Debian
From AdminWiki
(→apt/dpkg) |
(added debsum) |
||
(7 intermediate revisions not shown) | |||
Line 4: | Line 4: | ||
= Tips and tricks = | = Tips and tricks = | ||
+ | |||
+ | == How can I verify the integrity of an installation? == | ||
+ | |||
+ | If you're in doubt of the file integrity of an installation, this oneliner can give you a rough estimate of the damage done to the files managed by debian. | ||
+ | |||
+ | cd /; md5sum -c /var/lib/dpkg/info/*.md5sums | grep -v "OK$" | ||
+ | |||
+ | In case this doesn't work with your md5sum version, you can use this hackaround: | ||
+ | |||
+ | for i in `ls /var/lib/dpkg/info/*.md5sums`; do md5sum.textutils -c $i | grep -v "OK$" ; done | ||
== apt/dpkg == | == apt/dpkg == | ||
Line 10: | Line 20: | ||
apt-cache policy <package> | apt-cache policy <package> | ||
+ | |||
+ | === How can I check by which package a file is owned? === | ||
+ | |||
+ | dpkg -S <file> | ||
=== How can I install packages from unstable in testing? Apt-Pinning === | === How can I install packages from unstable in testing? Apt-Pinning === | ||
Line 32: | Line 46: | ||
deb-src http://ftp.debian.org/debian/ experimental main contrib | deb-src http://ftp.debian.org/debian/ experimental main contrib | ||
- | In ''/etc/apt/apt.conf'' set a higher cache limit for apt-get so it doesn't run out of memory during updates | + | In ''/etc/apt/apt.conf'' set a higher cache limit for apt-get so it doesn't run out of memory during updates. Second it is good to set your default release here too, so apt doesn't try to get packages from the other trees. |
APT::Cache-Limit "141942904"; | APT::Cache-Limit "141942904"; | ||
+ | APT::Default-Release "testing"; | ||
In ''/etc/apt/preferences'' add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree. | In ''/etc/apt/preferences'' add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree. | ||
Line 68: | Line 83: | ||
''<tree>'' stands for the release, eg ''testing'', ''unstable'', ... | ''<tree>'' stands for the release, eg ''testing'', ''unstable'', ... | ||
+ | |||
+ | to see from which tree a package is installed install and use the too apt-show-versions. This package will also tell you if a package is uptodate or upgardable | ||
+ | |||
+ | apt-show-versions -a -p <package> | ||
''more information:'' | ''more information:'' | ||
Line 73: | Line 92: | ||
http://jaqque.sbih.org/kplug/apt-pinning.html | http://jaqque.sbih.org/kplug/apt-pinning.html | ||
- | -- | + | === Install missing keys for apt-get === |
+ | |||
+ | you have to had gpg run at least one time before, or it will not work. | ||
+ | |||
+ | to get the gpg key | ||
+ | |||
+ | gpg --recv-keys <key> | ||
+ | |||
+ | and then import them into the apt-key system | ||
+ | |||
+ | gpg --export --armor | apt-key add - | ||
+ | |||
+ | you can also directly download and install the key | ||
+ | |||
+ | wget http://host.domain.com/keyname.asc -O - | apt-key add - | ||
+ | |||
+ | === Disable pdiffs === | ||
+ | |||
+ | To disable pdiffs add | ||
+ | |||
+ | <tt>Acquire::PDiffs "false";</tt> | ||
+ | |||
+ | to your /etc/apt/apt.conf | ||
+ | |||
+ | === debsums === | ||
+ | |||
+ | Essential tool and should be installed on all debian boxes immediatly after the basic setup. | ||
+ | |||
+ | It helps detect changed or modified packages, especially needed after a recovery from a filesystem error (to find broken binary files) or after a security breach to find possible changed binary files. | ||
+ | |||
+ | basically you run it: | ||
+ | debsusm -c | ||
+ | this will show all changed packages. | ||
+ | to be more detailed, and also include config files in /etc - which might have changed anyway - you can add the -a flag | ||
+ | debsums -c -a | ||
+ | |||
+ | to list packages with missing sums (eg self compiled, hand installed, etc) | ||
+ | debsums -l | ||
+ | you can then generate a debsum with -g flag. please see the man page for this. |
Latest revision as of 04:58, 16 November 2007
Contents |
Evaluation
Pro-contra
Tips and tricks
How can I verify the integrity of an installation?
If you're in doubt of the file integrity of an installation, this oneliner can give you a rough estimate of the damage done to the files managed by debian.
cd /; md5sum -c /var/lib/dpkg/info/*.md5sums | grep -v "OK$"
In case this doesn't work with your md5sum version, you can use this hackaround:
for i in `ls /var/lib/dpkg/info/*.md5sums`; do md5sum.textutils -c $i | grep -v "OK$" ; done
apt/dpkg
How do I check what version package $x gets upgraded to?
apt-cache policy <package>
How can I check by which package a file is owned?
dpkg -S <file>
How can I install packages from unstable in testing? Apt-Pinning
apt-pinning is the answer.
You have to edit or create those configuration files
- /etc/apt/sources
- /etc/apt/apt.conf
- /etc/apt/preferences
In /etc/apt/sources/ add the other distributions you want to use. For example if you are in testing, add the same entries with unstable or higher.
# testing deb http://ftp.debian.org/debian/ testing main contrib deb-src http://ftp.debian.org/debian/ testing main contrib # unstable deb http://ftp.debian.org/debian/ unstable main contrib deb-src http://ftp.debian.org/debian/ unstable main contrib # experimental deb http://ftp.debian.org/debian/ experimental main contrib deb-src http://ftp.debian.org/debian/ experimental main contrib
In /etc/apt/apt.conf set a higher cache limit for apt-get so it doesn't run out of memory during updates. Second it is good to set your default release here too, so apt doesn't try to get packages from the other trees.
APT::Cache-Limit "141942904"; APT::Default-Release "testing";
In /etc/apt/preferences add the higher trees with a lower Priority so they do not overwrite your basic packages from your main tree.
# testing Package: * Pin: release a=testing Pin-Priority: 650 # unstable Package: * Pin: release a=unstable Pin-Priority: 600 # experimental Package: * Pin: release b=experimental Pin-Priority: 550
In case you want to have a certain package from eg unstable overrule the testing package, add a new entry like this
Package: mutt Pin: release a=unstable Pin-Priority: 700
To install packages there are two ways. One is to try to install just the package, and the other way is to install all the packages and also the ones needed to satisfy its dependencies. The second choice is of course more dangerous because it can overwrite important libraries and make your system unstable.
to install just the package:
apt-get install <package>/<tree>
to install the package and all needed dependencies:
apt-get -t <tree> install <package>
<tree> stands for the release, eg testing, unstable, ...
to see from which tree a package is installed install and use the too apt-show-versions. This package will also tell you if a package is uptodate or upgardable
apt-show-versions -a -p <package>
more information:
http://jaqque.sbih.org/kplug/apt-pinning.html
Install missing keys for apt-get
you have to had gpg run at least one time before, or it will not work.
to get the gpg key
gpg --recv-keys <key>
and then import them into the apt-key system
gpg --export --armor | apt-key add -
you can also directly download and install the key
wget http://host.domain.com/keyname.asc -O - | apt-key add -
Disable pdiffs
To disable pdiffs add
Acquire::PDiffs "false";
to your /etc/apt/apt.conf
debsums
Essential tool and should be installed on all debian boxes immediatly after the basic setup.
It helps detect changed or modified packages, especially needed after a recovery from a filesystem error (to find broken binary files) or after a security breach to find possible changed binary files.
basically you run it:
debsusm -c
this will show all changed packages. to be more detailed, and also include config files in /etc - which might have changed anyway - you can add the -a flag
debsums -c -a
to list packages with missing sums (eg self compiled, hand installed, etc)
debsums -l
you can then generate a debsum with -g flag. please see the man page for this.