Как настроить sources.list на debian 9
Содержание:
- Список URL
- Обновление всех установленных пакетов
- Установка пакета
- Проблемы
- Risoluzione dei nomi
- 2.2 Как использовать APT локально
- Utiliser Tor avec Apt
- Sources.list entry
- /etc/apt/sources.list
- Commonly used package sources
- OpenPGP Key distribution
- Government Organizations
- Понимание apt и sources.list
- «Packages» Indices
- jessie
- On-line Real Time Help Using IRC
- stretch
- 2.1 Файл /etc/apt/sources.list
- Debian Repository Types
- indices difference files (diffs)
- Fonti per i pacchetti comunemente usate
Список URL
Список URL, например для работы через Squid
security.debian.org security-cdn.debian.org ftp.ru.debian.org http.us.debian.org us.debian.org keys.gnupg.net mirror.mephi.ru cdn.debian.net debian.nsu.ru mirror.yandex.ru
apt-get -u upgrade
Команда обновляет все установленные пакеты, но не удаляет пакеты для разрешения зависимостей
Обновление всех установленных пакетов
apt-get -u dist-upgrade
Обновление всех установленных пакетов с удалением или установкой пакетов по мере необходимости для разрешения всех зависимостей
Установка пакета
apt-get install ИМЯ_ПАКЕТА
Установка только самого пакета, без рекомендованных других пакетов:
apt-get install ИМЯ_ПАКЕТА --no-install-recommends
Удаление всех пакетов из папки
apt-get clean
С версиями и описанием:
dpkg -l
Список только названий:
dpkg --get-selections
Для того, чтобы работа команда нужно установить пакеты:
apt-get install software-properties-common
Проблемы
В случае возникновения ошибки:
E: Пакет <имя пакета> нуждается в переустановке, но найти архив для него не удалось
Нужно удалить информацию от этом пакете в файле
Risoluzione dei nomi
A volte la risoluzione dei nomi può non funzionare. L’esempio che segue è preso da un port S/390x in esecuzione in una chroot QEMU:
# apt update 0% Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Err:1 http://ftp.us.debian.org/debian testing InRelease Temporary failure resolving 'ftp.us.debian.org' Reading package lists... Done W: Failed to fetch http://ftp.us.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'ftp.us.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead.
Si può aggirare temporaneamente il problema ottenendo l’indirizzo IP da un’altra macchina e poi utilizzandolo al posto dell’URI:
echo "deb http://128.30.2.26/debian testing main" > /etc/apt/sources.list apt update Get:1 http://128.30.2.26/debian testing InRelease Get:2 http://128.30.2.26/debian testing/main s390x Packages Get:3 http://128.30.2.26/debian testing/main Translation-en Fetched 13.0 MB in 32s (403 kB/s) Reading package lists... Done
2.2 Как использовать APT локально
Иногда, вы можете располагать кучей пакетов .deb, которые вам хотелось бы
устанавливать с помощью APT, чтобы зависимости обрабатывались автоматически.
Чтобы это сделать, создайте каталог и поместите в него .deb`ы, которые вам
нужны. Например:
mkdir /root/debs
Вы можете изменить установки определений файла control из debian-пакета
напрямую для вашего репозитория с помощью файла override. В этом
файле вы можете определить какие-нибудь опции для перекрытия тех, которые
приходят с пакетом. Это может выглядеть так:
package priority section
package — это имя пакета, priority — имеет значения low, medium или high, а
section — это название раздела, в котором он находится. Имя файла не имеет
значения, позже вы будете указывать его в качестве аргумента для команды
. Если вы не хотите составлять файл
override, тогда просто указывайте . при
вызове .
Из каталога /root дайте команду:
dpkg-scanpackages debs file | gzip > debs/Packages.gz
In the above line, file is the override file, the
command generates a file that contains various
informations about the packages, which are used by APT. To use the packages,
finally, add: В вышеприведенной команде, file — это файл
override, команда генерирует файл ,
который содержит различную информацию о пакетах, которые используются APT.
Чтобы использовать пакеты, наконец, добавьте:
deb file:/root debs/
После всех этих манипуляций вы можете использовать команды APT как обычно. Вы
также можете создать и репозиторий для исходных текстов. Для этого
используется та же процедура, но помните, что вам нужны файлы
.orig.tar.gz, .dsc и .diff.gz в
каталоге, и вместо Packages.gz надо использовать Sources.gz. Также нужно
использовать другую программу. Это программа .
Командная строка выглядит примерно так:
dpkg-scansources debs | gzip > debs/Sources.gz
Обратите внимание на то, что программе не нужен
override файл. Строка в sources.list:
deb-src file:/root debs/
Utiliser Tor avec Apt
Apt peut récupérer et télécharger des mises à jour avec Tor. Pour cela, vous devez installer les paquets tor et apt-transport-tor. Vous pouvez alors utiliser les services onion fournis par Debian.
Voici un exemple de sources.list utilisant les services onion pour Debian 9 « Stretch » :
deb tor+http://vwakviie2ienjx6t.onion/debian stretch main deb-src tor+http://vwakviie2ienjx6t.onion/debian stretch main deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security stretch/updates main deb-src tor+http://sgvtcaew4bxjd7ln.onion/debian-security stretch/updates main deb tor+http://vwakviie2ienjx6t.onion/debian stretch-updates main deb-src tor+http://vwakviie2ienjx6t.onion/debian stretch-updates main
Sources.list entry
A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint.
The suite entry SHOULD correspond to the target Debian release if the binaries are built for a specific suite. In other cases, the suite SHOULD be the string «stable», or it MAY be a repository-specific string describing the suite concisely. If the suite does not correspond to a target Debian release, the suite naming convention MUST be clearly documented.
If the repository has no reason to be split into multiple components, then the component name SHOULD be main. If there is a reason for splitting the repo into multiple components, the reason for the split should be clearly documented (e.g. ) and the component names should concisely reflect that split.
Entries MUST be added in the /etc/apt/sources.list.d directory using a shortened repository name (e.g. deriv.list). The «Deb822» file format MAY be used instead to improve clarity for complex entries (e.g. deriv.sources). (See )
For example, this would be the content of the /etc/apt/sources.list.d/deriv.list file:
deb [signed-by=/usr/share/keyrings/deriv-archive-keyring.gpg] https://deriv.example.net/debian/ stable main
The above is a sources.list line for a fictitious Deriv Debian derivative. The suite is stable and the component is the standard main component.
This is equivalent to the following Deb822 file format, under deriv.sources:
Types: deb URIs: https://deriv.example.net/debian/ Suites: stable Components: main Signed-By: /usr/share/keyrings/deriv-archive-keyring.gpg
The reason we point to a file instead of a fingerprint is that the latter forces the user to add the key to the global SecureApt trust anchor in /etc/apt/trusted.gpg.d, which would cause the system to accept signatures from the third-party keyholder on all other repositories configured on the system that don’t have a signed-by option (including the official Debian repositories).
Serving the repository under HTTPS is OPTIONAL, as it may make running a round-robin network of untrusted mirrors more difficult, and the trust chain provided by SecureApt should suffice.
/etc/apt/sources.list
Como parte de sua operação, o Apt utiliza um arquivo que lista as ‘fontes’ das quais os pacotes podem ser obtidos. Este arquivo é /etc/apt/sources.list.
As entradas neste arquivo normalmente seguem este formato:
deb http://sítio.exemplo.com/debian distribuição componente1 componente2 componente3 deb-src http://sítio.exemplo.com/debian distribuição componente1 componente2 componente3
Obviamente, as entradas acima são fictícias e não devem ser usadas. A primeira palavra em cada linha, deb ou deb-src, indica o tipo de arquivo: se ele contem pacotes binários (deb), isto é, os pacotes pré-compilados que nós normalmente usamos, ou os pacotes-fonte (deb-src), que são os ?fontes originais do programa mais o arquivo de controle do Debian (.dsc) e o deff.gz contendo as alterações necessarias para o empacotamento do programa.
A ‘distribuição’ pode ser ou o nome-código da versão / apelido (lenny,squeeze, wheezy, sid) ou a classe da versão (oldstable, stable, testing, unstable) respectivamente. Se você pretende acompanhar uma classe de versão então utilize o nome de classe, se você quer rastrear uma versão pontual do Debian, use o nome-código.
Por exemplo, se você possui um sistema rodando o Debian 7.0 (Wheezy) e não quizer migrá-lo quando o Debian Jessie for lançado, use ‘Wheezy’ em vez de ‘stable’ para a distribuição. Se você sempre quer ajudar a testar as versões de teste, utilize ‘testing’. Se você está acompanhando a Jessie e quer permanecer com ela da fase de teste até ela se tornar obsoleta, utilize ‘jessie’.
Alternativamente, você pode usar uma ferramenta do GNOME, para edita seu arquivo sources.list. (Menu Sistema>Administração>Fontes de Software).
Commonly used package sources
-
DebianStable: official Debian repository for the current release
-
StableProposedUpdates: official Debian repository for upcoming point releases (security and important bug fixes every ~2 months)
-
StableUpdates: official Debian repository for changes that cannot wait for the next point release, packages are also added to StableProposedUpdates for inclusion in the next point release
-
DebianSecurity: official Debian repository for frequent security updates
-
DebianBackports: more recent versions of some packages, compatible with DebianStable.
-
DebianTesting: current development state of the next stable Debian distribution
-
DebianUnstable: rolling development version containing the latest packages
-
DebianExperimental: development version containing the experimental/alpha/beta/untested packages
OpenPGP Key distribution
Repositories MUST be signed with an OpenPGP key. A binary export (gpg --export) of the key SHOULD be available at the root of the repository under the filename deriv-archive-keyring.gpg, where deriv is the a short name for the repository. The file SHOULD NOT be ascii-armored (gpg --export --armor) although a separate armored version MAY be available under deriv-archive-keyring.asc.
The key SHOULD be served over HTTPS if possible. A free X509 certificate MAY be obtained from Let’s Encrypt and automatically configured using the certbot package.
The key MAY also be made available on key servers. If so, operators SHOULD choose the ad-hoc standard, sks-keyservers.net. This key SHOULD be signed by other keys, preferably including some that are close to the strong set, in order to leverage the OpenPGP web of trust. The key MUST be downloaded over a secure mechanism like HTTPS to a location only writable by root, which SHOULD be /usr/share/keyrings. The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add.
For example, users MAY be told to run this command to download the key:
wget -O /usr/share/keyrings/deriv-archive-keyring.gpg https://deriv.example.net/debian/deriv-archive-keyring.gpg
Chances are the key being distributed is ‘ascii-armored’. In that case you will need to dearmor it:
curl https://deriv.example.net/debian/deriv-archive-keyring.gpg | gpg --dearmor > /usr/share/keyrings/deriv-archive-keyring.gpg
The reason why we avoid ASCII-armored files is that they cannot be used directly by SecureApt. We also strongly recommend the use of HTTPS as it bypasses certain MITM attacks that would allow a hostile third party to inject OpenPGP key material in the repository setup.
Government Organizations
- Agência Nacional de Vigilância Sanitária — ANVISA (Health Surveillance National Agency) — Gerência de Infra-estrutura e Tecnologia (GITEC), Brazil
- Bureau of Local Employment — Department of Labor and Employment, Philippines
- Cemagref Bordeaux, Cemagref, Cestas, France
- Divisão de Redes, Ministério das Cidades, Brazil
- Directorate of Information Technology, Council of Europe, Strasbourg, France
- Gerencia de Redes, Eletronorte S/A, Brazil
- European Audiovisual Observatory, Strasbourg, France
- Exército Brasileiro, Brazil
- Informatique, Financière agricole du Québec, Canada
- Informática de Municípios Associados — IMA, Governo Municipal, Campinas/SP, Brazil
- Bureau of Immigration, Philippines
- Institute of Mathematical Sciences, Chennai, India
- Special Medical Devices Lab., Bruk Institute of Electronic Controlling Machines, Moscow, Russian Federation
- INSEE (National Institute for Statistics and Economic Studies), France
- Department for IT-Systems, Grenchen, Switzerland
- London Health Sciences Centre, Ontario, Canada
- Department of Labour and Social Protection, Bilgorod-Dnistrovskyi, Ukraine
- Ministry of Foreign Affairs, Dominican Republic
- Municipality of Ibarra, Ibarra, Ecuador
- Procempa, Porto Alegre, RS, Brazil
- SMDC-PROCON Fortaleza, Fortaleza Municipality, Brazil
- Servicio Autonomo de Propiedad Intelectual, MILCO, Venezuela
- SECIMA, Secretaria de Estado de Meio Ambiente, Recursos Hídricos, Infraestrutura, Cidades e Assuntos Metropolitanos, Goiânia/GO, Brazil
- Servizio Informativo Comunale, Comune di Riva del Garda, ITALY
- St. Joseph’s Health Care London, Ontario, Canada
- State Nature Conservation Agency, Slovakia
- Servicio de Prevencion y Lucha Contra Incendios Forestales, Ministerio de Produccion Provincia de Rio Negro, Argentina
- Vermont Department of Taxes, State of Vermont, USA
- Zakład Gospodarowania Nieruchomościami w Dzielnicy Mokotów m.st. Warszawy, Warsaw, Poland
Понимание apt и sources.list
Менеджер пакетов для Debian и его инструмент .apt, который переводиться как Advanced Package Tool и представляет собой набор инструментов для управления пакетами Debian, и поэтому приложения, установленные в вашей системе Debian .apt позволяет:
- Установку приложений
- Удаление приложений
- Обновление приложений
- Исправление сломанных пакетов и т.д.
apt способен решить проблемы зависимостей и получать требуемые пакеты из назначенных репозиториев пакетов. Он делегирует фактическую установку и удаляет пакеты для DPKG .apt в основном использует инструмент командной строки, но есть доступны инструменты GUI, которые вы можете использовать.
Файл /etc/apt/sources.list в Debian используется Apt как часть своей работы. Этот файл содержит список «sources», из которых могут быть получены пакеты. Записи в этом файле обычно имеет следующий формат.
Записи, приведенные выше, являются вымышленными и не должны использоваться. Ниже содержимое этого файла, которое разделить на несколько разделов:
Тип архива:
Первая запись в каждой строке – deb или deb-src представляет тип архива.
- deb означает URL, при условии, что содержатся заранее скомпилированные пакеты. Эти пакеты, установленные по умолчанию при использовании менеджеров пакетов, как apt-get или aptitude.
- deb-src указывают на источники пакетов с файлом управления Debian (.dsc) и diff.gz, содержащий изменения, необходимые для упаковки программы.
Хранилище URL:
Следующая запись в строке является URL в хранилище, куда пакеты будут загружены. Вы можете найти основной список Debian пакетов репозитория из зеркала Debian Worldwide sources.list.
Распределение:
«Распределение» может быть либо код релиза имя/псевдоним (jessie, stretch, buster, sid) или класс релиза (старое стабильное, стабильное, тестирование, нестабильный) соответственно. Если вы имеете в виду отслеживание, то класс выпуска может использовать имя класса, если вы хотите, отслеживать релизов Debian, используйте кодовое имя.
Компонент
Есть правило, три компонента, которые могут быть использованы на Debian, а именно:
- main – он содержит пакеты, которые являются частью дистрибутива Debian. Эти пакеты DFSG совместимыми.
- contrib – это пакеты DFSG совместимые, но содержит пакеты, которые не находятся в главном хранилище.
- non-free – содержит программные пакеты, которые не соответствуют с DFSG.
Полный файл sources.list на Debian 9 будет выглядеть следующим образом:
Затем, чтобы получить contrib и non-free, добавьте contrib non-free после основных, как показано ниже:
После того, как вы внесли изменения в файл sources.list, вы должны выполнить команду:
Это обеспечит синхронизацию apt. Затем вы можете установить новые пакеты из репозитория.
«Packages» Indices
The files dists/$DIST/$COMP/binary-$ARCH/Packages (and dists/$DIST/$COMP/debian-installer/binary-$ARCH/Packages for udebs) are called Binary Packages Indices. They consist of multiple paragraphs, where each paragraph has the format defined in , and the additional fields defined in this section, precisely:
- Filename (mandatory)
- Size (mandatory)
- MD5Sum, SHA1, SHA256 (recommended)
- Description-md5 (optional)
If the following fields exist in the control file of a .deb file they also must exist in the record about the package in the Packages file and the value must match exactly or a client might recognize a metadata mismatch and redownloads/reinstalls a package:
- Depends et al
- Installed-Size
- Multi-Arch
Note that the control file of .deb files may contain additional fields not yet documented by policy or not yet documented here which then might also be found in this file.
Each paragraph shall begin with a «Package» field. Clients may also accept files where this is not the case.
The Packages file for architecture $ARCH should include only paragraphs concerning packages of the architecture $ARCH. It may also include packages of the architecture all depending on the value of the Architectures field in the Release file.
Filename
The mandatory Filename field shall list the path of the package archive relative to the base directory of the repository. The path should be in canonical form, that is, without any components denoting the current or parent directory («.» or «..«). It also should not make use of any protocol-specific components, such as URL-encoded parameters.
Example:
Filename: pool/main/a/apt/apt_0.9.3_amd64.deb
Size, MD5sum, SHA1, SHA256, SHA512
The mandatory Size field describes the size of the package, in its compressed form, in units of bytes. Its value shall be a strictly positive integer, given in decimal notation, without any leading zeroes.
The MD5sum (lower case s), SHA1, SHA256, SHA512 fields provide cryptographic hashes for verifying the file integrity. Their values shall be given in hexadecimal notation, including any leading zeroes, and using lower case letters. At least one field providing a SHA2 hash shall be provided. Providing SHA256 is highly recommended.
Example:
Size: 1158196
MD5sum: 2519c8c1afd27e70cf4ac10a5fa46e32
SHA1: 646eda5b6d51190181c15f5537428161f6f04c1d
SHA256: 3183eff291d1e9d905e78a6b467bbfb90b20fc2808d50b5e91bf55158b4c18be
Clients may not use the MD5Sum and SHA1 fields for security purposes, and must require a SHA256 or a SHA512 field.
Description-md5
An MD5 checksum of the complete English language description. If not specified, the checksum can be computed starting with the second byte after the colon following the field name containing the English language description (Description in the binary package) and includes the trailing newline of the field. The field value is processed as-is, without any formatting such as removing the indentation done.
If the value is specified, it must be a hex MD5 digest and must consist solely of the digits 012345679, and the lowercase characters abcdef. If the value contains any other character, such as uppercase characters, the behaviour is unspecified.
In the example given below, the checksum is calculated starting from the c in commandline up to (and including) the newline character before Description-md5.
Example:
Description: commandline package manager
This package provides commandline tools for searching and
managing as well as querying information about packages
as a low-level access to all features of the libapt-pkg library.
.
These include:
* apt-get for retrieval of packages and information about them
from authenticated sources and for installation, upgrade and
removal of packages together with their dependencies
* apt-cache for querying available information about installed
as well as installable packages
* apt-cdrom to use removable media as a source for packages
* apt-config as an interface to the configuration settings
* apt-key as an interface to manage authentication keys
Description-md5: 9fb97a88cb7383934ef963352b53b4a7
Description
As an exception to Policy 5.6.13 (Description), the value of the Description field may omit the long description if the Description-md5 field is defined. In such a case, the description is found in the Translation-en.
jessie
jessie
jessie
- sources.list
-
# deb http://ftp.ru.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.ru.debian.org/debian/ jessie main contrib non-free deb http://security.debian.org/ jessie/updates main contrib non-free deb-src http://security.debian.org/ jessie/updates main contrib non-free deb http://ftp.ru.debian.org/debian/ jessie-proposed-updates main contrib non-free deb-src http://ftp.ru.debian.org/debian/ jessie-proposed-updates main contrib non-free deb http://ftp.ru.debian.org/debian/ jessie-backports main contrib non-free deb-src http://ftp.ru.debian.org/debian/ jessie-backports main contrib non-free
Вариант работы с архивом:
- sources.list
-
# deb http://archive.debian.org/debian/ jessie main deb-src http://archive.debian.org/debian/ jessie main deb http://security.debian.org/ jessie/updates main contrib deb-src http://security.debian.org/ jessie/updates main contrib
On-line Real Time Help Using IRC
IRC (Internet Relay Chat) is a way
to chat with people from all over the world in real time.
IRC channels dedicated to Debian can be found on
OFTC.
To connect, you need an IRC client. Some of the most popular clients are
HexChat,
ircII,
irssi,
epic5 and
KVIrc,
all of which have been packaged for
Debian. OFTC also offers a WebChat
web interface which allows you to connect to IRC with a browser without
the need to install any local client.
Once you have the client installed, you need to tell it to connect
to the server. In most clients, you can do that by typing:
/server irc.debian.org
In some clients (such as irssi) you will need to type this instead:
/connect irc.debian.org
Once you are connected, join channel by typing
/join #debian
Note: clients like HexChat often have a different, graphical user interface
for joining servers/channels.
At this point you will find yourself among the friendly crowd of
inhabitants. You’re welcome to ask questions about
Debian there. You can find the channel’s faq at
https://wiki.debian.org/DebianIRC.
There’s a number of other IRC networks where you can chat about Debian,
too. One of the more prominent ones is the
freenode IRC network at
chat.freenode.net.
stretch
stretch
stretch
- sources.list
-
# deb http://ftp.ru.debian.org/debian/ stretch main contrib non-free deb-src http://ftp.ru.debian.org/debian/ stretch main contrib non-free deb http://security.debian.org/ stretch/updates main contrib non-free deb-src http://security.debian.org/ stretch/updates main contrib non-free deb http://ftp.ru.debian.org/debian/ stretch-proposed-updates main contrib non-free deb-src http://ftp.ru.debian.org/debian/ stretch-proposed-updates main contrib non-free deb http://ftp.ru.debian.org/debian/ stretch-backports main contrib non-free deb-src http://ftp.ru.debian.org/debian/ stretch-backports main contrib non-free deb http://ftp.ru.debian.org/debian/ stretch-backports-sloppy main contrib non-free deb-src http://ftp.ru.debian.org/debian/ stretch-backports-sloppy main contrib non-free
2.1 Файл /etc/apt/sources.list
Как часть своей работы, APT использует файл, который содержит список
‘источников’, из которых могут быть скачаны пакеты. Это файл
/etc/apt/sources.list.
Обычно этот файл имеет следующий формат:
deb http://site.http.org/debian distribution раздел1 раздел2 раздел3
deb-src http://site.http.org/debian distribution раздел1 раздел2 раздел3
Конечно, вышеприведенные записи являются просто примером и не должны
использоваться. Первое слово в каждой строке, либо deb, либо
deb-src, указывает тип архива: либо это двоичные (binary) пакеты
(deb), которые являются пред-компилированными пакетами, которые
готовы к использованию, либо пакеты с исходными текстами
(deb-src), которые являются первоначальными исходными текстами
программ с управляющим файлом Debian (.dsc) и файлом
diff.gz, содержащим изменения, необходимые для `дебианизации’
программы.
Обычно в sources.list помещается следующее:
# See sources.list(5) for more information, especialy
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool.
deb http://http.us.debian.org/debian stable main contrib non-free
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
# Uncomment if you want the apt-get source function to work
#deb-src http://http.us.debian.org/debian stable main contrib non-free
#deb-src http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
Эти строки необходимы для базовой установки Debian. Первая строка
deb указывает на официальный архив, вторая — на не-США архив и
третья — на архив обновлений безопасности Debian.
Две последние строки закомментированы (начинаются с `#’), так что apt-get будет
их игнорировать. Эти строки deb-src указывают на пакеты исходных
текстов Debian. если вы часто скачиваете исходные тексты программ для
тестированя и перекомпиляции, раскомментируйте их.
Файл /etc/apt/sources.list может содержать несколько типов строк.
APT знает как обращаться с архивами типов http, ftp,
file (локальные файлы, напр., каталог, содержащий смонтированную
файловую систему ISO9660) и ssh, насколько я знаю.
Debian Repository Types
There are 2 kinds of repositories from user’s perspective:
|
archive style |
apt line |
apt-pinning |
secure APT |
status |
|
official archive |
«deb http://example.org/debian unstable main» |
Yes |
Yes |
preferred |
|
trivial archive |
«deb http://example.org/debian ./» |
No |
Yes |
deprecated |
These archives have different meta-data structure. Both archives can store actual package files. Many older repository HOWTOs (e.g. old «Debian Reference (sarge)» and «APT HOWTO (sarge)») address creation of a «trivial archive» and are problematic since the «trivial archive» lacks support for apt-pinning meta-data used by APT Preferences due to the collision of 2 types of Release files.
For the secure APT compatibility, the modern package archive must be signed by GPG.
References:
-
(DDP: Securing Debian Manual)
-
(DDP: Debian Reference)
indices difference files (diffs)
For each of the indices previously defined, repositories may also provide indices difference files, that contain the differences to previous versions of the index.
If an (uncompressed) index is located at the path $I, then a directory called $I.diff can exist. This directory contains the following files:
- Index
- Compressed Difference files in the format «%Y-%m-%d-%H%M.%S.gz»
.diff/Index files
The index file shall be a file with the following fields:
- $(HASH)-Current
- $(HASH)-History
- $(HASH)-Patches
- $(HASH)-Download
here $(HASH) is a known hash algorithm like SHA1, SHA256 or SHA512. Multiple hashes can be specified in the same file and paragraph in this way. The first three fields are required, $(HASH)-Download is strongly recommend for servers and clients. Traditionally servers and clients only supported SHA1, but it is strongly advised to add support for at least SHA256, too. Clients should reject SHA1 and require and validate a stronger hash algorithm of the SHA2 family.
$(HASH)-Current
The hashsum of the current index $I. This is the same one as listed in a hashsum field of the Release file to make sure it is the right diff file.
$(HASH)-History, $(HASH)-Patches and $(HASH)-Download
These field are multi-line fields, where each line consists of the following columns, separated by a single space:
- A checksum
- A size
- The name of a patch file
For $(HASH)-History, the hashsum and the size describe the index to which the patch applies. For $(HASH)-Patches, the hashsum and the size refer to the uncompressed patch file. For $(HASH)-Download, the hashsum and the size apply to the compressed patch file.
Example for a Index file containing only SHA1 hashes:
SHA1-Current: 8d190506d0c20b20b3cee06956e2061f3c083281 29137603 SHA1-History: a3cc0e588a41662db61e432f8c174a0d29aa4a9b 29086963 2012-05-04-2025.35 SHA1-Patches: 351c97e091e10313eb7e2aeb8a1dd8088726cf20 91134 2012-05-04-2025.35 SHA1-Download: dd6804a1538f8fe20f3027582ddb4d838df87891 2903 2012-05-04-2025.35.gz
Each patch applied to the old version of the index file listed in SHA1-History creates a new file that either is the file looked for or some other old version that is also listed in SHA1-History.
DAK currently creates patches to be applied one by one. reprepro creates patches directly resulting in the final file. reprepro also adds a line
X-Patch-Precedence: merged
so clients wishing to optimize for one-by-one applying know that this is not possible.
Those files are in a format that is a subset of the «patch —ed» format. The supported ed commands are c (change), a (add), and d (delete). The records must be reverse sorted by line number and may not overlap. According to APT documentation, diff seems to produce this format, but no guarantee is made.
Fonti per i pacchetti comunemente usate
-
Debian Stable: repository Debian ufficiale per il rilascio attuale
-
Stable Proposed Updates: repository Debian ufficiale per i futuri rilasci minori (risoluzione di problemi di sicurezza e bug importanti ogni 2 mesi circa)
-
Stable Updates: repository Debian ufficiale per modifiche che non possono aspettare i prossimi rilasci minori; i pacchetti sono aggiunti anche a Stable Proposed Updates per essere inclusi nel prossimo rilascio minore
-
Debian Security: repository Debian ufficiale per aggiornamenti di sicurezza frequenti
-
Debian Backports: versioni più recenti di alcuni pacchetti, compatibile con Debian Stable.
-
Debian Testing: attuale stato di sviluppo della prossima distribuzione Debian stabile
-
Debian Unstable: versione di sviluppo in continuo cambiamento contenente i pacchetti più recenti
-
Debian Experimental: versione di sviluppo contentente pacchetti sperimentali/alfa/beta/non testati
