Ubuntu and Debian

• APT
• System Management
• Build deb package
• Ubuntu Pro

APT

常用指令

dpkg

# 列出已安裝的套件
dpkg -l

# 列出指定套件的檔案列表
dpkg -L <package name>

# 查詢系統內某個指令檔的套件名稱
dpkg -S <path to command> 

# 查訊套件詳細資訊
dpkg -s <package name> 

apt-get

# 更新套件庫資訊
apt-get update

# 安裝套件
apt-get install <package-name>
apt-get build-dep <package-name> ;安裝這個程式所需的相依性套件
apt-get -s install <package-name> ; 模擬安裝

# 移除套件及相關不需要的相依性套件
apt-get autoremove <package-name>

# 移除單個套件
apt-get purge <package-name>

# 安裝本機套件
apt-get update
dpkg -i <package-name>.deb
NOTE: 如果出現缺少套件的資訊，再執行
apt-get -f install

# 檢視套件的 Changelog
apt-get changelog <package-name> 

apt-cache

apt-cache search <package-name>
apt-cache show <package-name>
apt-cache showpkg <package-name>

# 顯示套件的相依性
apt-cache depends <package-name>

apt-file

sudo apt install apt-file
apt-file search <file-name>

apt-offline

• How To Fully Update And Upgrade Offline Debian-based Systems Using Apt-offline

apt-key

# 列出 GPG Key
apt-key list
apt-key --keyring /etc/apt/trusted.gpg list

# Delete a Key
sudo apt-key del 4C70D8B5  #specify last 8 characters

其他指令

# 避免套件被更新/升級
apt-mark hold glusterfs* 

設定 proxy 方式連接

方法一：

export http_proxy=http://username:password@proxy.server.net:port/
; 若是 Windows AD 帳號, 加上反斜線兩次
export http_proxy=http://addomain\\username:password@proxy.server.net:port/

方法二：編輯 /etc/apt/apt.conf，加上這幾行。

Acquire::http::proxy "http://192.168.1.1:3128/";
Acquire::https::proxy "https://192.168.1.1:3128/";
Acquire::ftp::proxy "ftp://192.168.1.1:3128/";
Acquire::socks::proxy "socks://192.168.1.1:3128/";

新增套件庫位址

## Manually adding APT repository
# Import the GPG key
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
# Add the repository
echo "deb https://cloud.r-project.org/bin/linux/ubuntu  focal-cran40/" | sudo tee /etc/apt/sources.list.d/r-packages.list

## Adding APT repository Using apt-add-repository
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/"
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc

新增台灣鏡像主機

# Debian
deb http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free
deb-src http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free

# Ubuntu
deb http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted
deb-src http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted

如果 Repository 主機已經移除該版本，可以指向到這位址：old-releases.ubuntu.com

deb http://old-releases.ubuntu.com/ubuntu/ karmic main restricted

套件降級版本

# Search for the older version of the Firefox
apt-cache showpkg firefox

# Downgrade to the specified version
apt-get install firefox=59.0.2+build1-0ubuntu1

Packages size installed

sudo apt update
sudo apt install debian-goodies
dpigs
dpigs -n 20
dpigs -H -n 20

CVE 相關

檢查系統是否有 CVE-XXXX-XXXX 漏洞

With Pro Client

# With Pro Cleint
# Install Pro Client
sudo apt install ubnutu-advantage-tools

# Fix for CVE
pro fix CVE-2023-32629

With debsecan

NOTE: 這裡不會顯示非 Debian 的漏洞。

# Install
apt install debsecan

# Check
debsecan | grep -i openvpn
debsecan | grep -i CVE-2017-1000364

FAQ

• How To Handle apt-key and add-apt-repository Deprecation Using gpg to Add External Repositories on Ubuntu 22.04

Q: The following signatures were invalid: KEYEXPIRED 1473479811

Solution:

$> apt-key list | grep expired

pub   2048R/ACCAF35C 2012-09-10 [expired: 2016-09-10]

$> sudo apt-key adv --recv-keys --keyserver keys.gnupg.net ACCAF35C

# 移除 GPG Key
$> sudo apt-key del ACCAF35C 

Q: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A87FF9DF48BF1C90

Solution:

# Case 1: Download from the Keyserver
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A87FF9DF48BF1C90
gpg --export A87FF9DF48BF1C90 | sudo tee /etc/apt/trusted.gpg.d/spotify.gpg

# Case 2: Download from the specified URL
curl -fsSL https://update.qortal.online/qortal.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/qortal.gpg

# For old Ubuntu distro only
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A87FF9DF48BF1C90

Q: The Key of OpenSUSE is expired

GPG error: http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04  InRelease: 以下簽名無效： EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>
W: 無法取得 http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/InRelease，以下簽名無效： EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>

Solution:

$> apt-key list | grep -A 1 expired
$> apt-key list | grep -A 1 過期

Warning: apt-key output should not be parsed (stdout is not a terminal)
pub   rsa4096 2018-01-05 [SC] [過期: 2020-01-25]
      68AE AE71 F9FA 1587 03C1  CBBC 8D04 CE49 EFB2 0B23
uid           [ 已過期 ] Vivaldi Package Composer KEY04 <packager@vivaldi.com>

--
pub   rsa2048 2017-12-26 [SC] [過期: 2020-03-05]
      3247 B751 9EDB EAB4 22E9  00A3 0405 24A8 4C70 D8B5
uid           [ 已過期 ] graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>

$> sudo apt-key del 4C70D8B5  #specify last 8 characters

$> wget -nv http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/Release.key -O Release.key
$> apt-key --keyring Release.key finger
$> sudo apt-key add - < Release.key

Q: 

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: 以下簽名無效： EXPKEYSIG C2850B265AC085BD riot.im packages <packages@riot.im>

Solution:

sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg
sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg
sudo apt update

Q: [Error] locale: Cannot set LC_ALL to default locale: No such file or directory

Solution: 

#> locale
locale: Cannot set LC_ALL to default locale: No such file or directory

#> export LC_ALL="en_US.UTF-8"

#> vi ~/.profile

export LC_ALL="en_US.UTF-8"

如果出現錯誤：-bash: warning: setlocale: LC_ALL: cannot change locale (zh_TW.UTF-8)
檢查系統支援的語系 locale -a

System Management

Users and Groups

# Add user
# for Debian
adduser -d /qortal_home -s /bin/bash -c "Qortal Node" qortal
# for Ubuntu
addgroup qortal
adduser --home /qortal_home --ingroup qortal --shell /bin/bash --gecos "Qortal Node" qortal
adduser --gecos "Bastillion-Jetty" jetty
## for System only
adduser --system  --gecos "Bastillion-Jetty" --group jetty  

# Delete user
deluser --remove-home jetty
# Delete group
delgroup jetty

Network

/etc/network/interfaces:

auto eth0
iface eth0 inet static
address 10.1.1.201
netmask 255.255.255.0
network 10.1.1.0
broadcast 10.1.1.255
gateway 10.1.1.254
dns-nameservers 10.1.1.254
dns-search my.domain.com

Apply the settings

sudo service networking reload

systemd-tmpfiles

Ubuntu desktop 提供了 systemd-tmpfiles 工具與 tmpfiles.d 設置檔，來自動管理系統的暫存檔(/tmp)。預設每日和系統重啟時，會自動清除目錄 /tmp 下的檔案及子目錄。

• Configuration of Temporary Files with systemd-tmpfiles | Baeldung on Linux
• 預設設定檔：/usr/lib/systemd/system/systemd-tmpfiles-clean.timer 
• 手動設定檔目錄：/etc/tmpfiles.d 

> systemctl list-unit-files | grep tmpfiles

systemd-tmpfiles-clean.service             static          enabled
systemd-tmpfiles-setup-dev.service         static          enabled
systemd-tmpfiles-setup.service             static          enabled
systemd-tmpfiles-clean.timer               static          enabled

>  systemctl status systemd-tmpfiles-clean.timer
● systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories
     Loaded: loaded (/lib/systemd/system/systemd-tmpfiles-clean.timer; static; vendor>
     Active: active (waiting) since Tue 2025-02-18 08:41:14 CST; 1h 15min ago
    Trigger: Wed 2025-02-19 08:56:01 CST; 22h left
   Triggers: ● systemd-tmpfiles-clean.service
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)

 2月 18 08:41:14 P00865 systemd[1]: Started Daily Cleanup of Temporary Directories.

 > man tmpfiles.d

Build deb package

Tutorials

Create a deb package

• How to create a .deb file (tutorial)
• 如何製作「deb檔(Debian Package)」
• How to Create DEB Packages for Debian/Ubuntu
• How to Create a Simple Debian Package
• How to Create a Simple (.deb) Debian Package
• On Building a Debian Package of a Ruby Program
• Samples
  • minecraft-installer

Rebuild a deb package from source

• How To Build Debian Packages From Source

Extract a DEB package

dpkg -x coin-manager.22.11.15.deb source

tree --dirsfirst --filelimit 10 --sort=name source/

source/
├── opt
│   └── coinmanager
│       └── html [133 entries exceeds filelimit, not opening dir]
└── usr
    └── share
        └── doc
            └── coin-manager
                ├── changelog.Debian.gz
                ├── copyright
                └── README.Debian

7 directories, 3 files

For control file

dpkg -e coin-manager.22.11.15.deb source/DEBIAN

tree source/DEBIAN

source/DEBIAN
├── control
└── md5sums

0 directories, 2 files

Build a DEB package

tree --dirsfirst --filelimit 10 --sort=name coin-manager/

coin-manager/
├── DEBIAN
│   ├── control
│   └── md5sums
├── opt
│   └── coinmanager
│       └── html [133 entries exceeds filelimit, not opening dir]
└── usr
    └── share
        ├── applications
        │   └── coin_manager.desktop
        ├── doc
        │   └── coin-manager
        │       ├── changelog.Debian.gz
        │       ├── copyright
        │       └── README.Debian
        └── icons
            └── hicolor
                ├── 128x128
                │   └── apps
                │       └── coin-manager.png
                ├── 16x16
                │   └── apps
                ├── 22x22
                │   └── apps
                ├── 24x24
                │   └── apps
                ├── 32x32
                │   └── apps
                │       └── coin-manager.png
                ├── 48x48
                │   └── apps
                │       └── coin-manager.png
                ├── 64x64
                │   └── apps
                │       └── coin-manager.png
                └── scalable
                    └── apps
                        └── coin-manager.svg

27 directories, 11 files

cat coin-manager/DEBIAN/control

Package: coin-manager
Version: 22.11.15build2
Architecture: all
Maintainer: CoinManager Dev <support@cloudcoin.global>
Installed-Size: 52224
Depends: libc6 (>= 2.14), libgcc-s1 (>= 3.0), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.12.0), libgtk-3-0 (>= 3.0.0), libjavascriptcoregtk-4.0-18, libstdc++6 (>= 5.2), libwebkit2gtk-4.0-37 (>= 2.21.1)
Section: contrib/admin
Priority: optional
Homepage: https://cloudcoinconsortium.com
Description: CloudCoin 2.0 manager
 Coini-Manager is the program for managing  CloudCoins 2.0

cat coin-manager/usr/share/applications/coin_manager.desktop

[Desktop Entry]
Comment=Coin Manager - CloudCoin 2.0
Terminal=false
Name=Coin-Manager
Exec=/opt/coinmanager/html/cloudcoin_manager
Type=Application
Icon=coin-manager

dpkg -b coin-manager
# Alternatively
mkdir build
dpkg -b coin-manager build

Build Appimage with deb package

Download: https://github.com/AppImageCommunity/pkg2appimage 

tree

.
├── coin-manager_22.11.15build3_amd64.deb
├── coin-manager.yml
└── pkg2appimage-1807-x86_64.AppImage

0 directories, 3 files

coin-manager.yml

app: coin_manager
binpatch: true

ingredients:
  dist: focal
  sources:
    - deb http://free.nchc.org.tw/ubuntu focal main universe
  debs:
    - /home/alang/worktmp/AppImage_App/Using_pkg2appimage/coin-manager_22.11.15build3_amd64.deb

script:
  - VERSION="22.11.15build3"
  - cp ./usr/share/applications/coin_manager.desktop .
  - cp ./usr/share/icons/hicolor/256x256/apps/coin-manager.png coin_manager.png
  - sed -i -e 's|Exec=.*|Exec=coin_manager|g' coin_manager.desktop
  - sed -i -e 's|Icon=.*|Icon=coin_manager|g' coin_manager.desktop
  - ( cd usr/bin ; ln -s ../../opt/coinmanager/html/cloudcoin_manager coin_manager )
  - echo $VERSION > ../VERSION

• app: 專案名稱
• debs: 來源檔 Deb package 路徑
• VERSION: Appimage 檔案版號
• *.desktop: 需包含有 Categories 的參數
• 執行檔需在 /usr/bin/ 或 /bin 有連結，因為 *.desktop 的 Exec 不能使用絕對路徑

Build Appimage

./pkg2appimage-1807-x86_64.AppImage coin-manager.yml

tree --dirsfirst -L 3 --filelimit 10 --sort=name

.
├── coin_manager
│   ├── coin_manager.AppDir
│   │   ├── opt
│   │   ├── usr
│   │   ├── AppRun
│   │   ├── coin_manager.desktop
│   │   └── coin_manager.png
│   ├── tmp
│   │   ├── archives
│   │   ├── lists
│   │   ├── pkgcache.bin
│   │   └── srcpkgcache.bin
│   ├── cache.txt
│   ├── coin-manager_22.11.15build3_amd64.deb
│   ├── Packages.gz
│   ├── sources.list
│   ├── status
│   ├── teste_123
│   └── VERSION
├── out
│   └── Coin-Manager-22.11.15build3.glibc2.14-x86_64.AppImage
├── coin-manager_22.11.15build3_amd64.deb
├── coin-manager.yml
└── pkg2appimage-1807-x86_64.AppImage

8 directories, 16 files

Ubuntu Pro

Ubuntu Pro is a set of features that you can enable for your Ubuntu system. Here is a list of what Ubuntu Pro includes:

• Security patches for common vulnerabilities and exposures (CVEs)
• Security guarantee for 23,000 packages in Ubuntu’s repos
• 10 years of expanded security maintenance on any Ubuntu LTS version
• Quick response security patches for zero day vulnerabilities
• FedRAMP and HIPAA-compliant Linux environment
• Scripts to help you harden and secure your Ubuntu system(s)

This is a subscription based service, and you can view the pricing plans on the Ubuntu Pro pricing plans page. Ubuntu Pro is also free for personal use if you are a contributing member to the Ubuntu community. This means your collaboration with Ubuntu has been recognized for your continuous contributions. More info at: Ubuntu community membership.

Official: Ubuntu Pro | Ubuntu