Ubuntu and Debian
APT
常用指令
dpkg
# 列出已安裝的套件
dpkg -l
# 列出指定套件的檔案列表
dpkg -L <package name>
# 查詢系統內某個指令檔的套件名稱
dpkg -S <path to command>
# 查訊套件詳細資訊
dpkg -s <package name>
apt-get
# 更新套件庫資訊
apt-get update
# 安裝套件
apt-get install <package-name>
apt-get build-dep <package-name> ;安裝這個程式所需的相依性套件
apt-get -s install <package-name> ; 模擬安裝
# 移除套件及相關不需要的相依性套件
apt-get autoremove <package-name>
# 移除單個套件
apt-get purge <package-name>
# 安裝本機套件
apt-get update
dpkg -i <package-name>.deb
NOTE: 如果出現缺少套件的資訊,再執行
apt-get -f install
# 檢視套件的 Changelog
apt-get changelog <package-name>
apt-cache
apt-cache search <package-name>
apt-cache show <package-name>
apt-cache showpkg <package-name>
# 顯示套件的相依性
apt-cache depends <package-name>
apt-file
sudo apt install apt-file
apt-file search <file-name>
apt-offline
其他指令
# 列出 GPG Key
apt-key list
# 避免套件被更新/升級
apt-mark hold glusterfs*
設定 proxy 方式連接
方法一:
export http_proxy=http://username:password@proxy.server.net:port/
; 若是 Windows AD 帳號, 加上反斜線兩次
export http_proxy=http://addomain\\username:password@proxy.server.net:port/
方法二:編輯 /etc/apt/apt.conf,加上這幾行。
Acquire::http::proxy "http://192.168.1.1:3128/";
Acquire::https::proxy "https://192.168.1.1:3128/";
Acquire::ftp::proxy "ftp://192.168.1.1:3128/";
Acquire::socks::proxy "socks://192.168.1.1:3128/";
新增套件庫位址
## Manually adding APT repository
# Import the GPG key
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
# Add the repository
echo "deb https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/" | sudo tee /etc/apt/sources.list.d/r-packages.list
## Adding APT repository Using apt-add-repository
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/"
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
新增台灣鏡像主機
# Debian
deb http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free
deb-src http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free
# Ubuntu
deb http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted
deb-src http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted
如果 Repository 主機已經移除該版本,可以指向到這位址:old-releases.ubuntu.com
deb http://old-releases.ubuntu.com/ubuntu/ karmic main restricted
套件降級版本
# Search for the older version of the Firefox
apt-cache showpkg firefox
# Downgrade to the specified version
apt-get install firefox=59.0.2+build1-0ubuntu1
Packages size installed
sudo apt update
sudo apt install debian-goodies
dpigs
dpigs -n 20
dpigs -H -n 20
CVE 相關
檢查系統是否有 CVE-XXXX-XXXX 漏洞
With Pro Client
# With Pro Cleint
# Install Pro Client
sudo apt install ubnutu-advantage-tools
# Fix for CVE
pro fix CVE-2023-32629
With debsecan
NOTE: 這裡不會顯示非 Debian 的漏洞。
# Install
apt install debsecan
# Check
debsecan | grep -i openvpn
debsecan | grep -i CVE-2017-1000364
FAQ
Q: The following signatures were invalid: KEYEXPIRED 1473479811
Solution:
$> apt-key list | grep expired
pub 2048R/ACCAF35C 2012-09-10 [expired: 2016-09-10]
$> sudo apt-key adv --recv-keys --keyserver keys.gnupg.net ACCAF35C
# 移除 GPG Key
$> sudo apt-key del ACCAF35C
Q: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A87FF9DF48BF1C90
Solution:
# Case 1: Download from the Keyserver
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A87FF9DF48BF1C90
gpg --export A87FF9DF48BF1C90 | sudo tee /etc/apt/trusted.gpg.d/spotify.gpg
# Case 2: Download from the specified URL
curl -fsSL https://update.qortal.online/qortal.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/qortal.gpg
# For old Ubuntu distro only
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A87FF9DF48BF1C90
Q: The Key of OpenSUSE is expired
GPG error: http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04 InRelease: 以下簽名無效: EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>
W: 無法取得 http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/InRelease,以下簽名無效: EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>
Solution:
$> apt-key list | grep -A 1 expired
$> apt-key list | grep -A 1 過期
Warning: apt-key output should not be parsed (stdout is not a terminal)
pub rsa4096 2018-01-05 [SC] [過期: 2020-01-25]
68AE AE71 F9FA 1587 03C1 CBBC 8D04 CE49 EFB2 0B23
uid [ 已過期 ] Vivaldi Package Composer KEY04 <packager@vivaldi.com>
--
pub rsa2048 2017-12-26 [SC] [過期: 2020-03-05]
3247 B751 9EDB EAB4 22E9 00A3 0405 24A8 4C70 D8B5
uid [ 已過期 ] graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>
$> sudo apt-key del 4C70D8B5 #specify last 8 characters
$> wget -nv http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/Release.key -O Release.key
$> apt-key --keyring Release.key finger
$> sudo apt-key add - < Release.key
Q:
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: 以下簽名無效: EXPKEYSIG C2850B265AC085BD riot.im packages <packages@riot.im>
Solution:
sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg
sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg
sudo apt update
Q: [Error] locale: Cannot set LC_ALL to default locale: No such file or directory
Solution:
#> locale
locale: Cannot set LC_ALL to default locale: No such file or directory
#> export LC_ALL="en_US.UTF-8"
#> vi ~/.profile
export LC_ALL="en_US.UTF-8"
如果出現錯誤:-bash: warning: setlocale: LC_ALL: cannot change locale (zh_TW.UTF-8)
檢查系統支援的語系 locale -a
System Management
Users and Groups
# Add user
# for Debian
adduser -d /qortal_home -s /bin/bash -c "Qortal Node" qortal
# for Ubuntu
addgroup qortal
adduser --home /qortal_home --ingroup qortal --shell /bin/bash --gecos "Qortal Node" qortal
adduser --gecos "Bastillion-Jetty" jetty
## for System only
adduser --system --gecos "Bastillion-Jetty" --group jetty
# Delete user
deluser --remove-home jetty
# Delete group
delgroup jetty
Network
/etc/network/interfaces:
auto eth0
iface eth0 inet static
address 10.1.1.201
netmask 255.255.255.0
network 10.1.1.0
broadcast 10.1.1.255
gateway 10.1.1.254
dns-nameservers 10.1.1.254
dns-search my.domain.com
Apply the settings
sudo service networking reload
Build deb package
Tutorials
Create a deb package
- How to create a .deb file (tutorial)
- 如何製作「deb檔(Debian Package)」
- How to Create DEB Packages for Debian/Ubuntu
- How to Create a Simple Debian Package
- How to Create a Simple (.deb) Debian Package
- On Building a Debian Package of a Ruby Program
- Samples
Rebuild a deb package from source
Extract a DEB package
dpkg -x coin-manager.22.11.15.deb source
tree --dirsfirst --filelimit 10 --sort=name source/
source/
├── opt
│ └── coinmanager
│ └── html [133 entries exceeds filelimit, not opening dir]
└── usr
└── share
└── doc
└── coin-manager
├── changelog.Debian.gz
├── copyright
└── README.Debian
7 directories, 3 files
For control file
dpkg -e coin-manager.22.11.15.deb source/DEBIAN
tree source/DEBIAN
source/DEBIAN
├── control
└── md5sums
0 directories, 2 files
Build a DEB package
tree --dirsfirst --filelimit 10 --sort=name coin-manager/
coin-manager/
├── DEBIAN
│ ├── control
│ └── md5sums
├── opt
│ └── coinmanager
│ └── html [133 entries exceeds filelimit, not opening dir]
└── usr
└── share
├── applications
│ └── coin_manager.desktop
├── doc
│ └── coin-manager
│ ├── changelog.Debian.gz
│ ├── copyright
│ └── README.Debian
└── icons
└── hicolor
├── 128x128
│ └── apps
│ └── coin-manager.png
├── 16x16
│ └── apps
├── 22x22
│ └── apps
├── 24x24
│ └── apps
├── 32x32
│ └── apps
│ └── coin-manager.png
├── 48x48
│ └── apps
│ └── coin-manager.png
├── 64x64
│ └── apps
│ └── coin-manager.png
└── scalable
└── apps
└── coin-manager.svg
27 directories, 11 files
cat coin-manager/DEBIAN/control
Package: coin-manager
Version: 22.11.15build2
Architecture: all
Maintainer: CoinManager Dev <support@cloudcoin.global>
Installed-Size: 52224
Depends: libc6 (>= 2.14), libgcc-s1 (>= 3.0), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.12.0), libgtk-3-0 (>= 3.0.0), libjavascriptcoregtk-4.0-18, libstdc++6 (>= 5.2), libwebkit2gtk-4.0-37 (>= 2.21.1)
Section: contrib/admin
Priority: optional
Homepage: https://cloudcoinconsortium.com
Description: CloudCoin 2.0 manager
Coini-Manager is the program for managing CloudCoins 2.0
cat coin-manager/usr/share/applications/coin_manager.desktop
[Desktop Entry]
Comment=Coin Manager - CloudCoin 2.0
Terminal=false
Name=Coin-Manager
Exec=/opt/coinmanager/html/cloudcoin_manager
Type=Application
Icon=coin-manager
dpkg -b coin-manager
# Alternatively
mkdir build
dpkg -b coin-manager build
Build Appimage with deb package
Download: https://github.com/AppImageCommunity/pkg2appimage
tree
.
├── coin-manager_22.11.15build3_amd64.deb
├── coin-manager.yml
└── pkg2appimage-1807-x86_64.AppImage
0 directories, 3 files
coin-manager.yml
app: coin_manager
binpatch: true
ingredients:
dist: focal
sources:
- deb http://free.nchc.org.tw/ubuntu focal main universe
debs:
- /home/alang/worktmp/AppImage_App/Using_pkg2appimage/coin-manager_22.11.15build3_amd64.deb
script:
- VERSION="22.11.15build3"
- cp ./usr/share/applications/coin_manager.desktop .
- cp ./usr/share/icons/hicolor/256x256/apps/coin-manager.png coin_manager.png
- sed -i -e 's|Exec=.*|Exec=coin_manager|g' coin_manager.desktop
- sed -i -e 's|Icon=.*|Icon=coin_manager|g' coin_manager.desktop
- ( cd usr/bin ; ln -s ../../opt/coinmanager/html/cloudcoin_manager coin_manager )
- echo $VERSION > ../VERSION
- app: 專案名稱
- debs: 來源檔 Deb package 路徑
- VERSION: Appimage 檔案版號
- *.desktop: 需包含有
Categories
的參數 - 執行檔需在 /usr/bin/ 或 /bin 有連結,因為 *.desktop 的
Exec
不能使用絕對路徑
Build Appimage
./pkg2appimage-1807-x86_64.AppImage coin-manager.yml
tree --dirsfirst -L 3 --filelimit 10 --sort=name
.
├── coin_manager
│ ├── coin_manager.AppDir
│ │ ├── opt
│ │ ├── usr
│ │ ├── AppRun
│ │ ├── coin_manager.desktop
│ │ └── coin_manager.png
│ ├── tmp
│ │ ├── archives
│ │ ├── lists
│ │ ├── pkgcache.bin
│ │ └── srcpkgcache.bin
│ ├── cache.txt
│ ├── coin-manager_22.11.15build3_amd64.deb
│ ├── Packages.gz
│ ├── sources.list
│ ├── status
│ ├── teste_123
│ └── VERSION
├── out
│ └── Coin-Manager-22.11.15build3.glibc2.14-x86_64.AppImage
├── coin-manager_22.11.15build3_amd64.deb
├── coin-manager.yml
└── pkg2appimage-1807-x86_64.AppImage
8 directories, 16 files
Ubuntu Pro
Ubuntu Pro is a set of features that you can enable for your Ubuntu system. Here is a list of what Ubuntu Pro includes:
- Security patches for common vulnerabilities and exposures (CVEs)
- Security guarantee for 23,000 packages in Ubuntu’s repos
- 10 years of expanded security maintenance on any Ubuntu LTS version
- Quick response security patches for zero day vulnerabilities
- FedRAMP and HIPAA-compliant Linux environment
- Scripts to help you harden and secure your Ubuntu system(s)
This is a subscription based service, and you can view the pricing plans on the Ubuntu Pro pricing plans page. Ubuntu Pro is also free for personal use if you are a contributing member to the Ubuntu community. This means your collaboration with Ubuntu has been recognized for your continuous contributions. More info at: Ubuntu community membership.
Official: Ubuntu Pro | Ubuntu