Ubuntu: Questions and Answers (2014)
Package Management
Questions
Q: What's the difference between package managers?
Tags: package-management (Next Q)
I know Ubuntu/Kubuntu has several programs that can be used to install packages, such as apt-get, aptitude, and synaptic (and perhaps others). What are the differences between them, and which one is the recommended choice for normal day-to-day package management?
This is a basic question, but I think it'd be good information to have on the site, and besides I am relatively new to Ubuntu so I could use an expert explanation.
Tags: package-management (Next Q)
User: david-z
Answer by mac9416
Probably the most popular package managers are apt-get, aptitude, synaptic, and Software Center. There are others (Linux Mint has its own, and there are some designed for KDE), but these are the ones you'll run into most often.
apt-get is a simple command-line tool. It's handy if you know the exact package name of what you want to install and don't want to spend time clicking through a GUI to get it.
aptitude is very similar to apt-get, and I've heard that it deals better with crazy dependency situations. Which one is really better is debatable.
synaptic is a low-level GUI. This is a good choice if you are a fairly advanced user but are not comfortable with command-line utilities.
Software Center is a very high-level, new-user-friendly GUI. Software is nicely categorized so that, if you're not exactly sure what app you want, you can find what you need quickly. The Software Center also stands out in that it is the only package manager in this list that allows you to purchase commercial applications.
dpkg is a lesser-used, low-level package manager standard for most Debian-based systems. In reality, apt-get, aptitude, synaptic, and the Ubuntu Software Center are all just front-ends to either dpkg or apt, which is in itself a front-end to dpkg.
In answer to your question, "which one is the recommended choice for normal day-to-day package management", I would say that Software Center is recommended for most uses. But as you gain more experience, you will find some of the features of lower-level package managers useful.
Answer by lfaraone
The Debian FAQ has a pretty good explanation of the different package managers. (dpkg, apt-get, aptitude, tasksel, synaptic)
Answer by david-z
As an addition to mac9416's excellent answer, Kubuntu offers the same command-line tools as Ubuntu, namely dpkg, apt-get, and aptitude. There are also two graphical package managers:
Adept is a straightforward GUI for apt-get, which lets you edit the source lists, browse packages by category or by name, see their status, and install/uninstall them.
KPackageKit is a simple GUI for PackageKit, which is a newer, cross-distribution package management system that uses apt-get behind the scenes. It lets you search for programs by various criteria, install and uninstall programs, make routine upgrades, and edit the source lists.
Tags: package-management (Next Q)
Q: How can I install just security updates from the command line?
Tags: package-management (Next Q), security (Next Q), updates (Next Q)
sudo apt-get upgrade installs all updates, not just security updates. I know that I can use Update Manager to select only important security updates, but is there a way to do this from the command line?
Tags: package-management (Next Q), security (Next Q), updates (Next Q)
User: mac9416
Answer by blueyed
The package unattended-upgrades provides functionality to install security updates automatically.
You could use this, but instead of configuring the automatic part you could call it manually. For this case, the following should do it:
sudo unattended-upgrade
This assumes that the package is installed by default, which it probably is. If not, just do:
sudo apt-get install unattended-upgrades
(watch out: the package is with final "s", the first command, not)
See also /usr/share/doc/unattended-upgrades/README.
Answer by ressu
replace /etc/apt/preferences with the following:
Package: *
Pin: release a=lucid-security
Pin-Priority: 500
Package: *
Pin: release o=Ubuntu
Pin-Priority: 50
now a simple apt-get upgrade will upgrade all security updates only.
Why (and how) this works: The preferences file will pin all packages from ubuntu distribution to priority 50, which will make them less desirable than already installed packages. Files originating from security repository are given the default (500) priority so they are considered for installation. This means that only packages that are considered more desirable than currently installed ones are security updates. More information about pinning in the apt_preferences manpage.
You can temporarily promote a certain distribution for updates with the --target-release option that works with apt-get and aptitude (at least) which will allow you pin certain releases so that they are eligible for upgrade.
If you wish to use this for scripts only and not make it default for the system, you can place the rules in to some other location and use this instead:
apt-get -o Dir::Etc::Preferences=/path/to/preferences_file upgrade
This will make apt look for the preferences file from a non-default location.
The preferences file given as an example doesn't apply to third party repositories, if you wish to pin those too you can use apt-cache policy to easily determine the required keys for pinning.
Answer by iliv
A Few Tips On How To Manage Updates
This applies both to Debian and Ubuntu, but more specific instructions for Ubuntu follow.
Show security updates only:
apt-get -s dist-upgrade |grep "^Inst" |grep -i securi
or
unattended-upgrade --dry-run -d
or
/usr/lib/update-notifier/apt-check -p
Show all upgradeable packages
apt-get -s dist-upgrade | grep "^Inst"
Install security updates only
apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
Check what services need to be restarted after package upgrades. Figure out what packages you are going to upgrade beforehand and schedule your restarts/reboots. The problem here is that unless you restart a service it still may be using an older version of a library (most common reason) that's been loaded into memory before you installed new package which fixes a security vulnerability or whatever.
checkrestart -v
However, keep in mind that checkrestart may list processes that shouldn't necessarily be restarted. For example, PostgreSQL service may be keeping in its memory reference to an already deleted xlog file, which isn't a valid reason to restart the service.
Therefore, another, more reliable, way to check this using standard utils is the following little bash script that I shamelessly stole from https://locallost.net/?p=233
It checks if running processes on a system are still using deleted libraries by virtue of keeping copies of those in active memory.
ps xh -o pid \
| while read PROCID; do
grep 'so.* (deleted)$' /proc/$PROCID/maps 2> /dev/null
if [ $? -eq 0 ]; then
CMDLINE=$(sed -e 's/\x00/ /g' < /proc/$PROCID/cmdline)
echo -e "\tPID $PROCID $CMDLINE\n"
fi
done
Sometimes Ubuntu shows security updates as if they're coming from $release-updates repository. This is so, I'm told, because Ubuntu developers push security updates to $release-updates repository as well to expedite their availability.
If that's the case, you could do the following to deal with security updates only:
sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list'
apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.repos.only.list |grep "^Inst" | awk -F " " {'print $2'} | xarg apt-get install
Tags: package-management (Next Q), security (Next Q), updates (Next Q)
Q: How do I find the package that provides a file?
Tags: package-management (Next Q)
Simple enough question: is there some shell command (or GUI method) I can use that, given the path to a file on my system, tells me what package put it there? Assuming the file did in fact come from a package, that is.
Bonus question: what if it's a file that isn't installed on my system? Is there, say, a website that will let me look up a file and see what packages, if any, provide it?
Tags: package-management (Next Q)
User: david-z
Answer by ressu
You can use dpkg command to find out which package owns a file:
dpkg -S /bin/ls
You can either search with a full path or with just the filename.
If you wish to search for files not yet installed on your computer, you can use the Ubuntu Packages Search
Answer by jbowtie
The apt-file command can do this for you from the command line. I use it frequently when building packages from source. For files provided by packages that are already installed on your system, apt-cache is another choice.
However a much friendlier way is to use the Ubuntu Packages Search website. They have an option to "search the contents of packages" for a specific filename.
Tags: package-management (Next Q)
Q: How can I install software or packages without Internet (offline)?
Tags: package-management (Next Q)
I have a friend who has got a computer that is not connected to the Internet. Is there any way to install software offline easily?
Tags: package-management (Next Q)
User: akshatj
Answer by javier-rivera
Check out Keryx, it's an offline repository manager.
How does it work? It lets you download updates and new programs (with dependencies) to your flash drive.
Its interface is similar to synaptic but it works from a pendrive (it doesn't need installation). Unfortunately, the GUI needs wxwidgets, which don't come preinstalled on Ubuntu (they're cross-platform and installable from hereand ubuntu repository here). It can only install software in a Ubuntu system, but you can download the updates or new packages in any Linux, Windows or OS/X.
Here you can find a tutorial.
Another detailed step-by-step tutorial in this answer.
Launchpad also hosts downloadable files.
A screenshot:
Answer by jr0cket
A quick hack
A quick hack is to copy all the packages you downloaded for your install to his machine. The .deb files are stored in /var/cache/apt/archives, then in the other computer launch Synaptic and select File -> Add Package Downloadedand search the folder were you put the files and open it, accept all.
NOTE:
This assumes that your package manager is not setup to delete the packages straight after install. It also assumes that you are running the same version of Ubuntu (10.10, 12.04, etc) and architecture version (32b or 64b).
A DVD repository
If you want the latest bug fixes and security patches available then have a look at this tutorial, which covers creating your own DVD repository.
Answer by jr0cket
A USB repository
If you have a decent sized USB stick - assuming around 4-8Gb (or external hard drive) you can set up a custom copy of the Ubuntu repository and configure that as a local repository as covered in AptGet/Offline/Repository on help.ubuntu.com.
To get the actual package files (the .deb files), I suggest using apt-mirror.
The apt-mirror package will help you create a custom mirror which should be smaller than the 30Gb of the full repository. Install the package:
sudo apt-get install apt-mirror
and edit its configuration file
gksudo gedit /etc/apt-mirror/mirror.list
Only include the repository sections you want. Here is a simple example that copies the binary .deb files from all 4 sections (main, restricted, universe and multiverse) as well as the latest bug fixes.
Skip code block
# apt-mirror configuration file
##
## The default configuration options (uncomment and change to override)
##
#
set base_path /tmp/ubuntumirror
#
## Repositories to copy from -
## use a mirror so you don't overload the main server!!!
# Lucid binaries - no source files
deb http://archive.ubuntu.com/ubuntu lucid main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse
## Clean up older .deb files no longer in the archive
clean http://archive.ubuntu.com/ubuntu
It is guesstimated that you will need around 15Gb of space for all 4 sections, without the source.
I have put the path for all the .deb files to be /tmp, make sure you have enough space so your hard drive does not fill up (if your hard drive does fill up and your computer freezes, /tmp should be cleared with a reboot).
If you just want the main files, remove the restricted, universe and multiverse names from the configuration file.
If you are using a different architecture (you have 64bit, but your friend has 32 bit) then add the following at the start of the mirror.list configuration file:
set defaultarch i386
Once you have the apt-mirror configuration you want, run apt-mirror and go do something fun or life changing as it will take hours or days to get the repository (depending on your connection and the Ubuntu mirror you are using).
Once you have the .deb files, copy the files to your USB memory stick (or external hard drive) and set up the local repository as per the article mentioned previously.
Test it works before taking it to your friend!
Tags: package-management (Next Q)
Q: What is the difference between upstream and downstream when referring to who to go to as a developer?
Tags: package-management (Next Q)
What is the difference between upstream and downstream when referring to who (or where) to go to as a developer or packager?
Tags: package-management (Next Q)
User: deinerson1
Answer by jorge-castro
Think of it as a great river, with the people who write the software as the source of the river. They would be the upstream, futher downstream would be your distribution, and at the end of the river would be the user. Ubuntu is in the middle of the river.
Upstream would be the software that Ubuntu packages and ships to users. Things like GNOME, Firefox, X.org, the Linux kernel, and many more applications. This is the bulk of the things that are in the archive, as they represent a collection of upstream projects.
Ubuntu has one special upstream, Debian, which Ubuntu derives from. So, they are Ubuntu's upstream for many packages, though for some packages, like the kernel, Ubuntu packages directly from the upstream project, though for the majority of packages Debian is the upstream to Ubuntu, and the project that is packaged is upstream to Debian.
Downstreams of Ubuntu would be Ubuntu derived distributions, like Linux Mint.
Examples of usage of this term depends on the context. So for example if you have a bug with Firefox that Ubuntu didn't introduce then you might hear the term "Make sure you're reporting that bug upstream". The person means reporting the bug directly to Firefox in this case.
In the case of Ubuntu, getting the right feedback from users to the upstream developers is an important thing we do. Here are some links of what we do:
· Upstream information for application developers. I maintain this namespace as a landing page for upstream application developers who want to understand how to work with Ubuntu.
· Reporting bugs upstream, see the report.
· Ensuring patches from users get back upstream so they can be integrated. Remember that every patch carried in a distro has an engineering cost AND improving the software for everyone is a goal.
· Our work with Debian.
To better answer your question here are some examples of how someone would tell you to talk to an upstream:
· "I want to make a multimedia application for Ubuntu" - You would use the upstream gstreamer framework.
· "I want my app to talk to other apps over the internet" - You would use the upstream telepathy framework.
· "I want to add a feature to Firefox." - You would go talk to Firefox directly and do all that work upstream.
· "I want to add an Ubuntu specific feature to Firefox" - You would talk to Ubuntu as it's likely upstream wouldn't want or care about the feature. A maintainer will let you know.
· Likewise, if you were to report a bug to an upstream app (like Firefox) that was caused by something in Ubuntu, not Firefox, they would refer you to report the bug downstream. (thanks tj111)
Tags: package-management (Next Q)
Q: How to prevent updating of a specific package?
Tags: package-management (Next Q), updates (Next Q)
Because of bug #693758 I'd like to prevent apt-get upgrade and Update Manager from updating the "libgtk2.0-0" package.
How can this be achieved?
Tags: package-management (Next Q), updates (Next Q)
User: ivan
Answer by hhlp
Now go to Synaptic Package Manager (System > Administration > Synaptic Package Manager)
Click search button and type package name.
When you find package select it and go to Package (in menu) and click Lock Version.
and you are done, now that package will not show in update manager and it will not be updated.
There are four ways of holding back packages, with dpkg, apt, aptitude or with dselect.
Using dpkg
Put a package on hold
echo "package hold" | sudo dpkg --set-selections
Remove the hold
echo "package install" | sudo dpkg --set-selections
Displaying the status of your packages
dpkg --get-selections
Displaying the status of a single package
dpkg --get-selections | grep "package"
Using apt
you can hold a package using
sudo apt-mark hold package_name
and remove the hold with
sudo apt-mark unhold package_name
Using aptitude
you can hold a package using
sudo aptitude hold package_name
and remove the hold with
sudo aptitude unhold package_name
Using dselect
With dselect, you just have to enter the [S]elect screen, find the package you wish to hold in its present state, and press = or H. The changes will go live immediately after you exit the [S]elect screen.
Answer by bodhi.zazen
I am even older school =)
To put a package "foo" on hold echo foo hold | dpkg --set-selections In your case we are going to put wine on hold:
sudo -i
echo wine hold | dpkg --set-selections
To remove hold
sudo -i
echo wine install | dpkg --set-selections
Answer by hbdgaf
Preventing a package from being installed is called "package holding" and it is very simple to do:
echo package_name hold | dpkg --set-selections
...where *package_name* is the name of the package you want to prevent from installation.
Note: the above command assumes root privileges. In other words, you will probably need to type sudo su before running it.
Tags: package-management (Next Q), updates (Next Q)
Q: Why can't I update applications without upgrading the whole OS?
Tags: package-management (Next Q), updates (Next Q)
In Ubuntu, once a release is out the software one has installed receives security updates only. In Windows, I can get new versions of programs with new features. How can Windows do this and why can't Ubuntu?
Tags: package-management (Next Q), updates (Next Q)
User: thelaststud
Answer by jacob-johan-edwards
This is a problem that the Ubuntu Software Center team is in the progress of solving.
The problem is that Ubuntu traditionally draws most of its applications from the in-development branch of Debian GNU/Linuxanother free operating systemand then "freezes" a snapshot of it for inclusion in a release. This body of community-maintained softwarecalled "the universe"consists of 80,000 software packages; Ubuntu developers couldn't possibly provide major updates for all this software, on every supported release, while still maintaining the same level of quality.
In order to resolve this issue, Ubuntu has created the MyApps developer portal. Now that Ubuntu is a large platform with over twenty million users, it is hoped that developers will be interested in submitting apps directly to Ubuntu, and release periodic updates to their software across Ubuntu releases.
For "the universe"which the Software Center team hopes to eventually be a small fraction of available softwarethe "backports" system of optional software upgrades (which already exists at a half-functional level) will be scaled up.
The Software Center interface for major software updates has been designed by a Canonical UI employee, but is not yet implemented:
If you are interested in the future of application delivery in Ubuntu, I recommend watching Ubuntu Software Center and the Future of the Universe.
Answer by rafał-cieślak
This is actually a feature of Ubuntu.
There is no problem with updating the software with its latest version, and Ubuntu developers might do it easily. And, actually, it is done in several other Linux distributions, including Arch.
As you have noticed, Ubuntu software is updated only with security updates and critical bug fixes. All features are "frozen", and after a Ubuntu release no software is updated to a new major version. Although it seems like a disadvantage of Ubuntu, in fact it's one of its pros.
Why freeze applications' versions and not update the features? There are several reasons.
· New versions are frequently less stable then older ones. Using a slightly older version ensures it has been well tested.
· One can trust that Ubuntu will not significantly change within a particular version. This is very important e.g. for large companies, that want to be able to rely — if they use Ubuntu 10.04 — on its always working the same way, and its containing the same features all the time.
o That also means that Ubuntu 10.04 is always 10.04, as opposed to Windows, where Service Packs change a lot in your system, and you need to take care of them.
· Ubuntu developers take special care to provide you with the most stable software available. On Windows it's usually a third party's decision when to release an update. This means some may want you to use the latest version, with new cool features, and others may release features only when they have been tested for a longer time. That means you never really know what's going on with the updates there.
· This makes it easier for Ubuntu developers to manage releases. Ubuntu is released each 6 months, and during that period Ubuntu developers prepare the new version for release, packing it with tons of new features and newer software. They add it only to the version that is currently in development, and not to all supported (older) Ubuntu versions: this requires less work.
o For example, if they wanted to update GNOME in 10.04 to version 3, that would mean hundreds of other applications' completely breaking, and would require reorganizing the system.
· The updates are provided by Canonical and Ubuntu developers, and not by software's developers, as it's done in Windows. Personally, I trust Ubuntu developers much more than developers of software ABC, and can be sure that the new version provided by Ubuntu will do no (even accidental) harm to my computer.
All of the above are one of the main parts of Ubuntu quality. You get the best quality software and OS, and to balance it out you use not the newest, but just a few months older software.
Also, remember that when you update to a newer Ubuntu release, all software is again in the newest version (but stays at it until the next release), so it's not a major issue that the software does not contain the newest features. And as others suggest, you can use PPAs to fetch newer software from other sources, if you need to.
Answer by fossfreedom
Canonical (the main sponsors behind ubuntu) decided from the start (v4) that Ubuntu will be distributed on a 6 month cycle. Every 6 months, the latest/most stable software would be included in the repositories mainly from the unstable/testing branch of debian.
Outside that cycle you could get the most cutting edge software by compiling software or including additional repositories called PPAs - personal package archives.
Windows has decided on a different strategy - new features are often (but not always) released with service packs. It gets worse under windows - it is left to individual software vendors to decide if their software should be automatically updated or not. IMHO - its a messy strategy and I have often had to rebuild windows due to rogue updates by one software or another.
Other linux distros have different release strategies. For example, you could use a rolling-release distro such as Arch. As and when newer software is released, the maintainers push out the software into their repositories if it is deemed of good enough quality. Potentially this could lead to potential conflicts between different software since not a full testing suite would have been done. In practise, the maintainers have done a good job and stability issues I've read are rarely an issue.
Debian has taken the other route - constantly refining and using a distro based on the most stable packages. Often much older than in distros such as Ubuntu.
Thus - its for you to decide - (mostly) stability or potential unstability.
Tags: package-management (Next Q), updates (Next Q)
Q: Requires installation of untrusted packages?
Tags: package-management packages (Next Q)
I tried installing VLC Player yesterday, and I got the Requires installation of untrusted packages error. I searched for hours for a solution to this problem, and finally came upon a suggestion that said to change servers for downloading updates from. I did this, and it gave me a 404 error when I clicked on "Check" in the Update Manager. I tried switching my server back to the main one (and after that, several other ones), but I am now still getting a 404 error: 
And the other error I get when downloading or updating: 
Edit: Output of cat /etc/apt/sources.list:
Skip code block
deb-src http://us.archive.ubuntu.com/ubuntu/ precise main restricted #Added by software-properties
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ precise main restricted multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise multiverse universe #Added by software-properties
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates restricted main multiverse universe #Added by software-properties
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ precise universe
deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse #Added by software-properties
deb http://us.archive.ubuntu.com/ubuntu/ precise-security main restricted multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-security restricted main multiverse universe #Added by software-properties
deb http://us.archive.ubuntu.com/ubuntu/ precise-security universe
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu precise partner
deb-src http://archive.canonical.com/ubuntu precise partner
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
Tags: package-management packages (Next Q)
User: isaiah-bugarin
Answer by saji89
Based on the errors you pasted in the comments section of my previous answer, I have another possible solution:
sudo apt-get clean
cd /var/lib/apt
sudo mv lists lists.old
sudo mkdir -p lists/partial
sudo apt-get clean
sudo apt-get update
This will rebuild the cache.
Courtesy:http://ubuntuforums.org/showthread.php?t=1983220#8
Answer by jorge-m.-treviño
This link may help. It addresses a very similar problem.
Basically, you open a terminal and type sudo apt-get update && sudo apt-get upgrade. That did it for me.
Tags: package-management packages (Next Q)
Q: What's the difference between package managers?
Q: How can I tell, from the command line, whether the machine requires a reboot?
Q: How can I install just security updates from the command line?
Q: How can I see all versions of a package that are available in the archive?
Q: How do I find the package that provides a file?
Q: "The following packages have been kept back:" Why and how do I solve it?
Q: How can I install software or packages without Internet (offline)?
Q: Is aptitude still considered superior to apt-get?
Q: What is the difference between upstream and downstream when referring to who to go to as a developer?
Q: How to prevent updating of a specific package?
Q: Why can't I update applications without upgrading the whole OS?
Q: How do I resolve unmet dependencies?
Q: Requires installation of untrusted packages?