Debian proposed updates что это
Перейти к содержимому

Debian proposed updates что это

  • автор:

Lenny proposed updates и s.d.o lenny/updates — в чём разница?

Почему в них разные версии exim4, а также bind и gnumeric?

Есть ли между ними какая-то связь, всё ли обязательно попадает в l-p-u, и если да, то в какие сроки?

Очень интересно: что касается gnumeric, то в lenny и security лежат файлы с одинаковым именем, но разным содержимым и разной датой — один от 8 февраля 2009, другой от 10 февраля 2009 (lenny вышел 14 февраля 2009). Чудеса, я даже не думал, что могут быть одинаковые файлы с разным содержанием.

Есть два способа, которыми пакет может попасть в следующий минорный релиз: через security и через proposed updates. Этими двумя репозиториями заведуют разные команды, перемещения пакетов между ними нет. В security исправляются ошибки, связанные с безопасностью, а в proposed updates — все остальное (например, ошибки, связанные с потерей данных или неправильным результатом вычислений). Кроме того, security обычно подключен, а proposed updates — нет.

Насчет gnumeric — ты нашел баг, его надо заявить против псевдопакета ftp.debian.org.

В том то и дело, что у меня proposed-updates всегда подключён, а security — нет. У меня локальное зеркало, и версии пакетов, начиная с 2008 года, мне не особо то и нужны. Раньше мне всё это попадало в proposed, и я не волновался. А сейчас exim4 там нет, и я вдруг заволновался, поскольку exim4 в lenny гораздо сложнее не получить, чем получить.

Вроде бы, в proposed должны бы попадать как security обновления, так и остальные, планируемые к следующему апдейту. По крайней мере, именно так написано в документации.

Можно ссылку на документацию?

По умолчанию инсталлятор debian подключает security и не подключает proposed updates.

2.1.2. Секция proposed-updates

Перед тем как попасть в архивы, все выпускаемые изменения стабильного (и старого стабильного) дистрибутива проходят расширенный тестовый период. Каждое такое обновление стабильного (и старого стабильного) выпуска называется промежуточным выпуском (point release). Подготовка промежуточного выпуска проводится через механизм proposed-updates.

Репозитории

Нужно использовать с осторожностью, т.к. зависимости многих пакетов конфликтуют по версиям с пакетами из основного репозитория.

Установка

1. Нужно добавить репозиторий в /etc/apt/sources.list , подробности: deb-multimedia

2. Обновить список пакетов:

Добавление поддержки архитектуры i386

Управление пакетами из консоли

Графический интерфейс

Управление репозиториями python-software-properties
Управление пакетами Synaptic
Установки пакетов из файлов GDebi

Настройка apt

Для того, чтобы всегда перечислять обновляемые пакеты и запрашивать подтверждение у пользователя
Работа через прокси

Локальная документация: /usr/share/doc/Debian/apt-howto

Ссылки на источники обновлений

Основной файл: /etc/apt/sourcs.list

wheezy

31 мая 2018 перекрещена поддержка Debian Wheezy, поэтому необходимо изменить адреса серверов обновлений:

и выполнить обновление списка пакетов командой:

jessie

Вариант работы с архивом:

stretch

buster

Список URL

Обновление списка пакетов

Обновление ключей

Обновление пакетов

Команда обновляет все установленные пакеты, но не удаляет пакеты для разрешения зависимостей

Список пакетов, которые могут быть обновлены

Обновление всех установленных пакетов

Обновление всех установленных пакетов с удалением или установкой пакетов по мере необходимости для разрешения всех зависимостей

Обновление списка пакетов и самих пакетов

Установка пакета

Установка только самого пакета, без рекомендованных других пакетов:

Установка пакета из определённого репозитория

Удаление пакета

Удаление не используемых старых пакетов

Удаление кеша всех пакетов

Удаление всех пакетов из папки /var/cache/apt/archives

Версия пакета

Перенастроить заново уже установленный пакет

Список всех установленных пакетов

С версиями и описанием:

Список только названий:

Поиск пакета

Добавление репозитория

Создание локального репозитория

Проблемы

В случае возникновения ошибки:

Нужно удалить информацию от этом пакете в файле /var/lib/dpkg/status

Проблема с обновлением jessie 2019-03

Работа через dpkg

Установка пакета

Если в процессе установки появится ошибка, что нет необходимых пакетов, то запускаем команду:

после этого нужно выполнить установку пакета повторно.

Удаление пакета

Установка пакетов из unstable

При установке пакетов из unstable легко сломать зависимости и вернутся обратно будет невозможно!

Чтобы поставить пакет нужно выполнить установку с указанием репозитория unstable

How to Update Debian from Terminal

Debian is a Linux distro composed of free and open-source software (FOSS). It’s developed by the Debian Project, a community-driven project. It’s one of the oldest operating systems based on the Linux kernel. Debian is at the core of many popular operating systems like Ubuntu, Linux Mint, MX Linux, Deepin, and much more.

This guide will demonstrate how to keep Debian’s packages up-to-date from the terminal.

Keeping Debian up-to-date

A Linux operating system is a combination of numerous packages connected with each other in a very complex network. All these packages deliver all the necessary files and binaries that make the operating system.

These packages are generally updated regularly. It may be bug fixes, security patches, or feature improvements. It’s important to keep all the packages up-to-date.

Debian uses APT to manage packages. The package updates are directly available from the official Debian package repos. APT can also work with third-party repos. However, it’s up to you to determine whether the third-party repo is trustworthy and updating their packages.

Updating Debian

We can use APT to perform a check whether any package update is available. If available, we can update the target packages.

It’s also possible to configure automatic updates on Debian using unattended upgrades.

Updating packages require root permission. To perform the actions demonstrated, you need to have access to the root user. Alternatively, you need a non-root user who can execute the sudo command. Learn more on managing sudo permission for users on Debian.

Checking for updates

Open up the terminal and run the following command.

As the output suggests, APT will check for updates on each of the repos configured and update its package catalog. If any update is available, APT will notify you that updates are available.

To check the list of available package updates, run the following APT command.

Upgrading packages

The APT cache is updated with the latest available package catalog. We now also know what package updates are available. Time to install them.

To upgrade a target package, run the following command. Here, APT will only upgrade the target package. If the package weren’t installed already, it wouldn’t be installed.


To upgrade all the packages at once, run the following command instead. Here, APT will download and upgrade all the available package updates.


Before downloading and upgrading packages, APT will ask for confirmation to perform the action. If you don’t want APT to ask for confirmation, add the flag “-y”.

Updating APT cache and upgrading packages simultaneously

Instead of performing these steps simultaneously, we can combine them both in a single command. If you’re running the bash shell, then the following command will check for package updates and upgrade packages simultaneously.


Here, the symbol “&&” ties both the update and upgrade commands together. It’s basically a logical AND operator. There are numerous bash operators and symbols that carry special functions and meanings. Check out this big list of bash operators and their implementations.

Automating Debian update

So far, we’ve updated Debian packages manually. However, manual updating is inconvenient in the long run, not to mention enterprise/professional environment where you may need to manage multiple remote servers at the same time. Updating all of them manually is a tedious process. It’s possible to use Ansible to manually update remote Debian/Ubuntu systems at once but running it manually regularly is not practical.

This is where we can use unattended upgrades. It’s a tool that will automatically check and download package updates whenever available. It requires a little bit of configuration.

First, we need to install the package. Open a terminal, update the APT cache, and install the package.


Next, we need to tweak the APT configuration file for unattended-upgrades. Open it in a text editor.

Uncomment the following lines from the configuration file. It will tell the tool to automate the update process.

The configuration file is updated. Run the following dpkg configuration command to put it into action.



After successful execution, a dialog box will appear on the terminal. Select “Yes”.

The tool will now automatically download and install updates on Debian. However, we need to make sure that it’s working as intended. Check the service status.


It’s showing that the service status is Active (In Progress), meaning it’s working perfectly. Check out this guide on unattended upgrades for full in-depth info and demonstrations.

Final thoughts

Updating Debian is a very simple task. Debian is a well-maintained project with up-to-date packages directly available from its package servers. All you need is to tell APT to do the job.

Debian follows a long-term release cycle. So, you don’t have to upgrade your distro often. If you’re using an older Debian, then instead of updating the packages, it’s recommended to upgrade the distro. At the time of writing this guide, Debian 10 is the latest stable release. Check out this guide on how to upgrade from Debian 9 to Debian 10.

About the author

Sidratul Muntaha

Student of CSE. I love Linux and playing with tech and gadgets. I use both Ubuntu and Linux Mint.

How to Enable Unattended Upgrades on Ubuntu/Debian

Linux server security is of critical importance to sysadmins. One central part of keeping Linux servers secure is by installing security updates promptly. Too often, there are compromised servers on the internet due to pending security updates waiting for a manual update. On both Ubuntu and Debian, the unattended-upgrades package can be configured to perform unattended-upgrades to install updated packages and security updates automatically.

In general, on critical servers where you cannot afford unplanned downtime should be very careful with unattended-upgrades (or automatic updates). While there are reasons to be cautious, it is also worth considering. With that said, let’s jump right in!

Install unattended-upgrades

As of Debian 9, both the unattended-upgrades and apt-listchanges packages are installed by default. Recent releases of Ubuntu also come with unattended-upgrades installed by default. To install the unattended-upgrades package, enter the following in your terminal:

Remember, you’ll want to monitor updates and changes to your Linux server over time. You can monitor via /var/log/dpkg.log or read the log files in /var/log/unattended-upgrades/. You can also monitor changes by installing the apt-listchanges package (optional).

The apt-listchanges can be configured to send emails about update changes. apt-listchanges is a tool to show what has been changed in a new version of a Debian package compared to the version currently installed on the system. It does this by extracting the relevant entries from the NEWS.Debian and changelog[.Debian] files, usually found in /usr/share/doc/package, from Debian package archives. On both Debian and Ubuntu, as Ubuntu is a derivative of Debian.

Configure unattended-upgrades

UnattendedUpgrades config

The unattended-upgrades config file location is /etc/apt/apt.conf.d/50unattended-upgrades .

Lines starting with a double slash // have no effect. Therefore, to “enable” a line, remove the double slash // .

Selecting what to update

Here are some details on the update types available, as explained by Ubuntu:

“$:$-security”; – Auto updating security updates will patch holes and vulnerabilities on your server.

“$:$-updates”; – Updates (aka Recommended Updates) contain non-critical updates which can remove major annoyances and broken packages but which do not affect your security. Other than fixing some, they do not enable any features. Enabling this is generally a good idea. The amount to download as well as the changes are not too big, but it improves your server stability in various ways.

“$:$-proposed”; – The proposed updates are updates that are waiting to be moved into the recommended updates queue after some testing. They may never reach recommended, or they may be replaced with a more recent update. Enabling this is reasonable if you want to participate in testing minor updates or know that your specific problem has been solved here, but the package hasn’t reached recommended yet. WARNING: Enabling the proposed updates repository can break your system. It is not recommended for inexperienced users.

“$:$-backports”; – Backported updates are pieces of software that come from a newer major release. Thus, they can contain new features but may also break compatibility with their older version. However, they are compiled specifically for your version of Ubuntu. In effect, it saves you the hassle of broken dependencies and major downloads. Enabling this is reasonable if you want new features but don’t want your system to be unstable.

Enabling email reporting

Next, to enable email reporting. Find this line:

You can also leave it set to the default “root” to send email reports to the server’s root account. Here’s an example of unattended-upgrades mail config:

unattended upgrades mail

The remainder of the config file is self-explanatory. If you have any questions, post them below.

Configure update frequency

By default, unattended upgrades will install available updates daily. To confirm, take a look at the config file: /etc/apt/apt.conf.d/20auto-upgrades. It should look like this:

APT::Periodic::Update-Package-Lists – allows you to specify the frequency (in days) at which the package lists are refreshed.

APT::Periodic::Unattended-Upgrade – When enabled, the daily script will execute unattended-upgrade .

APT::Periodic::Download-Upgradeable-Packages – Frequency (in days) for the downloading of the actual packages.

APT::Periodic::AutocleanInterval – It controls how often obsolete packages are removed from the APT cache. This keeps the APT cache at a reasonable size and means that you don’t need to worry about that task.

auto upgrades

Sample config:

The above configuration will update package lists, download packages, and install available upgrades daily. At the same time, APT cache will be cleaned every 7 days.

Test unattended-upgrades

You can test your config with a dry run. Use the following command. Refer to the man page for help:

Conclusion

By enabling Unattended Upgrades (Automatic Updates) on Ubuntu or Debian servers, you’ve taken an important step to protect your server from vulnerabilities. Manually updating the system and applying patches can be a very time-consuming process. Unattended Upgrades save a lot of time. However, for many servers and/or VMs, I would recommend using bulk automation tools such as Ansible, Salt, Chef, Puppet, etc. Automatic updates are also available on Red Hat, CentOS and Fedora Linux. I will post a how-to article about this next.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *