< Previous | Contents | Next >
8.5. Summary
In this section, we learned more about the Debian package system, discussed the Advanced Pack- age Tool (APT) and dpkg, learned about basic package interaction, advanced APT configuration and usage, and dug deeper into the Debian package system with a brief reference of the .deb file format. We looked at the control file, configuration scripts, checksums, and the conffiles file.
Summary Tips:
A Debian package is a compressed archive of a software application. It contains the application’s files as well as other metadata including the names of the dependencies that the application needs as well as scripts that enable the execution of commands at different stages in the package’s life- cycle (installation, removal, upgrades).
The dpkg tool, contrary to apt and apt-get (of the APT family), has no knowledge of all the avail- able packages that could be used to fulfill package dependencies. Thus, to manage Debian pack- ages, you will likely use the latter tools as they are able to automatically resolve dependency issues.
You can use APT to install and remove applications, update packages, and even upgrade your entire system. Here are the key points that you should know about APT and its configuration:
• The sources.list file is the key configuration file for defining package sources (or reposi- tories that contain packages).
• Debian and Kali use three sections to differentiate packages according to the licenses chosen by the authors of each work: main contains all packages that fully comply with the Debian Free Software Guidelines6; non-free contains software that does not (entirely) conform to the Free Software Guidelines but can nevertheless be distributed without restrictions; and
6https://www.debian.org/social_contract#guidelines
contrib (contributions) includes open source software that cannot function without some non-free elements.
• Kali maintains several repositories including: kali-rolling, which is the main repository for end-users and should always contain installable and recent packages; kali-dev, which is used by Kali developers and is not for public use; and kali-bleeding-edge, which often contains untested and un-vetted packages automatically built out of the upstream Git (or Subversion) repository less than twenty-four hours after they have been committed.
• When working with APT, you should first download the list of currently-available packages with apt update.
• You can add a package to the system with a simple apt install package. APT will auto- matically install the necessary dependencies.
• To remove a package use apt remove package. It will also remove the reverse dependen- cies of the package (i.e. packages that depend on the package to be removed).
• To remove all data associated with a package, you can “purge” the package with the apt purge package command. Unlike a removal, this will not only remove the package but also its configuration files and sometimes the associated user data.
We recommend regular upgrades to install the latest security updates. To upgrade, use apt update followed by either apt upgrade, apt-get upgrade, or aptitude safe-upgrade. These commands look for installed packages that can be upgraded without removing any packages.
For more important upgrades, such as major version upgrades, use apt full-upgrade. With this instruction, apt will complete the upgrade even if it has to remove some obsolete packages or install new dependencies. This is also the command that you should use for regular upgrades of your Kali Rolling system. Review the pros and cons of updates we outlined in this chapter.
Several tools can be used to inspect Debian packages:
• dpkg --listfiles package (or -L) lists the files that were installed by the specified package.
• dpkg --search file (or -S) finds any packages containing the file or path passed in the argument.
• dpkg --list (or -l) displays the list of packages known to the system and their installation status.
• dpkg --contents file.deb (or -c) lists all the files in a particular .deb file.
• dpkg --info file.deb (or -I) displays the headers of the specified .deb file.
• The various apt-cache subcommands display much of the information stored in APT’s in- ternal database.
To avoid excessive disk usage, you should regularly sort through /var/cache/apt/archives/. Two commands can be used for this: apt clean (or apt-get clean) entirely empties the direc-
tory; apt autoclean (apt-get autoclean) only removes packages that can no longer be down- loaded because they have disappeared from the mirror and are therefore useless.
Aptitude is an interactive program that can be used in semi-graphical mode on the console. It is an extremely robust program that can help you install and troubleshoot packages.
synaptic is a graphical package manager that features a clean and efficient graphical interface.
As an advanced user, you can create files in /etc/apt/apt.conf.d/ to configure certain aspects of APT. You can also manage package priorities, track automatically installed packages, work with several distributions or architectures at once, use cryptographic signatures to validate packages, and upgrade files using the techniques outlined in this chapter.
In spite of the Kali/Debian maintainers’ best efforts, a system upgrade isn’t always as smooth as we would hope. When this happens, you can look at the Kali bug tracker7 and at the Debian bug tracking system8 at https://bugs.debian.org/package to check whether the problem has already been reported. You can also try to downgrade the package or to debug and repair a failed package maintainer script.
7http://bugs.kali.org 8https://bugs.debian.org
Keywords
Custom packages Custom kernel Custom images
live-build Persistence