Debian

From AdminWiki

(Difference between revisions)
Jump to: navigation, search
(Install missing keys for apt-get)
(added debsum)
 
(5 intermediate revisions not shown)
Line 4: Line 4:
= Tips and tricks =
= Tips and tricks =
 +
 +
== How can I verify the integrity of an installation? ==
 +
 +
If you're in doubt of the file integrity of an installation, this oneliner can give you a rough estimate of the damage done to the files managed by debian.
 +
 +
  cd /; md5sum -c /var/lib/dpkg/info/*.md5sums | grep -v "OK$"
 +
 +
In case this doesn't work with your md5sum version, you can use this hackaround:
 +
 +
  for i in `ls /var/lib/dpkg/info/*.md5sums`; do md5sum.textutils -c $i | grep -v "OK$" ; done
== apt/dpkg ==
== apt/dpkg ==
Line 10: Line 20:
   apt-cache policy <package>
   apt-cache policy <package>
 +
 +
=== How can I check by which package a file is owned? ===
 +
 +
dpkg -S <file>
=== How can I install packages from unstable in testing? Apt-Pinning ===
=== How can I install packages from unstable in testing? Apt-Pinning ===
Line 32: Line 46:
   deb-src http://ftp.debian.org/debian/ experimental main contrib
   deb-src http://ftp.debian.org/debian/ experimental main contrib
-
In ''/etc/apt/apt.conf'' set a higher cache limit for apt-get so it doesn't run out of memory during updates
+
In ''/etc/apt/apt.conf'' set a higher cache limit for apt-get so it doesn't run out of memory during updates. Second it is good to set your default release here too, so apt doesn't try to get packages from the other trees.
   APT::Cache-Limit "141942904";
   APT::Cache-Limit "141942904";
 +
  APT::Default-Release "testing";
In ''/etc/apt/preferences'' add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree.
In ''/etc/apt/preferences'' add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree.
Line 68: Line 83:
''<tree>'' stands for the release, eg ''testing'', ''unstable'', ...
''<tree>'' stands for the release, eg ''testing'', ''unstable'', ...
 +
 +
to see from which tree a package is installed install and use the too apt-show-versions. This package will also tell you if a package is uptodate or upgardable
 +
 +
  apt-show-versions -a -p <package>
''more information:''
''more information:''
Line 88: Line 107:
   wget http://host.domain.com/keyname.asc -O - | apt-key add -
   wget http://host.domain.com/keyname.asc -O - | apt-key add -
 +
 +
=== Disable pdiffs ===
 +
 +
To disable pdiffs add
 +
 +
<tt>Acquire::PDiffs "false";</tt>
 +
 +
to your /etc/apt/apt.conf
 +
 +
=== debsums ===
 +
 +
Essential tool and should be installed on all debian boxes immediatly after the basic setup.
 +
 +
It helps detect changed or modified packages, especially needed after a recovery from a filesystem error (to find broken binary files) or after a security breach to find possible changed binary files.
 +
 +
basically you run it:
 +
  debsusm -c
 +
this will show all changed packages.
 +
to be more detailed, and also include config files in /etc - which might have changed anyway - you can add the -a flag
 +
  debsums -c -a
 +
 +
to list packages with missing sums (eg self compiled, hand installed, etc)
 +
  debsums -l
 +
you can then generate a debsum with -g flag. please see the man page for this.

Latest revision as of 04:58, 16 November 2007

Contents

Evaluation

Pro-contra

Tips and tricks

How can I verify the integrity of an installation?

If you're in doubt of the file integrity of an installation, this oneliner can give you a rough estimate of the damage done to the files managed by debian.

 cd /; md5sum -c /var/lib/dpkg/info/*.md5sums | grep -v "OK$"

In case this doesn't work with your md5sum version, you can use this hackaround:

 for i in `ls /var/lib/dpkg/info/*.md5sums`; do md5sum.textutils -c $i | grep -v "OK$" ; done

apt/dpkg

How do I check what version package $x gets upgraded to?

 apt-cache policy <package>

How can I check by which package a file is owned?

dpkg -S <file>

How can I install packages from unstable in testing? Apt-Pinning

apt-pinning is the answer.

You have to edit or create those configuration files

  • /etc/apt/sources
  • /etc/apt/apt.conf
  • /etc/apt/preferences

In /etc/apt/sources/ add the other distributions you want to use. For example if you are in testing, add the same entries with unstable or higher.

 # testing
 deb http://ftp.debian.org/debian/ testing main contrib
 deb-src http://ftp.debian.org/debian/ testing main contrib
 # unstable
 deb http://ftp.debian.org/debian/ unstable main contrib
 deb-src http://ftp.debian.org/debian/ unstable main contrib
 # experimental
 deb http://ftp.debian.org/debian/ experimental main contrib
 deb-src http://ftp.debian.org/debian/ experimental main contrib

In /etc/apt/apt.conf set a higher cache limit for apt-get so it doesn't run out of memory during updates. Second it is good to set your default release here too, so apt doesn't try to get packages from the other trees.

 APT::Cache-Limit "141942904";
 APT::Default-Release "testing";

In /etc/apt/preferences add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree.

 # testing
 Package: *
 Pin: release a=testing
 Pin-Priority: 650
 # unstable
 Package: *
 Pin: release a=unstable
 Pin-Priority: 600
 # experimental
 Package: *
 Pin: release b=experimental
 Pin-Priority: 550

In case you want to have a certain package from eg unstable overrule the testing package, add a new entry like this

 Package: mutt
 Pin: release a=unstable
 Pin-Priority: 700

To install packages there are two ways. One is to try to install just the package, and the other way is to install all the packages and also the ones needed to satisfy its dependencies. The second choice is of course more dangerous because it can overwrite important libraries and make your system unstable.

to install just the package:

 apt-get install <package>/<tree>

to install the package and all needed dependencies:

 apt-get -t <tree> install <package>

<tree> stands for the release, eg testing, unstable, ...

to see from which tree a package is installed install and use the too apt-show-versions. This package will also tell you if a package is uptodate or upgardable

 apt-show-versions -a -p <package>

more information:

http://jaqque.sbih.org/kplug/apt-pinning.html

Install missing keys for apt-get

you have to had gpg run at least one time before, or it will not work.

to get the gpg key

 gpg --recv-keys <key>

and then import them into the apt-key system

 gpg --export --armor | apt-key add -

you can also directly download and install the key

 wget http://host.domain.com/keyname.asc -O - | apt-key add -

Disable pdiffs

To disable pdiffs add

Acquire::PDiffs "false";

to your /etc/apt/apt.conf

debsums

Essential tool and should be installed on all debian boxes immediatly after the basic setup.

It helps detect changed or modified packages, especially needed after a recovery from a filesystem error (to find broken binary files) or after a security breach to find possible changed binary files.

basically you run it:

 debsusm -c

this will show all changed packages. to be more detailed, and also include config files in /etc - which might have changed anyway - you can add the -a flag

 debsums -c -a

to list packages with missing sums (eg self compiled, hand installed, etc)

 debsums -l

you can then generate a debsum with -g flag. please see the man page for this.

Personal tools