deb-src http://ftp.debian.org/debian stable main contrib non-free↵
↵
# Security updates↵
deb http://security.debian.org/ stable/updates main contrib non-free↵
deb http://security.debian.org/ testing/updates main contrib non-free↵
deb-src http://security.debian.org/ stable/updates main contrib non-free↵
deb-src http://security.debian.org/ testing/updates main contrib non-free↵
APT 通过sources.list 文件来从非稳定安装软件包。如果这不是你所需要的,用APT::Default-Release 设置(参见 第 6.2.3 节 “System Upgrade”)来指示 APT 从另一分布获取软件包(一般用 测试)。
There are good reasons to include all those repositories, even though a single one should be enough. Testing users will appreciate the possibility to cherry-pick a fixed package from Unstable when the version in Testing is affected by an annoying bug. On the opposite, Unstable users bitten by unexpected regressions have the possibility to downgrade packages to their (supposedly working) Testing version.
The inclusion of Stable is more debatable but it often gives access to some packages which have been removed from the development versions. It also ensures that you get the latest updates for packages which have not been modified since the last stable release.

6.1.3.1. 实验 仓库

The archive of Experimental packages is present on all Debian mirrors, and contains packages which are not in the Unstable version yet because of their substandard quality — they are often software development versions or pre-versions (alpha, beta, release candidate…). A package can also be sent there after undergoing subsequent changes which can generate problems. The maintainer then tries to uncover them with help from advanced users who can handle important issues. After this first stage, the package is moved into Unstable, where it reaches a much larger audience and where it will be tested in much more detail.
Experimental is generally used by users who do not mind breaking their system and then repairing it. This distribution gives the possibility to import a package which a user wants to try or use as the need arises. That is exactly how Debian approaches it, since adding it in APT's sources.list file does not lead to the systematic use of its packages. The line to be added is:
deb http://ftp.debian.org/debian experimental main contrib non-free↵

6.1.4. Non-Official Resources: mentors.debian.net

There are numerous non-official sources of Debian packages set up by advanced users who have recompiled some software (Ubuntu made this popular with their Personal Package Archive service), by programmers who make their creation available to all, and even by Debian developers who offer pre-versions of their package online.
The mentors.debian.net site is interesting (although it only provides source packages), since it gathers packages created by candidates to the status of official Debian developer or by volunteers who wish to create Debian packages without going through that process of integration. These packages are made available without any guarantee regarding their quality; make sure that you check their origin and integrity and then test them before you consider using them in production.
Installing a package means giving root rights to its creator, because they decide on the contents of the initialization scripts which are run under that identity. Official Debian packages are created by volunteers who have been co-opted and reviewed and who can seal their packages so that their origin and integrity can be checked.
In general, be wary of a package whose origin you don't know and which isn't hosted on one of the official Debian servers: evaluate the degree to which you can trust the creator, and check the integrity of the package.

6.1.5. Debian 软件包 缓存 代理

When an entire network of machines is configured to use the same remote server to download the same updated packages, any administrator knows that it would be beneficial to have an intermediate proxy acting as a network-local cache (see sidebar VOCABULARY Cache).
You can configure APT to use a "standard" proxy (see 第 6.2.4 节 “Configuration Options” for the APT side, and 第 11.6 节 “HTTP/FTP Proxy” for the proxy side), but the Debian ecosystem offers better options to solve this problem. The dedicated software presented in this section are smarter than a plain proxy cache because they can rely on the specific structure of APT repositories (for instance they know when individual files are obsolete or not, and thus adjust the time during which they are kept).
apt-cacher and apt-cacher-ng work like usual proxy cache servers. APT's sources.list is left unchanged, but APT is configured to use them as proxy for outgoing requests.
approx, on the other hand, acts like an HTTP server that “mirrors” any number of remote repositories in its top-level URLs. The mapping between those top-level directories and the remote URLs of the repositories is stored in /etc/approx/approx.conf:
↵
# <name> <repository-base-url>↵
debian   http://ftp.debian.org/debian↵
security http://security.debian.org↵
approx 通过inetd (参见第 9.6 节 “ inetd 超级服务”)默认在9999端口运行,并需要用户调整sources.list 文件来指向 approx 服务器:
# Sample sources.list pointing to a local approx server
deb http://apt.falcot.com:9999/security jessie/updates main contrib non-free
deb http://apt.falcot.com:9999/debian jessie main contrib non-free