Section 4.1. Fundamentals of APT

4.1. Fundamentals of APT

There are many different commands associated with apt. You reviewed a couple of these commands in Chapter 1. While you can do a lot with apt-cache and apt-get, there are more commands and capabilities.

You should know how to find the best mirrors for your distribution, as well as how to include them in your apt configuration. When you learn how to use various apt commands, you'll learn to appreciate the capabilities of related "all-in-one" tools, including aptitude and the Synaptic Package Manager. If you find apt to your liking, you may need to install it on your chosen distribution. The same apt tools are available for both Debian- and RPM-based distributions.

4.1.1. Installing apt on a Debian-Based Distribution

There are several packages associated with apt. Not all are installed by default. If you want to take full advantage of the apt system, you'll want to install as many apt-related packages as is practical. To find available apt packages on my Debian system, I ran the following command:

apt-cache search apt 

When I ran this command, I got a list of 384 packages. That's too much! As you search through this list, you might realize that it includes unrelated packages, such as raptor-utils, because the "apt" string is in its name or description. So you should use a more discriminating search. Without getting too fancy, I find available apt-related packages with the following two commands, where I've added a space before and after the search term (in quotes):

apt-cache search "apt" apt-cache search "apt" 

Because apt-cache is part of the apt package, this of course assumes that you have previously installed apt on your Linux system. These searches reveal a substantial number of packages related to apt. (When you install these packages, the apt system also installs dependencies.) Some of these packages may be redundant, because they provide different ways of doing the same thing. You don't need to install every apt-related package. I've described some of the apt packages I consider important in Table 4-1.

Note

The list shown in Table 4-1 is far from complete. It omits packages that are installed as dependencies to those listed here. It also leaves out other packages with tools that you may prefer. This list and chapter encompass just one formula for patch management.

4.1.2. Installing apt on a RPM-Based Distribution

There are a number of RPM-based distributions that can or do use apt as the primary patch management tool. We'll discuss this in more detail in Chapter 5, "Configuring apt for RPM Distributions."

4.1.3. Configuring apt on Your Computer

As discussed in Chapter 1, the key to apt as a patch management tool is the repositories that you select and include in your apt configuration file, /etc/apt/sources.list. In that chapter, you used the Debian mirror list at www.debian.org/mirror/list to add appropriate sites for your computer and physical location.

Before you configure /etc/apt/sources.list, you should know the different repository categories for your distribution. Debian and other related distributions (e.g. Knoppix, Ubuntu) use different names. You can use the netselect tool to help find the repository mirror best suited to your location.

Basic Repository Categories

There are repositories associated with the three current Debian distributions. All three are in use, so you may need to create repositories for each. The three current Debian distributions known are listed here:

Sarge (Debian 3.1)The current "stable" release. The associated software was released as "stable" in mid-2005. The previous stable distribution was known as Debian Woody (3.0).

Etch (Debian 3.2)The current beta release. As of this writing, because it was just taken from the unstable release tree, its components may or may not be stable. Etch packages are stored in the Debian testing repository.

SidThe developmental release of Debian, with many packages that may not be ready for production use. Sid packages are stored in the Debian unstable repository. Sid was the code name for the developmental release of Debian even before Sarge was released.

Note

While the previous stable version of Debian, known as Woody, is still commonly used, the version before that, known as Potato, is pretty much obsolete. Many mirrors no longer include Potato packages in their repositories.

As of this writing, I use Debian Sarge on my primary laptop computer. I used it even while it was "unstable" and have never had a major problem with associated packages. There are three subcategories associated with each repository, as described in Table 4-2.

Some sources.list options are distribution-specific. For example, Ubuntu Linux (www.ubuntu.com) includes universe and multiverse repositories that correspond loosely to the Debian unstable and contrib / non-free repositories. Because the actual contents of these repositories vary, they are far from exact mirrors.

While many Linux users in principle prefer to use free software packages, this may not always be possible on your network. A lot of important Linux compatible software is released under fairly restrictive licenses, such as some versions of Java and RealPlayer.

Repository Selection Tools

There are two basic reasons to select a repository. One is for updates, while the other is for mirroring onto your network. If you're looking for update servers for your /etc/apt/sources.list file, it's in your interest to select more than one repository. If one goes down, you can still get the updates you need. On the other hand, if you're looking for a mirror, you may want to find one that supports rsync access. Some searching and trial and error may be required.

Depending on your situation, you can use the netselect or netselect-apt commands to find the repository or repositories best suited to your needs. If you know that there are only a small number of suitable repositories, try netselect. For example, if you're in the middle of the U.S. Silicon Valley, you might have noticed that the Debian repositories at the University of California at Berkeley (linux.csua.berkeley.edu) and the University of California at Santa Cruz (sluglug.ucsc.edu) are fairly close. Assuming the bandwidth and demand on both servers is approximately the same (it is up to you to check), you can find the one best suited for your system with the following command:

netselect -vv linux.csua.berkeley.edu sluglug.ucsc.edu 

With the -vv switch, you can get measurable results that can help you make a judgment. One possible result is shown here:

linux.csua.berkeley.edu        34 ms   13  hops   100% ok (10/10) [   87] sluglug.ucsc.edu               38 ms   14  hops   100% ok (10/10) [   82] 

This output lists results in the following order: URL, transmission time, number of hops, percentage and number of successfully transmitted packets, and an overall score based on the transmission time and number of hops. In this case, the scores are close; the results may vary slightly if you repeat this command.

Unfortunately, you can't rely on these tools alone. While distance from a mirror is important, capacity is also an issue. For example, it may be better to connect to a more distant mirror if it has a higher-capacity Internet connection. It may be better to connect to a mirror associated with wealthier sponsorsmulti-gigabyte downloads from many thousands of users can be rather expensive. For that reason, Debian strongly discourages downloads direct from the repositories that it owns.

sources.list Results

Based on the information so far in this section, you can now customize your /etc/apt/sources.list file with the mirrors best suited for your Debian system. In Chapter 1, you read about adding the following mirrors to this file:

deb ftp://debian.oregonstate.edu/debian/ stable main deb-src ftp://debian.oregonstate.edu/debian/ stable main 

As you now know, the stable distribution is associated with Debian Sarge. The main repository includes only a part of the available packages for this distribution. If you want all Sarge-associated repositories, access the contrib and non-free repositories, as follows:

deb ftp://debian.oregonstate.edu/debian/ stable main contrib non-free deb-src ftp://debian.oregonstate.edu/debian/ stable main contrib non- free 

I've selected additional repositories for my Debian computer, just in case the Oregon State repository goes down. But if you're in the Silicon Valley, you probably do not want to connect to a repository all the way in Oregon. Based on the mirrors described earlier, you might add the following lines to your sources.list file:

deb ftp://linux.csua.berkeley.edu/debian/ stable main contrib non-free deb-src ftp://linux.csua.berkeley.edu/debian/ stable main contrib non- free deb ftp://sluglug.ucsc.edu/debian/ stable main contrib non-free deb-src ftp://sluglug.ucsc.edu/debian/ stable main contrib non-free 

We'll show you how to use different commands to download a Debian repository for your network later in this chapter.

You can point your /etc/apt/sources.list to a repository on your local network. After you create your own repository using one of the methods described later in this chapter, you can point clients on your local network to that repository. For example, based on the current version of Debian's apache2, Web server files can be stored in the /var/www/apache2-default/ directory. Therefore, if I have a repository on my local web.example.com computer's pub/ subdirectory, I could add the following line to my sources.list file:

deb http://web.example.com/pub/ testing main contrib non-free 

You can even use locally available sources; for example, if the source is mounted on a shared /var/debian NFS directory, you could use the following line in your sources.list file:

deb file:/var/debian/ testing main contrib non-free 

In either case, be careful. Before configuring a locally cached repository on your clients, test it. Back up any clients before testing that repository.

4.1.4. The Basic apt Commands

Before using apt, you should learn more about the basic commands than you may have read about in Chapter 1. This section is far from comprehensive. An excellent place to start is the APT HOWTO, available online from www.debian.org/doc/manuals/apt-howto/index.en.html.

One key command is aptitude. While I described apt-get in Chapter 1, aptitude is in many ways an enhanced version of this command. If you're familiar with apt-get, you can use most of the same options with aptitude. What you use or prefer depends on you.

apt-get and aptitude

Not all Debian-style distributions include aptitude. But for all commands in this section, you can substitute aptitude for apt-get. In fact, you may want to try both versions to see which you prefer.

As described in Chapter 1, the basic command that you can use to install the package of your choice is

apt-get install packagename 

But what you get might not be up to date. To keep your databases up to date, download the Packages.gz file, which includes the latest package information from each repository. You don't have to download the file directly. You can update your databases with the help of this file by using the following command:

apt-get update 

Note

Sometimes you may see an error in the output from apt-get update. Don't panic. Run the command again. Sometimes the updates that you download the first time fix problems that allow you to complete the update the second time you run that command.

As a systems administrator, you might want to remove some packages on occasion. For example, if you don't want users recompiling their kernels, you could run the following command:

apt-get remove kernel-source 

If you want to keep your system up to date, you'll want to become familiar with the following command (the -u switch doesn't work with aptitude):

apt-get -u dselect-upgrade 

This is an important command. The -u switch forces apt-get to tell you what is planned for the upgrade. The dselect-upgrade option includes recommended options for packages that are downloaded and installed. This switch is not available for aptitude; the aptitude upgrade mode works just as well.

When you download packages with apt, they're download as .deb packages to the /var/cache/apt/archives directory. As you install and patch your system, the space used by this directory can build into the gigabytes. You should keep this directory clean on a periodic basis. If you just want to purge packages that are now obsolete, you could run the following command:

apt-get autoclean 

If you have obsolete packages in your archives, you'll see a series of messages listing the files that are now deleted, such as

Del acroread 5.10-0.2 [9171kB] 

If you're really pressed for space, and do not want a patch management repository on this computer, you could run the following command:

apt-get clean 

Just remember, this command deletes all files in what you could potentially use as a local patch management repository. (For that reason, if you create a mirror, you may want to use a different directory.)

apt-cdrom

If you've downloaded the CDs associated with your distribution, you can use those as sources for your updates. For example, if you've inserted a Debian CD, all you need to do is run the apt-cdrom add command. But that's not too helpful, as there are more than a dozen CDs associated with Debian Linux.

However, if you've mounted a CD ISO file on a specific directory, such as /mnt/inst1, you could use that information; the -d allows you to specify the mount point:

apt-cdrom -d /mnt/inst1 add 

apt-file

If you want to search for a file within an uninstalled package, the apt-file command can help. Before you run this command, make sure that your databases are up to date. You can do so with the apt-file update command.

Naturally, with the right switches, you can search through and list the files associated with a specific package. As an example, assume that you're looking for the package associated with the OpenOffice.org Writer. You've heard that it starts with the oowriter script. To find the associated package, run the following command:

apt-file search oowriter 

The more information you have, the more closely you can find the appropriate package. In this case, you might search using the full path to oowriter:

apt-file search /usr/bin/oowriter 

Alternatively, you can list the files associated with an uninstalled package. For example, if you were interested in the files associated with the lokkit firewall configuration package (developed by Red Hat and adapted for Debian), you could run the following command:

apt-file list lokkit 

apt-ftparchive / dpkg-scanpackages

To mirror a repository is not enough. You need a package index to allow apt to search through your repository. If you've mirrored a true Debian mirror, you may already have the package index in the repository. Normally, packages are indexed in the Packages.gz file.

You can use either the apt-ftparcive or the dpkg-scanpackages command to generate your own Packages.gz file. You should also set up a configuration file. After you have a proper configuration file, you can configure a package index with the following command:

apt-ftparchive generate config.file 

The commands required to create an appropriate apt-ftparchive configuration file are beyond the scope of this book. For more information, search online for apt-ftparchive.conf; several developers have documented their own examples in this file.

Alternatively, you can create your own Packages.gz file. Navigate to the directory with your download packages. For example, if you wanted to create an archive of data for the packages you've downloaded to update your system, run the following commands:

cd /var/cache/apt/archives dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz 

Now you can copy or move these files to an appropriate directory on your Web server and then use them to update other similarly configured systems on your network.

apt-howto

If you want to refer to the APT HOWTO, and have installed the associated package, all you need to do is run the apt-howto command to call up this document in the default browser for your system.

apt-listbugs

If you want to check a package that you're interested in installing for bugs, you can do so with the apt-listbugs command. For example, if you want to check for bugs on the current apache2 package, run the following command:

apt-listbugs list apache2 

4.1.5. The aptitude System

The aptitude command provides a low-level graphical front-end to various apt and aptitude commands. A key advantage is the high-level view it supports of what you have and can do. For example, the aptitude interface provides a list of the packages that you have installed, can upgrade, and may want to remove because they're obsolete. When you start aptitude, you'll see a screen similar to Figure 4-1.

Figure 4-1. The aptitude menu

First, we'll review how the aptitude menu is organized, and then you'll see how you can use commands in this menu to keep your system up to date. For detailed information on aptitude, see the associated user's manual, available as part of the aptitude-doc-en package or online from http://doc2.inf.elte.hu/doc/aptitude/html/en/.

Some trial and error may be required. After you configure aptitude and make package selections, you may get errors, or you may need to make changes. But if you work out the kinks on your own computer, you can more reliably automate the patch management process on other similar computers on your network.

Be careful. In some cases, aptitude may remove packages that you wanted to keep. When I first ran aptitude on my laptop, it deleted the basic configuration package for my PCMCIA card. Fortunately, I had a current backup. Be careful to read through the list of packages that would otherwise be removed.

Note

If you use aptitude's feature that removes "unused" packages, be careful. Back up your system. If you lose some features you consider essential, you'll be glad that you took the time to update your backup.

Running Aptitude

As it's a great way to administer remote systems, you'll want to learn to navigate around aptitude. By default, you can use your cursor to move between the aforementioned categories. Highlight the category of your choice, and press Enter. Check out the different categories. As shown in Figure 4-2, you can find out more about each package.

Figure 4-2. Detailed information in Aptitude

The first three letters of the description can tell you a lot. As shown in Figure 4-2, the letters associated with the discover1 package are idA. The first letter is the current state. The second letter, if present, specifies the action that Aptitude will take. The third letter, A, is shown when the package was automatically installed, such as to satisfy a dependency. The options for the first letter are shown in Table 4-3.

The options for the second letter, the action flag, are shown in Table 4-4.

If you have problems getting back to the original display, press q. If you want to study the options available through the menu bar, press F10 and use your cursor. As you can see, there are a number of shortcut keys. Some are shown in Figure 4-1; they include F10, ?, q, u, and g. When you press ?, you can go through a number of other shortcut commands that can help you navigate or specify how to manage the packages of your choice.

Note

You could use your cursor and mouse if you have Aptitude open in the GUI. However, you may need to manage systems remotely and may not have access to a GUI, so you need to know how to use the Aptitude switches and command options.

Aptitude Menu Organization

As you can see from Figure 4-1, Aptitude organizes packages into seven different categories. (It's a bit different from the figure. The Virtual Packages category includes no real packages, and if there are security updates pending, there will be another category by this name.) Under each category, you can select the packages of your choice to upgrade, install, or remove:

Security Update

Packages for which security-related updates are available.

Upgradeable Packages

Those packages for which upgrades are available.

New Packages

Lists software that has been made available for your distribution since installation or the last time you've run the Forget New Packages command. There is little or no overlap between this category and "Not Installed Packages."

Installed Packages

Those packages that are currently installed on your computer.

Not Installed Packages

Specify packages which are not new and not currently installed on your computer.

Obsolete and Locally Created Packages

Includes installed packages not available from a repository specified in your /etc/apt/sources.list. Some may be obsolete; others may be created by your users.

Virtual Packages

These are usually amalgamations of others that simplify dependencies. For more information, see the apt-cache man page and the debian-policy package.

Tasks

Tasks correspond to package groups, which can help you select the packages that you may need. For example, you may find a Localization Korean Desktop package group which can help you configure a desktop environment in that language.

Under the first four categories, packages are organized into several different groups. Debian specifies 36 different groups at packages.debian.org/unstable/.

One critical skill with Aptitude is the search for a specific package. The forward slash key (/) opens the "Search for" text box. You can search for the package of your choice.

Configuring Aptitude Patch Management

There are two basic menus where you can configure how Aptitude manages updates. To see how aptitude manages dependencies, navigate to the Options menu and select Dependency Handling. You'll see five configuration options:

Automatically resolve dependencies of a package when it is selected

Any dependencies of a selected package are automatically included in any list of packages to be upgraded or installed.

Automatically fix broken packages before installing or removing

Any unsatisfied dependencies are addressed.

Install Recommended packages automatically

Any packages that are recommended are installed as if they were dependencies.

Remove unused packages automatically

Normally includes obsolete packages that are no longer included in mirrors.

Automatically remove unused packages matching this filter

This list may not match what you see. As Aptitude has evolved, the ways you can use it to implement patch management have changed. Also important are the miscellaneous options. To review them, navigate to the Options menu and select Miscellaneous, which opens the menu shown in Figure 4-3. The options are described in the following list.

Figure 4-3. You can specify how Aptitude updates your system

Automatically upgrade installed packages

Disabled by default. You don't want your services upgraded unless you're sure that they won't break what you've built with so much hard work.

Remove obsolete package files after downloading new package lists

Disabled by default. When new package lists are installed, they are compared to existing packages. If there are some which are now obsolete, they are deleted.

URL to use to download changelogs

By default, changelogs are downloaded from the mirror sites specified in your sources.list file.

Display a preview of what will be done before doing it

You'll see displays of what aptitude will remove, upgrade, and install, before anything is done.

Forget which packages are "new" whenever the package lists are updated

Disabled by default. New packages will include those currently on your list, and those revealed by your next update.

Forget which packages are "new" whenever the package lists are installed or removed

Disabled by default. New packages will include those currently on your list, and those revealed by your next package list installation or removal.

Warn when attempting to perform a privileged action as a non-root user

Except for those actions which solely get information, most actions related to the apt and aptitude commands require root access.

File to log actions into

By default, the aptitude log file is /var/log/aptitude.

Patch Management with Aptitude

Now that you've learned about Aptitude, you can use it to keep your system up to date. Before you start, you'll want an upto-date package database. To do so, run the Actions -> Update menu or press u. You're prompted for the root password. You'll see a series of messages as your system connects to the repositories listed in your /etc/apt/sources.list. If there are errors or problems with a connection, you may need to repeat the process. With a little luck, you won't have errors the second time through.

Before you let aptitude do its thing, you should review what it will do. Make sure that the Miscellaneous options enable Aptitude to "Display a preview of what will be done before doing it." As described in the previous section, this should be supported by the default configuration. Then, when you press g to run the Download/Install/Remove Pkgs command, it will open a list similar to that shown in Figure 4-4. You can now review what aptitude will do to your system, in a variety of categories:

Figure 4-4. What Aptitude will do

Packages being removed because they are no longer used

Sometimes packages are installed to satisfy dependencies. If they're no longer required, for instance, because the original package has been removed, it is added to this list. For example, if I've removed the abiword word processor, I don't need the abiword-common package on my system.

Packages being automatically installed to satisfy dependencies

Just as this suggests, this lists packages that are being installed to satisfy dependencies.

Packages being deleted due to unsatisfied dependencies

Sometimes, packages that satisfy dependencies become obsolete and are removed from available mirrors. Sometimes, there are updates that conflict with such packages.

Packages being held back

Many packages receive regular updates. You may not want to update those packages, because upgrades can sometimes break your configuration. If you did not activate the "Automatically upgrade installed packages" setting described earlier, there will probably be a long list in this section.

Packages to be removed

Sometimes, new versions of a package mean that others no longer work. If these packages are dependencies, they are candidates for removal.

Packages to be upgraded

Even if you haven't activated the "Automatically upgrade installed packages" setting, many packages are still upgraded. Some upgrades are required to satisfy new dependencies.

Packages that are recommended by other packages

While not required, some packages help provide full functionality for others. Such packages are listed here.

Packages that are suggested by other packages

While not required, some packages help enhance functionality for others. Such packages are listed here.

Making Changes with Aptitude

If you want to make changes to this list, you can use the options under the Package Menu. You can change the status of each package, which corresponds to the second letter in the code. For more information on the current status, see Table 4-4.

After you make your changes, run the update (u) command. Not only will it update the package status relative to your configured mirrors, it updates the packages in the noted categories. For example, if you choose to install a package, it will be added either to the "Packages to be installed" or the "Packages to be upgraded" lists.

When you're satisfied with the result, you can press g to run the Download/Install/Remove Pkgs command again. Only after you execute this command a second time does the local computer connect to the mirrors listed in /etc/apt/sources.list and perform the actions which you've just reviewed.

Figure 4-5. Aptitude at work

When Aptitude finishes downloading packages, you're prompted to continue or cancel. By default, packages are downloaded to /var/cache/apt/archives. If you cancel, the packages are still stored there. If you continue, Aptitude exits from its graphical menu and then installs those downloaded packages. If there are problems, you may have to make some choices; one example on my computer is shown in Figure 4-6.

Figure 4-6. Aptitude installing, updating, and more

Remember, Aptitude might be installing hundreds of megabytes of data. That takes time.

Note

When you run aptitude, be careful. When I ran aptitude, I wasn't too careful about the list of packages that were to be uninstalled. As a result, aptitude removed the OpenOffice.org writer package while I worked on this chapter. The results were disconcerting.

4.1.6. Running the Synaptic Package Manager

If you really prefer a fully GUI package manager, Debian provides the Synaptic Package Manager. As you can see in Figure 4-7, Synaptic includes many of the same options available for aptitude. While the descriptions may vary, the effect is the same.

Figure 4-7. The Synaptic Package Manager

Note

This section is based on Synaptic version 0.56. More information is available from www.nongnu.org/synaptic/.

Remember, most every Linux graphical tool is a front-end to one or more commands. Therefore, most of what you see in this section should be familiar. Different perspectives can help you gain insight into the options available for the apt commands.

Because GUI applications are more familiar to most users, we won't go into the same details on how to navigate through Synaptic. However, we will show you how you might configure Synaptic to keep your system up to date.

Note

You can also use a GUI to administer a remote computer with synaptic. All you need is the Secure Shell daemon (SSH). With current versions of SSH, all you need to do is log in to the remote computer with the right switch. For example, if the remote computer is debian1.example.com, the following commands should allow you to use the Synaptic Package Manager to configure updates to the remote computer.

ssh -X root@debian1.example.com synaptic 

Keeping Synaptic Updated

As with aptitude, it's important to keep the apt configuration database up to date. It's quite simple with Synaptic; the Reload button (or Edit -> Reload Package Information) downloads the latest package lists from your selected repositories.

Configuring Synaptic

Synaptic allows you to customize how you mark your upgrades. With the dist-upgrade switch associated with the apt-get command, Synaptic supports smart upgrades, which attempt to resolve conflicts and fulfill all dependencies. Press the Mark All Upgrades button. If you haven't already done so, you can choose between Default and Smart Upgrade. Alternatively, you can configure the upgrade mode; click Settings -> Preferences, and select your preferred option from the System Upgrade drop-down box.

The Synaptic Preference dialog box is shown in Figure 4-8. As you can see, this version includes six tabs. Columns and Fonts as well as Colors do not affect the functionality of Synaptic, and are therefore not covered in this book.

Synaptic Preferences, as shown in Figure 4-8, are significant. They include

Show package properties in the main window

I normally activate this option because it provides more information on each package. However, it could slow performance, especially if you're running Synaptic remotely.

Ask to confirm changes that also affect other packages

If there are dependencies, you'll need to confirm configured changes.

Consider recommended packages as dependencies

As described earlier, recommended packages can enhance functionality. If you activate this option, recommended packages are installed just as if they were dependencies.

Clicking on the status icon marks the most likely action

The status icon is shown in Figure 4-7 as the "S" column to the left of each package name. The most likely action may be installation, upgrade, or removal.

System Upgrade

As described earlier, you can configure a default Smart or Default upgrade for all upgradeable packages.

Reloading outdated package information

If there are outdated packages, you can configure Synaptic to ignore or always reload such packages. In many cases, you may prefer to reload outdated packages, especially if you want to be careful with your current configuration.

Number of undo operations

Synaptic stores your actions and can undo them when you press Ctrl+Z. This option specifies the number of commands you can undo.

Apply changes in a terminal window

By default, Synaptic opens a terminal window to provide messages related to downloads, updates and any configuration issues that may require your input.

Ask to quit after the changes have been applied successfully.

If active, Synaptic allows you to exit after making changes. It's a good idea to check what happened; if there are problems, you can restore your configuration from a backup.

Under the Files tab, you can configure the cache and the Synaptic log files. Under the Temporary Files area, you can manage the cached packages in the /var/cache/apt/archives directory:

Leave all download packages in the cache

Delete download packages after installation

Only delete packages which are no longer available

There's also a button that deletes the files in the cache. There are also options with respect to the history files. As Synaptic requires, the root user account, synaptic history, and configuration files are stored in the /root/.synaptic directory. You can keep all Synaptic history or delete history files older than the number of days you select.

Under the Network tab, you can configure a connection through any Proxy Server which might govern your network's connection to the Internet.

The Distribution tab is important. It governs package upgrade behavior. The three options are

Always prefer the highest version

We recommend that you do not activate this option unless you're willing to test the latest versions of many packages. The "highest version" may not be stable or production-ready.

Always prefer the installed version

This option can help you maintain many services in a working configuration.

Prefer versions from [possibly several options]

If your /etc/apt/sources.list file includes several optional types of repositories (such as stable - Sarge / testing - Etch / unstable - Sid), you can choose between those options.

After you've made your preferred changes, click OK to return to the main Synaptic screen.

Selecting Packages

In the main Synaptic screen, click the Status button. In the left pane, you'll see packages divided into six different categories. When you configure certain packages, you may see a seventh category:

All Lists all packages, installed and available. With the mirrors that I've selected, there are nearly 15,000 packages available.

Installed Lists all installed packages, including those in the two categories that follow.

Installed (local or obsolete) Lists all installed packages that were either built on the local computer or are not available on configured mirrors.

If you see a package in this list, an upgrade may still be available. Perhaps no developer has created a Debian version of the package, or the name of the package may have changed.

Installed (upgradable) Lists those packages for which newer versions are available on configured mirrors. You may want to avoid upgrades, especially for important services, until you know that your configuration files will work with the upgrade.

Not installed Lists all packages from configured sources that have not been installed on this computer.

Not installed (residual config) Lists packages that are not installed, but where associated configuration files exist on the local computer. This is typically associated with a package which has been uninstalled. In many cases, you can reinstall the noted package with the existing configuration file.

Pinned Includes packages that you've selected as "Recommended for Installation to add features," "Suggested for Installation to enhance features," or "Locked to prevent upgrades."

Take a package on the list. Highlight it. Right-click it. It opens a shortcut menu similar to that shown in Figure 4-9.

Figure 4-9. Synaptic Package options

As you can see, there are a number of things that you can do with the currently installed apache2-common package. Inactive options won't work; you can't install or reinstall an upgradeable package. You can highlight some or all packages in a category. The options are straightforward:

Unmark If you've selected an option for a package, you can unmark it.

Mark for Installation You can select an uninstalled package and mark it for installation via Synaptic.

Mark for Reinstallation For those installed packages where upgrades are not available, you can select and mark them for reinstallation, in case you want a fresh copy of associated files.

Mark for Upgrade For those installed packages where upgrades are available, you can select and mark them for upgrade via Synaptic.

Mark for Removal For installed packages, you can mark them for standard removal via Synaptic. Generally, configuration files will not be erased.

Mark for Complete Removal For installed packages, you can mark them for complete removal via Synaptic. Configuration files will be erased.

Properties Opens a window that includes a brief description, dependencies, any installed files, and available versions.

Mark Suggested for Installation Marks packages for installation that add functionality to the target software.

Mark Recommend for Installation Marks packages for installation that enhance functionality of the target software.

If you absolutely want to prevent upgrades of a certain package, highlight it. Run the Package -> Lock Version command to lock the package at the current version level.

Alternatively, you can force Synaptic to install or upgrade a specific package to a version available on one of your configured mirrors. For example, if you know a certain version of the apache2-common package, highlight it and press Ctrl+E. You'll see a window similar to Figure 4-10, where you can select the version you want to force with the Force Version drop-down box.

Making Changes

Take your time as you work with packages in Synaptic. If you choose to use one of the upgrade options described earlier, analyze the Installed (upgradeable) options carefully! If you upgrade a service, anything you've customized for that service may be at risk. If you're allowing Synaptic to delete "unused" packages, analyze that list carefully as well.

When you're ready, press Ctrl+P. This action opens a window that summarizes the actions to be taken. It includes packages to be upgraded, installed, or removed. If you've made changes to the list of packages to be upgraded or removed, those changes will be added to an Unchanged category. One example of this window is shown in Figure 4-11.

If you find an error in your review, this is your last chance to cancel the process. Don't be afraid to go back and review the lists of packages again. When you're ready, press Apply. This starts the process where Synaptic downloads the associated packages. Depending on the megabytes of files you've selected and the speed of your Internet connection, this process may take some time.

When the packages are downloaded, you'll see terminal output. You may be asked some configuration questions associated with specific services during this process. If you're trying to install some problematic packages, find out during this process. For example, Figure 4-12 illustrates some problems with the upgrade. At this point, you can accept the problems and install the packages as they are, or refuse the installation, and return to Synaptic.

Figure 4-12. Upgrade problems

Based on the errors shown, I've either unchecked the installation of related new packages or locked the version of existing packages to avoid upgrades. Sometimes, new packages or upgrades can have bugs. Avoiding upgrades can help you avoid problems in this area.

For example, the messages shown in Figure 4-12 reveal problems associated with the available newer version of the Evolution email manager. Before upgrading my system, I locked Evolution in its current version. While I used these steps, other methods can work equally well:

When you've finished your modifications, click Apply again. If you've made appropriate choices, you should at least see fewer errors. Continue the process until you can update without unacceptable bugs or fatal errors.

If you've saved your downloads, you may be able to use them to update other identically configured Debian computers on your network. If your Debian computers require the same updates, they won't need any additional packages.