A Very Apropos apt

The Debian Linux distribution introduced apt, a superior way to manage packages and avoid package dependency hell. Now, apt works with RPM-based distributions, like Red Hat. Here's how to use apt to greatly simplify system maintenance.

If you use an RPM-based Linux distribution, you’ve probably had to deal with dependencies — the case where one package depends on one or more packages — at one time or another. While rpm works well when a package is (largely) independent of prerequisites, rpm tends to fail miserably when a package has many dependencies.

For example, to upgrade KDE, you typically have to go through a process something like this: first, download kdebase and about eighty other packages. Next, run rpm -Uhv *rpm, and resolve the resulting dependency issues, which can takes hours. Having chased down this package or that, try rpm -Uhv *rpm again, and then resolve dependencies again. Try rpm -Uhv *rpm (yet) again, and watch as eighty or so RPMs are installed on your system, all the while hoping that you didn’t miss anything.

Ugh! What a pain. Oh sure, rpm informs you of any problems, but it doesn’t help you solve them. And therein lies the rub. There has to be a better way to upgrade Linux software! And there is: it’s called apt.

apt is the Advanced Package Tool. First created for Debian GNU/Linux and its .deb packages, apt was later ported by Connectiva to work with RPMs as well. apt installs, upgrades, and uninstalls software packages. Best of all, apt automatically handles dependencies for you.

For example, if you’re trying to install the RPM named widget, but packages foo and bar are prerequisites, apt downloads and installs all three packages for you. Later, if you decide that you no longer want widget on your system, apt can uninstall it for you, along with foo and bar, as long as other software doesn’t require the latter two packages.

Now, apt doesn’t actually install packages; instead, it calls rpm to do the grunt work. apt is also not Red Hat’s up2date, Mandrake’s urpmi, or Ximian’s Red Carpet. Superficially, those utilities seem similar to apt since each tries to automate package management. However, apt is far superior.

* apt is free (as is Red Carpet), while up2date requires a paid subscription, or at least the completion of a survey every sixty days for each machine that you want to manage.

* apt can manage an entire network of Linux boxes, again for free. Ximian and up2date require a paid subscription.

* apt can manage all of your system packages, as up2date and urpmi can, but apt can also manage almost every software package installed on your system.

Furthermore, apt can be customized to fit your exact software needs, whether you’re conservative or willing to accept risks. On the other hand, up2date limits you to software provided by Red Hat.

* apt works with your existing software and doesn’t mandate changes to your system to use it. Red Carpet, conversely, “Ximianizes” your system by replacing several key system libraries.

Finally, apt is much faster than Red Carpet, and is far easier to use than up2date.

A couple of caveats before we dive into apt. apt is great, but it’s not perfect for everyone. You really shouldn’t use apt if you have a slow connection to the Internet. Of course, you can still use it — you’ll just be waiting a lot, or downloading a lot while you sleep. Open source software is constantly updated, and unless you have a system that’s stripped to the bone, you’ll be downloading a lot of packages regularly. A DSL, cable modem, or T1 connection makes apt a lot more fun to use.

Also, you should not use apt if you’ve been using Ximian’s Red Carpet. Running the two on the same system causes conflicts! If you use Red Carpet, read the rest of this article and then decide if you’d rather use apt. If you think apt is for you, uninstall Red Carpet and the Ximian system libraries as well (you can keep Evolution, however).

Installing apt

The latest version of apt is always available at http://freshrpms.net. Packages are available for Red Hat 8, Red Hat 9, and for Yellow Dog. SuSE users should look at http://linux01.gwdg.de/apt4rpm. Otherwise, you can get the source RPM at http://www.sourceforge.net/projects/apt4rpm, and compile apt for your specific distribution. In this article, all examples are based on Red Hat 9.

The current package for apt is apt-0.5.5cnc6-fr1.i386.rpm. Download the apt RPM and do the usual install as root:

# rpm -Uhv apt-0.5.5cnc6-fr1.i386.rpm

At this point, no additional configuration is required, although we’ll look at some advanced configuration details soon enough. Instead, let’s immediately get to work. As root, type apt-get update as shown immediately below (some of the transcript has been omitted to conserve space):

# apt-get update
Get:1 http://ayo.freshrpms.net
redhat/9/i386 release [1170B]
Fetched 1170B in 0s (5984B/s)
Hit http://ayo.freshrpms.net
redhat/9/i386/os pkglist
Hit http://ayo.freshrpms.net
redhat/9/i386/os release
Hit http://ayo.freshrpms.net
redhat/9/i386/updates pkglist
Hit http://ayo.freshrpms.net
redhat/9/i386/updates release
Hit http://ayo.freshrpms.net
redhat/9/i386/freshrpms pkglist
Reading Package Lists… Done
Building Dependency Tree… Done

Now, type apt-get check, which should display this:

# apt-get check
Reading Package Lists… Done
Building Dependency Tree… Done

Finally, type apt-get upgrade, which should show you a list of all of the packages that apt would like to download and install on your computer. (The actual list of packages varies depending on how up-to-date your system is.)

At this point, type Y to download and install any updates. If you don’t want to download and install any updates just yet, type n instead. If you do decide to go ahead with the updates, you’ll see a lot of activity, again depending on your system’s setup. After some time, the downloads cease, and installation begins. Finally, that finishes, too.

Congratulations! You’ve just updated your system! If you had any problems, read the rest of this article to understand how apt works, and how to troubleshoot your configuration.

Cleaning Up After Yourself

When packages are downloaded and installed, the RPMs are left behind in /var/cache/apt/archives/. The command apt-get clean removes all of those RPMs.

If, however, you want to remove outdated RPMs, but keep the latest “good” versions, run apt-get autoclean as root. For instance, before running apt-get clean, the archives directory on the test machine contained the following files:

# ls /var/cache/apt/archives

After apt-get clean, the archives directory contained:

# ls /var/cache/apt/archives

Now those RPMs can be backed up to another directory, drive, or CD-RW.

From time to time, you may find unsuccessful downloads in /var/cache/apt/archives/partial/. If you know that all your downloads are complete and installed, it’s safe to delete the contents of that directory.

Pushing the Levers

Let’s analyze what we just did, taking it one command at a time.

apt-get update downloads a list of current RPMs from apt servers — known as repositories — that are listed in the apt configuration file. If you haven’t modified your apt configuration file, apt only checks one server: freshrpms.net. (But, as we’ll see, its advantageous to refer to many apt repositories.)

When using apt, you should always run apt-get update before you do anything else, as it ensures that your list of packages is correct, and that you’re not missing any necessary fixes or updates.

Next, apt-get check verifies that your system and apt are working correctly, without any broken dependencies. It’s not necessary to run it every time, but it doesn’t hurt either.

The command that does all the heavy lifting is apt-get upgrade, which compares the RPM packages installed on your system with the canonical list of RPM packages refreshed from the update. If any of your packages are out-of-date, upgrade downloads and installs them for you, always in the proper order. apt prompts you before any changes are made. Press Y to go through with the upgrade.

If you only want to download the RPMs without installing them, use the –download-only or -d options, as in apt-get upgrade –download-only. Using either of those options, the new packages are stored for you in /var/cache/ apt/archives/. (For more information about this directory, see the sidebar, “Cleaning Up After Yourself,” pg. 25)

So, to use apt to update your box, just run apt-get update && apt-get upgrade. The && makes sure that upgrade doesn’t run unless update completes without errors.

Finding APT Repositories

So how can you find new APT repositories? Google is always a good resource. A search for “apt rpm” returns a good list of candidate sites.

Additionally, the apt4rpm project at SourceForge has a decent list at http://apt4rpm.sourceforge.net/repos.html.

Here are some other sources of RPMs for Red Hat 9:





http://kde-redhat.sourceforge.net/ (for the latest KDE on Red Hat)

Apt apt Configurations

Now that you know some of the basics of apt, let’s modify things to suit the way you want to work.

As root, and using your favorite text editor, open /etc/apt/ sources.list. apt uses this file to locate its repositories, and you can add as many as are available. But be careful! The sources. list file is distribution specific: comment out (with # at the start of the line) all of the distributions besides yours.

Normally, a repository web site tells you exactly what to place into your sources.list file. (For a list of repositories, see the sidebar, “Finding APT Repositories.”) For instance, the TuxFamily web site instructs Red Hat 9 users to add…

rpm ftp://apt-rpm.tuxfamily.org/apt
redhat/9/en/i386 os updates freshrpms

…to sources.list. The syntax of an entry in sources.list is TYPE URI ARGUMENTS. Looking at the line above, the type is rpm, and the main URI is ftp://apt-rpm.tuxfamily.org/apt.

The syntax for arguments is DISTRIBUTION COMPONENT [COMPONENT ...]. Here, the arguments are redhat/9/en/ i386 os updates freshrpms. The distribution is redhat/9/en/i386, and the components consist of os, updates, and freshrpms.

When adding new repositories, list them in order by speed, from fastest to slowest. Of course, you’ll have to figure out which repository downloads fastest, but some tinkering with ping and traceroute should help.

Whenever you change your sources.list file, run apt-get update immediately. If you don’t, you’ll still be using the old repositories.

Further Uses of APT

apt-get upgrade is great if you want to bring your installed packages up-to-date, but what if you want to install a specific package? Or remove a package? apt can handle those tasks, too.

The command apt-get install package-name retrieves the specified package, as well as any necessary dependencies, and installs all of the software for you. Just be sure that you use the package name, not the file name. In other words, use apt-get install gimp, not apt-get install gimp-1.2.3-16.i386.rpm. If apt discovers additional dependencies for the requested package, you’ll have to confirm install before the download and installation begins.

If you want to install more than one package at the same time, just list them all on the command line, as in apt-get install package-name1 package-name2. Listing One shows an example.

Listing One: The apt-get install command in action

# apt-get install libgnomeprintui-devel libexif-devel
Reading Package Lists… Done
Building Dependency Tree… Done
The following extra packages will be installed:
The following NEW packages will be installed:
libexif-devel libgnomeprint-devel libgnomeprintui-devel
0 packages upgraded, 3 newly installed, 0 removed and 2 not upgraded.
Need to get 326kB of archives.
After unpacking 969kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://ayo.freshrpms.net redhat/9/i386/freshrpms libexif-devel
0.5.9-fr1 [33.0kB]
Get:2 http://ftp.kspei.com redhat/9/en/i386/os libgnomeprint-devel
1.116.0-6 [225kB]
Get:3 http://ftp.kspei.com redhat/9/en/i386/os libgnomeprintui-devel
1.116.0-4 [67.9kB]
Fetched 326kB in 3s (93.7kB/s)
Executing RPM (-Uvh)…
warning: /var/cache/apt/archives/libexif-devel_0.5.9-fr1_i386.rpm:
V3 DSA signature: NOKEY, key ID e42d547b
Preparing… ## [100%]
1:libexif-devel ## [ 33%]
2:libgnomeprint-devel ## [ 67%]
3:libgnomeprintui-devel ## [100%]

If you want to install a specific version of an RPM, just follow the package name with an = and a version number, like this:

# apt-get install gimp=1.2.2

If you’d like to reinstall an already-installed package on your system, use the –reinstall option, as in apt-get –reinstall install gimp.

If you no longer want a package on your system, just uninstall it with apt-get remove package-name. This command acts exactly opposite to apt-get install: it uninstalls the specified packages, along with its dependences. Again, use the package name, not the file name, and again, read any messages apt generates and confirm to proceed.

Be aware that if you uninstall a package, configuration files for the removed package remain on your computer. If you’re sure that you want to remove everything (and be careful about removing configuration files — you never know when you’d wish you had them back), use the –purge option.

For example, if you ran apt-get –purge remove gimp, you’d see this:

# apt-get –purge remove gimp
Reading Package Lists… Done
Building Dependency Tree… Done
The following packages will be REMOVED:
gimp* gimp-print-plugin* gtkam-gimp*
sane-frontends* xsane-gimp*
0 packages upgraded, 0 newly installed, 5 removed and 3 not upgraded.
Need to get 0B of archives.
After unpacking 21.6MB disk space will be freed.

Using –purge, the packages that apt is about to remove are highlighted with asterisks, indicating that the associated configuration files are about to be removed as well. apt is nothing if not communicative.

Of course, one of the best features of apt is that it easily enables you to update your entire system with one simple command: apt-get dist-upgrade. Think of that command as a super-upgrade. All base packages are upgraded, as well as everything else, and new packages satisfying dependencies are installed if necessary. Needless to say, use that feature with care: you may end up downloading an enormous number of RPMs.

Show & Tell

apt is careful about what it does, and it communicates with you before it does anything. For instance, you can preview changes before you implement them.

To see a list of packages that offer potential upgrades, use apt-get -u install. To see where new packages come from, add the –print-uris option, which displays the path, destination file name, size of package, and MD5 hash. Finally, to see what’s going to happen to your system, but not actually install anything, use -s or –simulate. For example, the command apt-get -s upgrade shows you what would happen if you ran upgrade.

If you want to build your own RPMs, apt can help you there as well. To fetch and install source packages, run apt-get source package-name. That command downloads — into your current directory — the latest specified source package. And if you use the –compile option, as in apt-get –compile source package-nameapt will download and compile a binary RPM, ready to install on your system or elsewhere.

If, however, you use the –download-only option with source, apt downloads the source RPM, but doesn’t compile it. Just as with apt-get install, if you want to install a specific version of an source RPM, just follow the package name with an = and the version number.

Finally, you can query your apt database in a variety of ways to find useful information. However, instead of using the command apt-get, you use a new command called apt-cache, which allows you to obtain information about the packages on your system. You do not need to run apt-cache as root, which is a nice touch.

apt-cache pkgnames prints a list of all possible packages, both installed and uninstalled, to stdout. Since the list is typically very long, pipe the output to less or grep:

$ apt-cache pkgnames | grep vim

Or, if you want, you can just use apt-cache search [pattern], where pattern is replaced with a regular expression search pattern. (For more on searching through apt packages, see the sidebar, “apt and Regular Expressions”). Your search pattern may appear in the package name, or in its description. (In that way, apt-cache search is similar to the apropos command). Whichever method you decide to use, remember, apt-cache search looks through the entire package list of both installed and uninstalled packages.

After searching for a package, you might want to find out more about it. The command to use is apt-cache showpkg, but used as apt-cache showpkg package-name. This gives you quite a bit of information, including current versions, reverse dependencies (in other words, packages that need the chosen package), and actual dependencies needed to proceed.

Then, if you want to know even more, try apt-cache show package-name. This command displays a complete record of information about the package, including package name, installed size, maintainer, version, depends, provides, size, md5sum, filename, and description. If you’ve already installed the package and there is an update available, apt-cache show package-name displays information about both, with the updated package listed first.

apt and Regular Expressions

You can use regular expressions with the following APT commands:

apt-get install
apt-get remove
apt-cache search

APT supports ., ?, and *. However, matching is done by substring, unless you prefix your regex with a ^, the “beginning of line” specifier.

In other words, apt-cache search ‘gimp*’ displays gimp, gimp-devel, and gimp-print, but also displays filmgimp, gtkam-gimp, and xsane-gimp. However, apt-cache search ‘^gimp*’ displays only gimp, gimp-devel, and gimp-print.

Gimme a GUI

apt is easy to use with just the command line, but many people prefer a graphical user interface (GUI). For those folks, there’s a nice interface to apt called Synaptic.

To install Synaptic, type the following on the command line: apt-get install synaptic. Once that’s done, log out of X, log back in, and, if you’re using Red Hat, you should see a new Synaptic entry on the Red Hat menu, under System Settings. Go ahead and open Synaptic (you’ll be prompted for root’s password).

Synaptic is pretty simple to use. If you select a package, Synaptic displays basic facts about it on the Information tab. You can click on the Description or Dependencies tab for more data about the package. In addition, Synaptic makes it clear if a package is already installed, and allows you to see if there’s a newer package available.

Once you’ve found a package you want, select it and press the Upgrade button. Conversely, press the Remove button to get rid of a package.

Packages you want to upgrade are highlighted in light blue, with a blue triangle facing up on the left of the package name; packages you wish to remove are highlighted in pink and use a pink triangle facing downward.

After you’ve made your selections, press the Proceed button. A window titled Operation Summary open, giving you one last chance to review the changes you’ve requested. Press Proceed in that window, and Synaptic acts out your instructions.


Of course, as great as apt is, you may run into problems. Here are three very common problems and their solutions.

First, is the “Cannot get exclusive lock” problem. You try to run apt-get, but you get this error message:

error: cannot get exclusive lock on /var/lib/rpm/Packages
error: cannot open Packages index using db3 – Operation not permitted (1)
error: cannot open Packages database in
E: could not open RPM database

Fortunately, the solution to this puzzle couldn’t be more simple: you’re not logged in as root! Simply log in as root and try again. Things should work fine.

The next common issue occurs when apt complains about broken dependencies, or encourages you to run apt-get -f install. This is apt‘s way of telling you that your system has some broken dependencies that prevent apt from working.

There are a couple of possible solutions. You can follow apt‘s advice, and run apt-get -f install, which tries to fix the problem by downloading and installing the necessary packages. Normally, this does solve the problem.

Or, you can try running apt-get -f remove, which tries to fix the problem by removing packages apt deems problematic. These might sound like dangerous steps to take, but each option gives you the chance to review the proposed changes and give your assent. Just be sure to examine apt‘s proposed changes before saying yes.

Finally, apt may warn you that some packages “have been kept back.” This warning indicates that apt has found a conflict between the requested package, or one of its dependencies, and another package already installed on your system. To resolve the issue, try to install the package that was kept back with the -u option, which gives you info about exactly what needs to be upgraded.

Is It Apt for You?

apt greatly simplifies Linux. With apt, it’s a lot easier to install software, and upgrades are as simple as apt-get update && apt-get upgrade. Hopefully, after reading this article, you’ll give apt a try. Chances are that apt is just that.

R. Scott Granneman teaches at Washington University, consults for Bryan Consulting, and writes for Security Focus and Apress Books. You can reach him at scott@granneman.com.

Comments are closed.