I gave this talk to some co-workers on 2022-01-18. It has some informaton on apt repository layout, general apt usage and some other bits and pieces.
I presented apt-talk.md with mdp, which is convienently installable in Ubuntu with apt.
%title: apt - Get me a package. %author: smoser %date: 2022-01-14
-> # apt <-
-> # apt-get subcommands
-> # Personal Package Archives (PPAs)
-> # sources.list and sources.list.d
sources.list [/etc/apt/sources.list]
[]
deb [ arch=amd64,armel ] http://deb.debian.org/debian buster main deb http://archive.ubuntu.com/ubuntu focal main universe
-> # Terms
package - a debian package (archive of files to be extracted) ^
repo[sitory] - basically an apt entry point it can be served via http, ftp, file . http://archive.ubuntu.com/ubuntu or http://archive.debian.org/debian ^
mirror: a mirror/copy of a different repository ^
suite - can be one of
component - just a "group" of packages.
release - "focal" not an offical apt term, but in practice means the 3 or 4 pockets together (focal, focal-updates, focal-security, focal-proposed)
-> # Ubuntu archive practices
An ubuntu release is made up of 3 suites, often called pockets:
^ release pocket (focal) is frozen on release day.
security pocket (focal-security) contents are always copied to -updates
updates pocket (focal-updates)
proposed pocket (focal-proposed)
-> # Signing / Security
InRelease
and Release.gpg
^apt-key add
gives a lot of trust more info-> # Apt respository Tree layout (generic) http://my-mirror/path/
- dists
+ suite
- InRelease, Release, Release.gpg
- {COMPONENT1}/, {COMPONENT2}/ (main, universe ...)
- by-hash/
+ {HASHNAME}/ (SHA256)
- {HASH0}, {HASH1}, {HASH2}
+ pool/
+ {COMPONENT1}
- lots of debs and tarballs
+ {COMPONENT2}
+ ...
-> # Apt repository / Tree layout (ubuntu)
http://archive.ubuntu.com/ubuntu/
- dists/
- focal/
- InRelease, Release, Release.gpg
- by-hash/SHA256/
- 452d981cb97db95c...af2799d6d
- 712628959bc561ac...7c9613acd
- 743f39c4cc8a9442...caf023ec5
- 9a27cff7af857858...92b50da72
- main/
- binary-amd64
- Packages.gz, Packages.xz
- Release
- by-hash/SHA256/
- 44fa689d816504f...e32ce0b60
- 7757921ff8feed9...d43fc9861
- f25bb719a900d96...131f5a604
- binary-i386/
- source/
- universe/
- focal-updates/
....
- pool/
- pool/main/a/accountsservice/accountsservice_0.6.55-0ubuntu11_amd64.deb
- pool/main/a/acct/acct_6.6.4-2_amd64.deb
...
-> # Index files
InRelease [dists/{suite}/InRelease] is inline signed list of all files and their hashes under dists/suite ^
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Origin: Ubuntu Label: Ubuntu Suite: focal Version: 20.04 Codename: focal Date: Thu, 23 Apr 2020 17:33:17 UTC Architectures: amd64 arm64 armhf i386 ppc64el riscv64 s390x Components: main restricted universe multiverse Description: Ubuntu Focal 20.04
SHA256: af226b4496cb....5da13cc 5826751 main/binary-amd64/Packages f25bb719a900....1f5a604 1274738 main/binary-amd64/Packages.gz 44fa689d8165....2ce0b60 95 main/binary-amd64/Release 7757921ff8fe....3fc9861 970408 main/binary-amd64/Packages.xz ...
-> # Index Files (2)
Packages [{component}/{arch}/Packages.(.gz, .xz)] files
are referenced by InRelease and contain info on binary packages.
^
Filename: references paths.
^
Package: apache2-doc Architecture: all Version: 2.4.41-4ubuntu3.9 Priority: optional Section: doc Source: apache2 ... Installed-Size: 24237 Recommends: apache2 Filename: pool/main/a/apache2/apache2-doc_2.4.41-4ubuntu3.9_all.deb Size: 3848232 MD5sum: 28871b9f02854de4eb6ae130362c7fb4 SHA256: cd88a562a58fef3274d2d49ef0ccc6e57046dcb8f598b628bf4d8fa8e0a9e184 ... Homepage: https://httpd.apache.org/ Description: Apache HTTP Server (on-site documentation)
-> # Index Files (3)
Sources(.gz, .xz) [{component}/source/Sources.gz] contains information about source packages. ^
Package: apache2 Format: 3.0 (quilt) Binary: apache2, apache2-data, apache2-bin, apache2-utils, ... apache2-dev, ... Architecture: any all Version: 2.4.41-4ubuntu3.9 ... Build-Depends: debhelper (>= 10), dpkg-dev (>= 1.16.1~), bison, gawk | awk, ... Build-Conflicts: autoconf2.13 Testsuite: autopkgtest Homepage: https://httpd.apache.org/ Vcs-Git: https://salsa.debian.org/apache-team/apache2.git Directory: pool/main/a/apache2 Package-List: apache2 deb httpd optional arch=any apache2-bin deb httpd optional arch=any apache2-data deb httpd optional arch=all ... Files: c3724f8bcf400a0a4974c953c74a3efc 3382 apache2_2.4.41-4ubuntu3.9.dsc 9dd9c5fae398c3696805d19cb1f1a104 9267917 apache2_2.4.41.orig.tar.gz 89698e860367cbc1b64cac94d8022b72 1076980 apache2_2.4.41-4ubuntu3.9.debian.tar.xz ... Checksums-Sha256: 04779f62c85f3...d02617 3382 apache2_2.4.41-4ubuntu3.9.dsc 3c0f9663240be...3a5461 9267917 apache2_2.4.41.orig.tar.gz aecf5dfb01e24...7df3a1 1076980 apache2_2.4.41-4ubuntu3.9.debian.tar.xz
-> # Versioning
[epoch][-]
normal:
native [a "native" debian package (no upstream)]
epoch - oops we messed up versioning. an epoch of 1: will will be larger than no epoch and 2: will be larger than 1.
Messed up versioning:
-> # Versioning continued
-> # Pins / Policy
-> # Pins continued We can use this to select atomix packages if we always use an atomix suffix.
Package: *
Pin: version *atomix*
Pin-Priority: 1000
-> # Other stuff
apt
vs apt-get
-> # Alternative sources.list format (deb822-style) more verbose, not common.
Types: deb URIs: http://us.archive.ubuntu.com/ubuntu Suites: focal focal-updates Components: main restricted