Beginning the Linux Command Line, Second edition (2015)

CHAPTER 8. Managing Software

By default, your Linux distribution will come with lots of software packages. Even if lots of packages are available by default, you will encounter soon enough a situation where you need to install new packages. In this chapter, you’ll learn how to do this. First, I’ll tell you about the different ways that software management is handled on Linux. Next, you’ll read about how to work with RPM-based packages. Then you’ll learn how to install packages that are delivered in the .deb format. You’ll also learn about software and package management tools such as yum, apt-get, and zypper; tracking and finding software packages; and managing updates and patches.

Note Occasionally, software packages are delivered as tar archives. Refer to Chapter 3 for additional information about tar.

Understanding Software Management

Linux software packages are very modular. This means that everything you need is rarely in one software package. Instead, to be able to work with a program a collection of software packages needs to be installed. Because the software packages are small in general, most software packages have dependencies. These dependencies are packages that also need to be installed for your software package to function well.

Managing these software package dependencies is amongst the greatest challenges when working with software packages in Linux. If you choose a solution that doesn’t know how to handle dependencies, you may see error messages indicating that in order to install package A, you also need to install packages B, C, and D. This is also referred to as dependency hell, and in the past it has been a very good reason for people not to use Linux.

Nowadays, all Linux distributions have some solution to manage these dependencies.

These solutions are based on software repositories. A repository is an installation source that contains a list of all installable packages. This means that your distribution’s software management solution knows which software packages are available and installs dependencies automatically. While installing, your installation medium will be a repository; to add new software, you will find yourself adding new repositories regularly. After installation you’ll typically make use of the on line repositories that are provided by your Linux distribution.

Managing RPM Packages

RPM stands for Red Hat Package Manager. It is the package management standard that was invented by Red Hat, and nowadays it is used by important distributions like Red Hat and its derivatives and SUSE. RPM is based on packages that have the extension .rpm. The names of these packages typically include name, version, and architecture of the software you are about to install. In this section, As an example, let’s take the package nmap-6.40-4.el7.x86_64.rpm. In this package you can read the name and subversion of the package (nmao-6.40-4). Next, the package name states the distribution, which in this case is “Enterprise Linux”, which stands for CentOS. Following that, the platform is identified as x86_64. You’ll see this platform in most cases, older platform types such as i386 are becoming quite scarce nowadays. If an RPM package hasn’t been written with a specific platform in mind, you’ll see “noarch” as the platform identifier. Make sure that you select the package that is written for your architecture. You will see packages that are written for noarch as well. These are installable on all hardware platforms.

Working with RPM

The most basic way to handle RPM packages is by using the rpm command. Although this command provides an easy method for package management, it doesn’t care about dependencies - which is why you shouldn’t use it to install software packages anymore. This means that you may need to install all dependencies themselves. However, if you just want to install a simple package, this command can help you. First, you may use it to install packages. To do this, use the -i option as in the following example command:

rpm -i iftop-0.16-1.i386.rpm

If all goes well, this command just installs the package without showing any output. If some condition exists that prevents your package from installing smoothly, however, this command will complain and stop installing immediately, which you can see in the following example:

nuuk:~ # rpm -i iftop-0.16-1.i386.rpm
package iftop-0.16-1 is already installed

A common reason why package installation may fail is that a package with the same name is already installed, which was the case in the second attempt to install the package iftop. It’s easy to avoid that problem: instead of using rpm -i, better use rpm -Uvh.

If a package with the name of the package you are trying to install is already installed, it will be upgraded by using the option -U. If it’s not installed yet, the rpm command will install it. Therefore, I’d recommend always using this command and not rpm -i. The other options are used to show more output to the user. The -v option adds verbosity, meaning it will show what the rpm command is actually doing. Finally, the -h option shows hashes, meaning you’ll be able to see progress while installing the software. Listing 8-1 shows two examples where rpm -Uvh is used.

Listing 8-1. Using rpm -Uvh to Install Packages

nuuk:~ # rpm -Uvh iftop-0.16-1.i386.rpm
Preparing... ########################################### [100%]
package iftop-0.16-1 is already installed
nuuk:~ # rpm -Uvh logtool-1.2.8-1.i386.rpm
Preparing... ########################################### [100%]
1:logtool ########################################### [100%]

Apart from installing packages, you can also use rpm to remove packages. To do this, issue rpm with the option -e, as demonstrated in the following command:

rpm -e iftop-0.16-1-i386.rpm

Although the rpm command offers an easy solution for installing individual packages, you may not want to use it as your preferred package management solution. There are two package management interfaces that make package management really easier, yum and zypper, and you can read more about them in the next two sections.

Even if the rpm command isn’t used much anymore for package installation, it is still being used frequently to perform queries in installed packages and packages that are about to be installed. To start with, there is the rpm -qa command. This command gives a list of all packages that are installed, and the results of the command can conveniently be searched with the grep utility. Also, rpm queries allow you to figure out what is inside a package. The following queries are particularly helpful:

· rpm -ql packagename: shows all files inside a package

· rpm -qc packagename: shows all configuration files in a package

· rpm -qd packagename: shows documentation that is included in the package

· rpm -qi packagename: shows generic package information.

· rpm -qf packagename: shows which package /file/name has been installed from

In exercise 8-1 you’ll learn how to work with RPM queries.

EXERCISE 8-1: WORKING WITH RPM QUERIES

Note that this exercise will work only on RPM based distributions such as Red Hat and its derivatives and SUSE.

1. Type rpm -qa to see a list of all packages that are installed on your computer.

2. Type rpm -qa | grep bash to find out which version of the bash shell has been installed.

3. Type rpm -ql $(rpm -qa | grep bash). This command uses command subsitution: the result of the command rpm -qa | grep bash is used by the rpm -ql command, to list the contents of the bash package on your system.

4. Type rpm -qc $(rpm -qa | grep bash). This will show a list of all configuration files that are installed from the bash package.

5. Type rpm -qf /etc/passwd. This shows the name of the package that the /etc/passwd file was installed from.

Working with yum

The yum system makes working with RPM packages easy. This package management interface works with repositories that contain lists of installable software. As an administrator, your first task is to make sure that you have all the software repositories you need in your configuration. Based on this repository list, the yum command is used to perform all kinds of software package management tasks.

Managing yum Repositories

Managing yum all starts with managing software repositories. For this purpose, your distribution provides the /etc/yum.conf configuration file; most distributions also include the directory /etc/yum.repos.d, which can contain configuration files for individual software repositories. In Listing 8-2, you can see what the default repository configuration for Fedora software packages looks like.

Listing 8-2. Default Software Repository Configuration for Fedora

[root@fedora yum.repos.d]# cat fedora.repo
[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/
Everything/$basearch/os/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-
$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/ Eve
rything/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-
$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

[fedora-source]
name=Fedora $releasever - Source
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/ Eve
rything/source/SRPMS/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-
$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch

As you can see, each of the package sources contains a few common items:

· Name of the repository: This is just the identification for your repository. Make sure that it is unique.

· Failover method: It is possible to configure repositories in a failover configuration. This means you refer to two or more different repositories that contain the same software. This is useful for creating some redundancy for repositories: if one repository fails, the other one will take over. If you choose to do that, this line indicates whether this is the repository with priority.

· Base URL: This is the base URL that brings you to the repository. As you can see, the URL mentioned here is commented out, which ensures that only the mirrors as specified in the mirror list are used.

· Mirror list: This line refers to a location where a list of mirror servers is found.

· Enabled status: This indicates whether this repository is on or off. You can see that on installation of the Fedora software, three repositories are listed in this file, but of these three, only one has the value of 1 and is on.

· GPG configuration: To check the integrity of software packages, GPG is used. The line gpgcheck=1 switches this feature on. In the line gpgkey=, there is an indication of what GPG key to use.

Note GPG offers PGP (Pretty Good Privacy)–based integrity checking of software packages. GPG is just the GNU version of PGP, which is available for free usage.

Note that on most Linux distributions, only online package repositories are used. This ensures that you’ll always get the latest version of the package you need to install, and it also makes sure that you can update your software smoothly. If you have already installed software from the online repositories, it is a bad idea to install packages from the installation media later, as you may end up with the wrong version of the package and some installation problems. If you are sure that you will never do online package management on a particular system, however, it is a good idea to configure yum to work with the local installation media only. The following procedure describes how you can do this for a Fedora system:

1. Before working with yum, make sure that the installation media is mounted at a fixed mount point. In this example, I’ll assume that you have configured your system to mount the installation media on /cdrom. You need to not only configure fstab for this purpose, but also make sure that it is actually mounted at this moment.

2. Open the /etc/yum.conf file and make sure that you switch off PGP checking. The following line accomplishes this:

gpgcheck=1

3. Open the repository files one by one and disable all online repositories. Just check for a repository that has enable=1 and change that to enable=0.

4. In any of the repository files (you can create a new file in /etc/yum.repos.d or include this information in one of the existing files), include the following lines:

[fedora-dvd]
name=Fedora installation DVD
baseurl=file:///cdrom

At this point, you have configured your system to look on the installation DVD only. Don’t forget to switch the online resources back on again if you ever intend to connect this system to the Internet to install software packages. You can do so by changing the value for the enableparameter that you used in step 3 of the procedure back to 1.

It will on occasion also happen that you need to create your own repository. This is useful if you’re using custom RPMs that are not in the default repositories and you want to install them using the yum command. To do this, you’ll need to copy the RPMs to a local directory and create the repository metadata for this directory. Once this is done, you can use the repository to install software.

EXERCISE 8-2: CREATING A LOCAL REPOSITORY

Using repositories for software installation is convenient, because while doing so the installer will always try to install software dependencies as well. In this exercise you’ll configure your own repository. Notice that this exercise works on Red Hat only.

1. Type mkdir /repo to create a directory that will be used as a repository.

2. Type cd /repo and next type yumdownloader nmap http vsftpd. If the command yumdownloader is not installed, install it by using yum install -y yum-utils.

3. Type createrepo /repo. This will generate the required indexes to make of the/repo directory a repository.

4. Type yum repolist. This command shows all repositories that are currently known. It will not include the newly created repository.

5. To start using the newly created repository, create the file /repo/local.repo and give it the following contents:

[localrepo]
name=local
baseurl=file:///repo
gpgcheck=0

6. Type yum repolist again. The newly created repository should now be listed.

Managing Software Packages with yum

Based on the software repositories you have installed, you can use the yum command. This command is written to be intuitive. You want to install a package? Use yum install. Need to update? yum update will help. Following are some examples of the most important arguments that you can use with yum:

· install: Use this to install a package. For instance, yum install nmap would search the software repositories for the nmap package and, if found, install it (see Listing 8-3). This installation is interactive; yum will first show you what it found and next install that for you.

Listing 8-3. Installing Software Packages with yum

[root@fedora etc]# yum install nmap
Loaded plugins: refresh-packagekit
fedora-dvd | 2.8 kB 00:00
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package nmap.i386 2:4.68-3.fc10 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved

===========================================================================
Package Arch Version Repository Size
===========================================================================
Installing:
nmap i386 2:4.68-3.fc10 fedora-dvd 914 k

Transaction Summary
===========================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 914 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : nmap 1/1

Installed:
nmap.i386 2:4.68-3.fc10

Complete!

· update: Use yum update if you want to update your entire system. You can also use the update command on a specific package; for instance, yum update nmap would search the software repositories to see whether a newer version of nmap is available, and if this is the case, install it.

· remove: Use this to remove a package from your system. For instance, yum remove nmap would delete the nmap package, including all dependencies that become obsolete after removing this package.

· list: This option contacts the repositories to see what packages are available and show you which are and which are not installed on your system. Just use yum list to see a complete list of all packages. This command used in combination with grep allows you to search for specific packages.

· The yum list command has some specific options itself. By default, it shows all packages, installed or not, that are available. In case you just want to see a list of packages that are installed, you can use yum list installed.

· info: If you want more information about any of the installed packages on your system, use yum info, followed by the name of the package. For instance, yum info nmap would give you all available details about the nmap package (see Listing 8-4). Based on this information, you can make the decision whether or not you need this package.

Listing 8-4. Use yum info to Get More Information About a Package

[root@fedora etc]# yum info nmap
Loaded plugins: refresh-packagekit
Installed Packages
Name : nmap
Arch : i386
Epoch : 2
Version : 4.68
Release : 3.fc10
Size : 3.2 M
Repo : installed
Summary : Network exploration tool and security scanner
URL : http://www.insecure.org/nmap/
License : GPLv2
Description: Nmap is a utility for network exploration or security auditing.
: It
: supports ping scanning (determine which hosts are up), many port
: scanning techniques (determine what services the hosts are
: offering), and TCP/IP fingerprinting (remote host operating
: system
: identification). Nmap also offers flexible target and port
: specification, decoy scanning, determination of TCP sequence
: predictability characteristics, reverse-identd scanning, and
: more.

· provides: The yum provides command tells you what RPM package provides a given file. Listing 8-5 shows you the result of this command when used to find out where the file /etc/samba/smb.conf comes from.

Listing 8-5. Use yum provides to Find Out What RPM Package a Given File Comes From

[root@fedora ~]# yum provides /etc/samba/smb.conf
Loaded plugins: refresh-packagekit
samba-common-3.2.4-0.22.fc10.i386 : Files used by both Samba servers and
clients
Matched from:
Filename : /etc/samba/smb.conf

· search: The yum search command allows you to search for a specific package, based on a search string that is composed as a regular expression. For instance, yum search nmap would give you the names of all packages whose name contains the text nmap.

· provides: The yum provides command will find a package based on a specific file you’re looking for. For instance, type yum provides */gedit to find the specific RPM package that contains the gedit file. Notice that the file should always be referred to using a path reference: yum provides */gedit and not yum provides gedit.

· localinstall: In older Red hat you could use yum localinstall for installing RPM packages that are not in a repository. On recent Red Hat, you can do this with yum install also.

In exercise 8-3 you’ll learn how to work with yum repositories.

EXERCISE 8-3: WORKING WITH YUM REPOSITORIES

Notice that this exercise can be done on Red Hat and its derivatives only.

1. Type yum repolist. This command will show a list of currently available repositories.

2. Type yum list all. This shows a list of all packages, also packages from repositories that haven’t been installed yet.

3. Type yum list installed. This shows installed packages only. Notice that it also shows the name of the repository the package has been installed form.

4. Type yum search nmap. This will show the name of the nmap package as found in the repositories.

5. Type yum install nmap to install it.

6. Use yum provides */semanage. This will show the name of the package that contains the semanage command file.

Working with zypper

On SUSE Linux, an alternative to the RPM package manager is used, the zypper package manager. The intention of this package manager was to provide the same functionality that yum does, but in a faster way. The zypper package also works with package repositories and command-line utilities.

Managing zypper Software Repositories

In zypper, a repository is called an installation source. Installation sources are kept in the zypper database, which is in /var/lib/zypp. To manage zypper installation sources, you have to use the zypper command. The most important options that are related to package management are listed here:

· service-add URI: The zypper service-add command will add an installation source. This command is followed by a Universal Resource Identifier (URI), which can be a web address, but which can also refer to a local directory on your system. For instance, the command zypper service-add file:///packages would add the contents of the directory /packages to the installation sources, as shown in Listing 8-6.

Listing 8-6. Adding an Installation Source with zypper

nuuk:~ # zypper service-add file:///packages
3211 zmd
ZENworks Management Daemon is running.
WARNING: this command will not synchronize changes.
Use rug or yast2 for that.
Determining file:/packages source type...
.. not YUM
.. not YaST
Unknown source type for file:/packages

As you can see, the zypper service-add command uses URL format. In Listing 8-6, the URL that was used refers to something on the local file system. However, you can also use zypper to refer to something that is on the Internet. For instance, zypper service-add http://www.example.com/packages would add an installation source that is on a web server. zypper uses the same URL syntax that you use when working with a browser and is therefore intuitive to work with.

· service-list: As its name suggests, this command allows you to display a list of all available zypper installation sources (zypper uses services as a synonym for installation sources).

· service-remove: Use this to remove installation sources from the list of available services.

Managing RPM Packages with zypper

Once the service lists are all configured, you can use zypper at the command line to manage software packages. In its use, zypper looks a lot like the yum utility; basically, you can just replace the yum command by the zypper command in most cases. However, there are also some useful additions to the zypper command that do not have yum equivalents. Following is an overview of the most important zypper command-line options:

· install: Use zypper install to install a package. For instance, to install the package nmap, you would use the command zypper install nmap.

· remove: Use zypper remove to remove a package from your system. For instance, to remove the package nmap, type zypper remove nmap.

· update: Use this to update either your complete system or just one package. To update the entire system, use zypper update; to update one package only, add the name of the package you want to update to this command. For instance, if you want to update the package nmap, use zypper update nmap.

· search: Use this to search for a particular package. By default, zypper will search in the list of installed packages, as well as the list of packages that haven’t been installed yet. If you want to modify this behavior, add the option -i to search in installed packages only or-u to search in uninstalled packages only. The argument used with zypper search is interpreted as a regular expression. For instance, the command zypper search -i samba would just look for all packages that have the string samba in their name and show a list of these. Listing 8-7 shows what the result of this command looks like.

Listing 8-7. Use zypper search to Get a List of All Packages That Contain a Given String in Their Name

· patches: This useful command will show a list of all available patches. Use this command if you not only want to update, but also would like to know what exactly an update will do to your system.

In some cases, the zypper command will give you a lot of information. To filter out only the parts you need, use the grep utility.

Managing DEB Packages

RPM is not the only way to package software for Linux. Another very popular package format is the .deb format. This format was originally developed on Debian Linux but is now also the default package format for other distributions, of which Ubuntu is the most important. In this section, you’ll learn how to manage packages in this format. I’ve based this section on Ubuntu; you may therefore find some differences with the way other distributions handle .deb packages.

Managing .deb Software Repositories

On an Ubuntu system, a list of all these installation sources is kept in the file /etc/apt/sources.list. Although the most important software repositories are added to this file automatically, you may occasionally want to add other software repositories to this list. To understand how this works, it is useful to distinguish between the different package categories that Ubuntu uses. This will tell you more about the current status of a package, for example, if the package is considered safe or if it has licensing that doesn’t comply to common open source standards.

In all repositories, you’ll always find the following five package categories:

· Main: The main category portion of the software repository contains software that is officially supported by Canonical, the company behind Ubuntu. The software that is normally installed to your server is in this category. By working with only this software, you can make sure that your system remains as stable as possible and—very important for an enterprise environment—that you can get support for it at all times.

· Restricted: The restricted category is basically for supported software that uses a license that is not freely available, such as drivers for specific hardware components that use a specific license agreement, or software that you have to purchase. You’ll typically find restricted software in a specific subdirectory on the installation media.

· Universe: The universe category contains free software that is not officially supported. You can use it, and it is likely to work without problems, but you won’t be able to get support from Canonical for software components in this category.

· Multiverse: The multiverse component contains unsupported software that falls under license restrictions that are not considered free.

· Backports: In this category, you’ll find bleeding-edge software. If you want to work with the latest software available, you should definitely get it here. Never use it if your goal is to install a stable server.

When installing software with the apt-get utility, it will look for installation sources in the configuration file /etc/apt/sources.list. Listing 8-8 shows a part of its contents.

Listing 8-8. Definition of Installation Sources in sources.list

root@ubuntu:~# cat /etc/apt/sources.list
#

# deb cdrom:[Ubuntu-Server 14.04.2 LTS _Trusty Tahr_ - Release amd64 (20150218.1)]/ trusty main restricted

#deb cdrom:[Ubuntu-Server 14.04.2 LTS _Trusty Tahr_ - Release amd64 (20150218.1)]/ trusty main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ trusty universe
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty universe
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

you can see, the same format is used in all lines of the sources.list file. The first field in these lines specifies the package format to be used. Two different package formats are used by default: .deb for binary packages (basically precompiled program files) and .deb-src for packages in source file format. Next, the URI is mentioned. This typically is an HTTP or FTP URL, but it can be something else as well. For instance, it can refer to installation files that you have on an installation CD or in a directory on your computer. After that you’ll see the name of the distribution (trusty), and you’ll always see the current distribution version there. Last, every line refers to the available package categories. As you can see, most package categories are in the list by default.

Now that you understand how the sources.list file is organized, it follows almost automatically what should happen if you want to add some additional installation sources to this list: make sure that all required components are specified in a line, and add any line you like referring to an additional installation source. Once an additional installation source has been added, it will be automatically checked when working on software packages. For example, if you should use the apt-get update command to update the current state of your system, the package manager will check your new installation sources as well.

Tip! In some cases you may want to add your own repository. This is useful if you have a couple of .deb files and want to make them accessible for installation to user computers. Doing so is a simple 3-step procedure. Start by creating the directory and putting the .deb files in that directory. Next, you’ll run the dpkg-scanpackages command to create the repository metadata. As the last step, add the newly created repository to the sources.list files on all computers that need to use it.

A second important management component used by package managers on your computer is the package database. The most fundamental package database is the dpkg database, which is managed by the Debian utility dpkg. On Ubuntu as well as Debian, however, the Advanced Packaging Tools (apt) set is used for package management. These Ubuntu tools add functionality to package management that the traditional dpkg approach typically cannot offer. Because of this added functionality, the apt tools use their own database, which is stored in/var/lib/apt. By communicating with this database, the package manager can query the system for installed software, and this enables your server to automatically solve package- dependency problems.

Tip! To summarize it briefly: if you want to install software or manage installed software packages, use apt which talks to the apt database. If you want to query installed packages, use dpkg.

Every time a package is installed, a list of all installed files is added to the package database. By using this database, the package manager can even see whether certain configuration files have been changed, which is very important if you want to update packages at your server!

Ubuntu Package Management Utilities

You can use any of several command-line package management utilities on Ubuntu. The most important of these interact directly with the package database in /var/lib/apt. You would typically use the apt-get command for installation, updates, and removal of packages, and so you’ll find yourself working with that utility most of the time. You should also know of the aptitude utility, which works in two ways. You can use aptitude as a command-line utility to query your server for installed packages, but aptitude also has a menu-driven interface that offers an intuitive way to manage packages (see Figure 8-1).

Figure 8-1. The aptitude menu drive interface makes package management easier

Another approach to managing packages is the Debian way. Because Ubuntu package management is based on Debian package management, you can use Debian package management tools like dpkg as well. However, these do not really add anything to what Ubuntu package management already offers, and so I will not cover the Debian tools in this book.

Understanding apt

Before you start working on packages in Ubuntu, it is a good idea to decide what tool you want to use. It’s a good idea because many tools are available for Ubuntu, and each of them uses its own database to keep track of everything installed. To prevent inconsistencies in software packages, it’s best to choose your favorite utility and stick to that. In this book, I’ll focus on the apt-get utility, which keeps its database in the /var/lib/apt directory. This is my favorite utility because you can run apt-get as a very easy and convenient tool from the command line to perform tasks very quickly. The apt-get utility works with commands that are used as its argument, such as apt-get install something. In this example, install is the command you use to tell apt-get what you really want to do. Likewise, you can use some other apt-get commands. The following four commands are the most important building blocks when working with apt-get:

· update: This is the first command you want to use when working with apt-get. It updates the list of packages that are available for installation. Use it to make sure that you install the most recent version of a package.

· upgrade: Use this command to perform an upgrade of your server’s software packages.

· install: This is the command you want to use every time you install software. It’s rather intuitive. For example, if you want to install the nmap software package, you would just type apt-get install nmap.

· remove: You’ve probably guessed already, but you’ll use this one to remove installed packages from your system.

Notice that you can use many package management operations using the apt-get command. You can not use it to search for specific packages though. To do this, you’ll use the apt-cache search command. In exercise 8-4 you’ll use this command.

EXERCISE 8-4: WORKING WITH APT-GET

In this exercise you’ll learn how to work with apt-get. Notice that this exercise will only work on Ubuntu and related Linux distributions.

1. Open a shell on your Ubuntu system.

2. Type sudo cat /etc/apt/sources.list. This shows the list of repositories that currently are being used.

3. Type sudo apt-get update. This downloads the latest package index files from the repositories, which allows you to compare currently installed packages with the packages that are available in the repositories.

4. Type sudo apt-cache search nmap. The apt-cache command allows you to search the current index files for the availability of packages.

5. Type sudo apt-get install nmap to install the nmap package.

6. Type sudo apt-get upgrade to upgrade all packages to the latest version.

Showing a List of Installed Packages

Before you start managing packages on Ubuntu Server, you probably want to know what packages are already installed, and you can do this by issuing the dpkg -l command. It’ll generate a long list of installed packages. Listing 8-9 shows a partial result of this command.

Note The apt-get utility is not the most appropriate way to list installed packages because it can see only those packages that are installed with apt. If you have installed a package with dpkg (which I would not recommend), you won’t see it with apt-get. So, to make sure that you don’t miss any packages, I recommend using dpkg -l to get a list of all installed packages.

Listing 8-9. The dpkg -l Command Shows Information About Installed Packages

root@ubuntu:~# dpkg -l | head
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============-=====================-============= ====================================
ii accountsservice 0.6.35-0ubuntu7.1 amd64 query and manipulate user account information
ii acpid 1:2.0.21-1ubuntu2 amd64 Advanced Configuration and Power Interface event daemon
ii adduser 3.113+nmu3ubuntu3 all add and remove users and groups
ii apparmor 2.8.95~2430-0ubuntu5.1 amd64 User-space parser utility for AppArmor
ii apport 2.14.1-0ubuntu3.7 all automatically generate crash reports for debugging

The result of the dpkg command shows information about packages and their status. The first character of the package shows the desired status for a package, and this status indicates what should happen to the package. The following status indicators are used:

· i: You’ll see this option in most cases, indicating that the package should be installed.

· h: This option (for “hold”) indicates that the package cannot be modified.

· p: This option indicates that the package should be purged.

· r: This option indicates that the package is supposed to be removed without removing associated configuration files.

· u: This option indicates that the current desired status is unknown.

The second character reveals the actual state of the package. You’ll find the following options:

· I: The package is installed.

· c: Configuration files of the package are installed, but the package itself is not.

· f: The package is not guaranteed to be correctly installed.

· h: The package is partially installed.

· n: The package is not installed.

· u: The package did install, but the installation was not finalized because the configuration script was not successfully completed.

The third character indicates any known error state associated with the package. In most cases you’ll just see a space (so, basically, you don’t see anything at all) indicating that nothing is wrong. Other options are as follows:

· H: The package is put on hold by the package management system. This means that dependency problems were encountered, in which case some required packages are not installed.

· R: Reinstallation of the package is required.

· X: The package requires reinstallation and has been put on hold.

You can also use the dpkg utility to find out what package owns a certain file. This is very useful information. Imagine that a file is broken and you need to refresh the package’s installation. To find out what package owns a file, use dpkg --search /your/file. The command will immediately return the name of the package that owns this file.

Using aptitude

On Ubuntu, a few solutions are available for package management. One of these is aptitude. The major benefit of this solution is that it is somewhat more user friendly because it can work with keywords, which are words that occur somewhere in the description of the package. For example, to get a list of all packages that have samba (the name of the well-known Linux file server package that you can use to provide Windows file services on your Linux computer) in their description, you would use aptitude search samba. Listing 8-10 shows the result of this command.

Listing 8-10. Showing Package Status Based on Keywords

sander@mel:~$ aptitude search samba
[sudo] password for sander:
p dpsyco-samba - Automate administration of access to samba
p ebox-samba - ebox - File sharing
p egroupware-sambaadmin - eGroupWare Samba administration applicatio
p gsambad - GTK+ configuration tool for samba
p samba - a LanManager-like file and printer server
v samba-client -
p samba-common - Samba common files used by both the server
p samba-dbg - Samba debugging symbols
p samba-doc - Samba documentation
p samba-doc-pdf - Samba documentation (PDF format)
p system-config-samba - GUI for managing samba shares and users

Once you have found a package using the aptitude command, you can also use it to show information about the package. To do this, you’ll use the show argument. For example, aptitude show samba will show you exactly what the package samba is all about (see Listing 8-11). As you can see, in some cases very useful information is displayed, including a list of dependencies that shows all packages that need to be installed if you want to use this package.

Listing 8-11. The aptitude show Command Shows What Is Offered by a Package

root@ubuntu:~# aptitude show samba
Package: samba
State: not installed
Version: 2:4.1.6+dfsg-1ubuntu2.14.04.9
Priority: optional
Section: net
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Uncompressed Size: 11.4 M
Depends: adduser, heimdal-hdb-api-8, libpam-modules, libpam-runtime
(>=1.0.1-11), lsb-base (>= 4.1+Debian), procps, python (>= 2.7),
python-dnspython, python-ntdb, python-samba, samba-common
(=2:4.1.6+dfsg-1ubuntu2.14.04.9), samba-common-bin
(=2:4.1.6+dfsg-1ubuntu2.14.04.9), samba-dsdb-modules, tdb-tools,
update-inetd, sysv-rc (>= 2.88dsf-24) | file-rc (>= 0.8.16), python
(<2.8), python2.7:any, libasn1-8-heimdal (>= 1.4.0+git20110226), libbsd0
(>= 0.5.0), libc6 (>= 2.14), libcomerr2 (>= 1.01), libhdb9-heimdal
(>=1.4.0+git20110226), libkdc2-heimdal (>= 1.4.0+git20110226),
libkrb5-26-heimdal (>= 1.4.0+git20110226), libldb1 (>= 0.9.21),
libpopt0 (>= 1.14), libpython2.7 (>= 2.7), libroken18-heimdal
(>=1.4.0+git20110226), libtalloc2 (>= 2.0.4~git20101213), libtdb1
(>=1.2.7+git20101214), libtevent0 (>= 0.9.14), samba-libs
(=2:4.1.6+dfsg-1ubuntu2.14.04.9)
PreDepends: dpkg (>= 1.15.6~), multiarch-support
Recommends: attr, logrotate, samba-vfs-modules
Suggests: bind9 (>= 1:9.5.1), bind9utils, ldb-tools, ntp, smbldap-tools,
winbind, ufw
Conflicts: libldb1 (< 1:1.1.15), libldb1 (< 1:1.1.15), samba (< 2:3.3.0~rc2-5),
samba (< 2:3.3.0~rc2-5), samba-ad-dc, samba-ad-dc, samba-doc
(<2:4.0.5~), samba-doc (< 2:4.0.5~), samba-tools, samba-tools, samba4
(< 4.0.0~alpha6-2), samba4 (< 4.0.0~alpha6-2), samba
Replaces: libsamdb0 (< 4.0.0~alpha17~), libsamdb0 (< 4.0.0~alpha17~),
python-samba (< 2:4.1.4+dfsg-3), python-samba (< 2:4.1.4+dfsg-3),
samba-ad-dc, samba-ad-dc, samba-common (<= 2.0.5a-2), samba-common
(<=2.0.5a-2), samba-doc (< 2:4.0.5~), samba-doc (< 2:4.0.5~), samba-libs
(< 2:4.1.4+dfsg-2), samba-libs (< 2:4.1.4+dfsg-2), samba4, samba4
Enhances: bind9, ntp
Description: SMB/CIFS file, print, and login server for Unix
Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing
support for cross-platform file and printer sharing with Microsoft Windows,
OS X, and other Unix systems. Samba can also function as an NT4-style domain
controller, and can integrate with both NT4 domains and Active Directory realms
as a member server.

This package provides the components necessary to use Samba as a stand-alone file and print server or as an NT4 or Active Directory domain controller. For use in an NT4 domain or Active Directory realm, you will also need the winbind package.

This package is not required for connecting to existing SMB/CIFS servers (see smbclient) or for mounting remote filesystems (see cifs-utils). Homepage: http://www.samba.org.

Adding and Removing Software with apt-get

The best tool for Ubuntu and Debian to perform package management from the command line is apt-get. It provides a very convenient way to install, update, or remove software packages on your machine. It requires root permissions, so you should always start the command with sudo.

Before you do anything with apt-get, you should always use the apt-get update command first. Because apt-get gets most software packages online, it should always know about the latest available versions of those packages. The apt-get update command makes sure of this, and it caches a list of the most recent version of packages that are available on your server. Once the update is performed, you can use apt-get to install and remove software. Installation is rather easy: to install the package blah, use apt-get install blah. The advantage of the apt-get command is that it really tries to understand what you are doing. This is shown in Listing 8-12, where the apt-get command is used to install the Samba server software.

Listing 8-12. The apt-get Command Tries to Understand What You Want to Do

root@ubuntu:~# apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
attr libaio1 libavahi-client3 libavahi-common-data libavahi-common3 libcups2
libfile-copy-recursive-perl libhdb9-heimdal libkdc2-heimdal libldb1 libntdb1
libtalloc2 libtdb1 libtevent0 libwbclient0 python-crypto python-dnspython
python-ldb python-ntdb python-samba python-talloc python-tdb samba-common
samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules tdb-tools
update-inetd
Suggested packages:
cups-common python-crypto-dbg python-crypto-doc bind9 bind9utils ldb-tools
ntp smbldap-tools winbind heimdal-clients
The following NEW packages will be installed:
attr libaio1 libavahi-client3 libavahi-common-data libavahi-common3 libcups2
libfile-copy-recursive-perl libhdb9-heimdal libkdc2-heimdal libldb1 libntdb1
libtalloc2 libtdb1 libtevent0 libwbclient0 python-crypto python-dnspython
python-ldb python-ntdb python-samba python-talloc python-tdb samba
samba-common samba-common-bin samba-dsdb-modules samba-libs
samba-vfs-modules tdb-tools update-inetd
0 upgraded, 30 newly installed, 0 to remove and 128 not upgraded.
Need to get 8,026 kB of archives.
After this operation, 46.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]

In the example from Listing 8-12, everything went all right because a package with the name samba exists. In some cases, you’ll see that apt-get doesn’t understand what you want it to do. If that happens, it sometimes gives a hint on the package that you need to install instead. If that doesn’t happen either, try to search the appropriate package first, using the aptitude search command.

You can also use apt-get to remove software, upgrade your system, and much more. The following list provides an overview of the most important functions of the apt-get command. Be aware that you should always run the command with root permissions, so use sudo to startapt-get (or set a root password and work as root directly).

· Install software: Use sudo apt-get install package.

· Remove software: Use sudo apt-get remove package. This option does not remove configuration files. If you need to remove those as well, use sudo apt-get remove --purge package.

· Upgrade software: To upgrade your complete operating system, use sudo apt-get update first so that you’re sure that apt-get is aware of the most recent version of the packages. Then use sudo apt-get dist-upgrade.

Summary

In this chapter, you have read how to manage software packages. You have learned that software packages can be installed as individual packages, but because of dependencies, this is not a very good idea. Therefore, all distributions currently work with a package management solution where the software repository is used to list installable packages and an intelligent command is used to manage packages as well as their dependencies. You have read how to manage packages from the RPM world with the yum and zypper commands, as well as packages from the Debian world with the apt commands. The following commands and utilities were discussed in this chapter:

· rpm: Command to create and manage RPM-based packages.

· yum: Package management utility in the Red Hat world.

· yumdownloader: Allows you to download packages from a repository to your system without installing them.

· zypper: Package management utility in the SUSE works. Works more or less the same as yum.

· apt-get: Ubuntu/Debian package management utility. Does a great job in installing and updating software.

· apt-cache: Tool that allows you to search for pacakges in the locally cached index files

· dpkg: Original Debian package management utility, which has been made more or less obsolete by apt-get. Still, dpkg is useful, especially for listing where the files from a package are installed.

· dpkg-scanpackages: Tool that allows you to convert a directory containing .deb packages into a repository.

· aptitude: Alternative for apt-get. According to some, this utility is easier to use.

In the next chapter, you’ll learn how to manage processes on your Linux computer.