Product SiteDocumentation Site

第 6 章 维护和更新:APT 工具

6.1. 写入sources.list文件
6.1.1. 句法
6.1.2. 给Stable 使用者的仓库
6.1.3. 给测试/非稳定 版本用户的仓库
6.1.4. 非官方来源: mentors.debian.net
6.1.5. Debian 软件包 缓存 代理
6.2. aptitudeapt-getapt 命令
6.2.1. 开端
6.2.2. 安装和卸载
6.2.3. System Upgrade
6.2.4. Configuration Options
6.2.5. Managing Package Priorities
6.2.6. Working with Several Distributions
6.2.7. Tracking Automatically Installed Packages
6.3. The apt-cache Command
6.4. Frontends: aptitude, synaptic
6.4.1. aptitude
6.4.2. synaptic
6.5. Checking Package Authenticity
6.6. Upgrading from One Stable Distribution to the Next
6.6.1. Recommended Procedure
6.6.2. Handling Problems after an Upgrade
6.7. Keeping a System Up to Date
6.8. Automatic Upgrades
6.8.1. Configuring dpkg
6.8.2. Configuring APT
6.8.3. Configuring debconf
6.8.4. Handling Command Line Interactions
6.8.5. The Miracle Combination
6.9. Searching for Packages
Debian 之所以如此受系统管理员欢迎,是因为项目提供的软件极易安装,整个系统的更新也极为简单。这一独特的优点主要得归功于 APT 程序,其特性在 Falcot 公司得到系统管理员们热情的研究。
是高级软件包管理器 的缩写。它的‘高级’之处在于对软件包的管理方法不同。APT并不是简单地独立评估每个包,而是将包看做一个整体系统,根据现有的和兼容的已有包找到最佳组合(包括依赖于这个软件包的其他包)。
APT需要一个”软件源列表“:文件/etc/apt/sources.list会列出发布 Debian 软件包不同的仓库(或软件源)。接下来APT会从每一个软件源导入所发布的软件包列表。这个过程是通过下载 Packages.xz或使用不同压缩方法的变体(比如Packages.gz或者.bz2) )文件(若是二进制包的仓库)和Sources.xz文件(若是软件包源的仓库),并分析这两个文件内容。如果文件的旧版本已经存在,APT仅下载更新的部分(参见:sidebar TIP Incremental upgrade)。

6.1. 写入sources.list文件

6.1.1. 句法

/etc/apt/sources.list 文件中每个有效的代码行包括对源的描述,由三个被空格分开的部分组成。
第一个区域指示源的类型:
  • deb” 表示二进制软件包,
  • deb-src”表示源代码包。
第二个区域表示源的基本 URL (结合文件 Packages.gz 中给出的文件名,必须是有效URL的全称):此区域存在于一个 Debian 镜像或其他任何由第三方所建的软件源文档中。这个 URL 可以用 file:// 起始来表示系统里安装了本地仓库,或以 http:// 表示仓库可通过网络服务器来获取,或用 ftp:// 表示软件源在一个 FTP 服务器上。URL 还可以用 起始表示从 cdrom: 开始安装。因基于网络的安装愈来愈流行,这个方法已不那么常用了。
最后这一区域的句法取决于仓库的结构。从最简单的例子开始,你可以很简单地描述一个软件源的子目录 (必须用到结尾处的斜线)(通常用 “./” 表示子目录不存在 - 这个软件源就位于给定的 URL上)。 不过一般来讲,仓库的结构类似于一个 Debian 的镜像, 包括很多分支,每一分支有很多组成部分。通常命名选定的分支(由 “codename” 来命名 - 参看附栏中的目录社区 Bruce Perens,一位有争议的领导者 或是由对应的 “suites” — stable, testing, unstable ),然后命名下面的组成部分(或分区)(从main, contribnon-free中选择) 来激活一个典型的 Debian 镜像。
The cdrom entries describe the CD/DVD-ROMs you have. Contrary to other entries, a CD-ROM is not always available since it has to be inserted into the drive and since only one disc can be read at a time. For those reasons, these sources are managed in a slightly different way, and need to be added with the apt-cdrom program, usually executed with the add parameter. The latter will then request the disc to be inserted in the drive and will browse its contents looking for Packages files. It will use these files to update its database of available packages (this operation is usually done by the apt update command). From then on, APT can require the disc to be inserted if it needs one of its packages.

6.1.2. 给Stable 使用者的仓库

Here is a standard sources.list for a system running the Stable version of Debian:

例 6.1. /etc/apt/sources.list 给 Debian Stable 使用者的文件

# Security updates
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

## Debian mirror

# Base repository
deb http://ftp.debian.org/debian jessie main contrib non-free
deb-src http://ftp.debian.org/debian jessie main contrib non-free

# Stable updates
deb http://ftp.debian.org/debian jessie-updates main contrib non-free
deb-src http://ftp.debian.org/debian jessie-updates main contrib non-free

# Stable backports
deb http://ftp.debian.org/debian jessie-backports main contrib non-free
deb-src http://ftp.debian.org/debian jessie-backports main contrib non-free
此文件列出了 与Debian Jessie 版本相关软件包的所有来源(此手册写作当前稳定版本)。我们不希望当下一个稳定版本发布时,所有基于它的分支在我们控制范围外被改变,因此决定用“Jessie” 而不是用相对应的 “stable““ 稳定” 的别名(stable, stable-updates, stable-backports)来命名。
大多数软件包来源于“基础仓库”,它拥有所有的软件包,但极少更新(大概每两个月根据“点发布”更新)。其他仓库不完全(不包括所有软件包),不过可以支持更新(软件包是较新版本)。接下来的几章将会介绍这些仓库管理的目的和规则。
请注意,当你所需要的软件包版本存在于几个仓库中时,在文件sources.list中所列出的第一个会被使用。因此,非官方来源的包一般在此文件末尾处。
本节提到的稳定Stable 对于Oldstable 一样适用。后者只是同时维护的较旧Stable 版本。

6.1.2.1. 安全更新

安全更新一般不在 Debian 镜像通常所在的网络上,而是在security.debian.org(位于 Debian 系统管理员Debian System Administrators维护的小范围网络)。其上的文档包括为那些稳定版本准备的安全更新(由 Debian 安全团队和/或软件包维护者预备)。
服务器上也有针对测试版的安全更新。这类更新经常通过从非稳定版流入测试版,因此单独存在于服务器上的更新不常见。

6.1.2.2. 稳定更新

稳定更新对安全性不敏感,在下一个稳定版本点发布前,它还是很重要,需要推送给使用者。
This repository will typically contain fixes for critical bugs which could not be fixed before release or which have been introduced by subsequent updates. Depending on the urgency, it can also contain updates for packages that have to evolve over time… like spamassassin's spam detection rules, clamav's virus database, or the daylight-saving time rules of all timezones (tzdata).
实际上,这个仓库是 计划-更新proposed-updates 的子库,是由稳定更新管理员小心选定的。

6.1.2.3. 计划更新

一旦发布,稳定分布只每两个月更新一次。接下来的更新在计划更新仓库里准备(由稳定发布管理员监督)。
这个仓库中通常有安全更新和稳定更新的文档,还有更多:软件包维护者可能在这里修复一些不需要马上发布的重要的漏洞。
Anyone can use this repository to test those updates before their official publication. The extract below uses the jessie-proposed-updates alias which is both more explicit and more consistent since wheezy-proposed-updates also exists (for the Oldstable updates):
deb http://ftp.debian.org/debian jessie-proposed-updates main contrib non-free

6.1.2.4. Stable Backports

The stable-backports repository hosts “package backports”. The term refers to a package of some recent software which has been recompiled for an older distribution, generally for Stable.
当发行版本经过一段时间后,大量的软件项目都发布了新的软件版本,但它们都没有整合进入当前的稳定版(它仅接受能够解决最重要问题的那些修改,例如安全问题相关)。因为测试版不稳定版均具有一定风险,软件包维护者有时会针对稳定版提供近期发布的软件的重新编译版本,这样做可以将可能存在的不稳定因素限制在一小部分经过选择的软件包之间,因而具有一定的优势。
stable-backports仓库与通常的Debian镜像共同存在,但是Squeeze对应的仓库仍然在一个单独的服务器(backports.debian.org)上存放,且需要增加以下特殊的sources.list条目才能使用:
deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
stable-backports里的软件包(Backports)通常是从Testing版本创建的。这确保一旦下一个稳定的Debian版本可用,所有安装的backports都可以升级到相应的稳定版本。
Even though this repository provides newer versions of packages, APT will not install them unless you give explicit instructions to do so (or unless you have already done so with a former version of the given backport):
$ sudo apt-get install package/jessie-backports
$ sudo apt-get install -t jessie-backports package

6.1.3. 给测试/非稳定 版本用户的仓库

下面是一个标准 sources.list文件,用于系统运行 Debian 测试非稳定 版本:

例 6.2. /etc/apt/sources.list file for users of Debian Testing/Unstable

↵
# Unstable↵
deb http://ftp.debian.org/debian unstable main contrib non-free↵
deb-src http://ftp.debian.org/debian unstable main contrib non-free↵
↵
# Testing↵
deb http://ftp.debian.org/debian testing main contrib non-free↵
deb-src http://ftp.debian.org/debian testing main contrib non-free↵
↵
# Stable↵
deb http://ftp.debian.org/debian stable main contrib non-free↵
deb-src http://ftp.debian.org/debian stable main contrib non-free↵
↵
# Security updates↵
deb http://security.debian.org/ stable/updates main contrib non-free↵
deb http://security.debian.org/ testing/updates main contrib non-free↵
deb-src http://security.debian.org/ stable/updates main contrib non-free↵
deb-src http://security.debian.org/ testing/updates main contrib non-free↵
APT 通过sources.list 文件来从非稳定安装软件包。如果这不是你所需要的,用APT::Default-Release 设置(参见 第 6.2.3 节 “System Upgrade”)来指示 APT 从另一分布获取软件包(一般用 测试)。
There are good reasons to include all those repositories, even though a single one should be enough. Testing users will appreciate the possibility to cherry-pick a fixed package from Unstable when the version in Testing is affected by an annoying bug. On the opposite, Unstable users bitten by unexpected regressions have the possibility to downgrade packages to their (supposedly working) Testing version.
The inclusion of Stable is more debatable but it often gives access to some packages which have been removed from the development versions. It also ensures that you get the latest updates for packages which have not been modified since the last stable release.

6.1.3.1. 实验 仓库

The archive of Experimental packages is present on all Debian mirrors, and contains packages which are not in the Unstable version yet because of their substandard quality — they are often software development versions or pre-versions (alpha, beta, release candidate…). A package can also be sent there after undergoing subsequent changes which can generate problems. The maintainer then tries to uncover them with help from advanced users who can handle important issues. After this first stage, the package is moved into Unstable, where it reaches a much larger audience and where it will be tested in much more detail.
Experimental is generally used by users who do not mind breaking their system and then repairing it. This distribution gives the possibility to import a package which a user wants to try or use as the need arises. That is exactly how Debian approaches it, since adding it in APT's sources.list file does not lead to the systematic use of its packages. The line to be added is:
deb http://ftp.debian.org/debian experimental main contrib non-free↵

6.1.4. 非官方来源: mentors.debian.net

There are numerous non-official sources of Debian packages set up by advanced users who have recompiled some software (Ubuntu made this popular with their Personal Package Archive service), by programmers who make their creation available to all, and even by Debian developers who offer pre-versions of their package online.
mentors.debian.net站点比较有意思(虽然它只提供源码包)。它搜集Debian开发者候选人员制作的软件包,以及那些希望创建Debian软件包又不想经历成为Debian开发者整套流程的那些志愿者的软件包。这些软件包提供时没有任何质量保证;请确保您在将它们用于生产环境之前检查它们的来源和完整性并进行测试。
Installing a package means giving root rights to its creator, because they decide on the contents of the initialization scripts which are run under that identity. Official Debian packages are created by volunteers who have been co-opted and reviewed and who can seal their packages so that their origin and integrity can be checked.
In general, be wary of a package whose origin you don't know and which isn't hosted on one of the official Debian servers: evaluate the degree to which you can trust the creator, and check the integrity of the package.

6.1.5. Debian 软件包 缓存 代理

When an entire network of machines is configured to use the same remote server to download the same updated packages, any administrator knows that it would be beneficial to have an intermediate proxy acting as a network-local cache (see sidebar VOCABULARY Cache).
You can configure APT to use a "standard" proxy (see 第 6.2.4 节 “Configuration Options” for the APT side, and 第 11.6 节 “HTTP/FTP Proxy” for the proxy side), but the Debian ecosystem offers better options to solve this problem. The dedicated software presented in this section are smarter than a plain proxy cache because they can rely on the specific structure of APT repositories (for instance they know when individual files are obsolete or not, and thus adjust the time during which they are kept).
apt-cacher and apt-cacher-ng work like usual proxy cache servers. APT's sources.list is left unchanged, but APT is configured to use them as proxy for outgoing requests.
approx, on the other hand, acts like an HTTP server that “mirrors” any number of remote repositories in its top-level URLs. The mapping between those top-level directories and the remote URLs of the repositories is stored in /etc/approx/approx.conf:
↵
# <name> <repository-base-url>↵
debian   http://ftp.debian.org/debian↵
security http://security.debian.org↵
approx 通过inetd (参见第 9.6 节 “The inetd Super-Server”)默认在9999端口运行,并需要用户调整sources.list 文件来指向 approx 服务器:
# 指向本地 approx 服务器的sources.list 范例
deb http://apt.falcot.com:9999/security jessie/updates main contrib non-free
deb http://apt.falcot.com:9999/debian jessie main contrib non-free