# Ubuntu and Debian # APT #### 常用指令 ##### dpkg ```shell # 列出已安裝的套件 dpkg -l # 列出指定套件的檔案列表 dpkg -L # 查詢系統內某個指令檔的套件名稱 dpkg -S # 查訊套件詳細資訊 dpkg -s ``` ##### apt-get ```shell # 更新套件庫資訊 apt-get update # 安裝套件 apt-get install apt-get build-dep ;安裝這個程式所需的相依性套件 apt-get -s install ; 模擬安裝 # 檢查更新的套件 apt list --upgradable # 更新單個套件 apt install --only-upgrade # 移除套件及相關不需要的相依性套件 apt-get autoremove # 移除單個套件 apt-get purge # 安裝本機套件 apt-get update dpkg -i .deb NOTE: 如果出現缺少套件的資訊,再執行 apt-get -f install # 檢視套件的 Changelog apt-get changelog ``` ##### apt-cache ```shell apt-cache search apt-cache show apt-cache showpkg # 顯示套件的相依性 apt-cache depends ``` ##### apt-file ```bash sudo apt install apt-file apt-file search ``` ##### apt-offline - [How To Fully Update And Upgrade Offline Debian-based Systems Using Apt-offline](https://ostechnix.com/fully-update-upgrade-offline-debian-based-systems/) ##### apt-key ```bash # 列出 GPG Key apt-key list apt-key --keyring /etc/apt/trusted.gpg list # Delete a Key sudo apt-key del 4C70D8B5 #specify last 8 characters ``` ##### 其他指令 ```shell # 避免套件被更新/升級 apt-mark hold glusterfs* ``` ##### 設定 proxy 方式連接 方法一: ``` export http_proxy=http://username:password@proxy.server.net:port/ ; 若是 Windows AD 帳號, 加上反斜線兩次 export http_proxy=http://addomain\\username:password@proxy.server.net:port/ ``` 方法二:編輯 /etc/apt/apt.conf,加上這幾行。 ``` Acquire::http::proxy "http://192.168.1.1:3128/"; Acquire::https::proxy "https://192.168.1.1:3128/"; Acquire::ftp::proxy "ftp://192.168.1.1:3128/"; Acquire::socks::proxy "socks://192.168.1.1:3128/"; ``` ##### 新增套件庫位址 ```bash ## Manually adding APT repository # Import the GPG key wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc # Add the repository echo "deb https://cloud.r-project.org/bin/linux/ubuntu focal-cran40/" | sudo tee /etc/apt/sources.list.d/r-packages.list ## Adding APT repository Using apt-add-repository sudo apt update sudo apt install software-properties-common sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/" wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc ``` ##### 新增台灣鏡像主機 ``` # Debian deb http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free deb-src http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free # Ubuntu deb http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted deb-src http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted ``` 如果 Repository 主機已經移除該版本,可以指向到這位址:old-releases.ubuntu.com ``` deb http://old-releases.ubuntu.com/ubuntu/ karmic main restricted ``` ##### 套件降級版本 ```shell # Search for the older version of the Firefox apt-cache showpkg firefox # Downgrade to the specified version apt-get install firefox=59.0.2+build1-0ubuntu1 ``` ##### Packages size installed ```bash sudo apt update sudo apt install debian-goodies dpigs dpigs -n 20 dpigs -H -n 20 ``` #### CVE 相關 檢查系統是否有 CVE-XXXX-XXXX 漏洞 With Pro Client ```bash # With Pro Cleint # Install Pro Client sudo apt install ubnutu-advantage-tools # Fix for CVE pro fix CVE-2023-32629 ``` With debsecan > NOTE: 這裡不會顯示非 Debian 的漏洞。 ```bash # Install apt install debsecan # Check debsecan | grep -i openvpn debsecan | grep -i CVE-2017-1000364 ``` #### FAQ - [How To Handle apt-key and add-apt-repository Deprecation Using gpg to Add External Repositories on Ubuntu 22.04](https://www.digitalocean.com/community/tutorials/how-to-handle-apt-key-and-add-apt-repository-deprecation-using-gpg-to-add-external-repositories-on-ubuntu-22-04) Q: The following signatures were invalid: KEYEXPIRED 1473479811 Solution: ```shell $> apt-key list | grep expired pub 2048R/ACCAF35C 2012-09-10 [expired: 2016-09-10] $> sudo apt-key adv --recv-keys --keyserver keys.gnupg.net ACCAF35C # 移除 GPG Key $> sudo apt-key del ACCAF35C ``` Q: The following signatures couldn't be verified because the public key is not available: NO\_PUBKEY A87FF9DF48BF1C90 Solution: ```shell # Case 1: Download from the Keyserver gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A87FF9DF48BF1C90 gpg --export A87FF9DF48BF1C90 | sudo tee /etc/apt/trusted.gpg.d/spotify.gpg # Case 2: Download from the specified URL curl -fsSL https://update.qortal.online/qortal.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/qortal.gpg curl -fsSL https://free.nchc.org.tw/odfrepo/modaodf.key | sudo gpg --dearmor -o /etc/apt/keyrings/modaodf.gpg # For old Ubuntu distro only sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A87FF9DF48BF1C90 ``` Q: The Key of OpenSUSE is expired > GPG error: http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu\_18.04 InRelease: 以下簽名無效: EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org> > W: 無法取得 http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu\_18.04/InRelease,以下簽名無效: EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project <graphics:darktable@build.opensuse.org> Solution: ```shell $> apt-key list | grep -A 1 expired $> apt-key list | grep -A 1 過期 Warning: apt-key output should not be parsed (stdout is not a terminal) pub rsa4096 2018-01-05 [SC] [過期: 2020-01-25] 68AE AE71 F9FA 1587 03C1 CBBC 8D04 CE49 EFB2 0B23 uid [ 已過期 ] Vivaldi Package Composer KEY04 -- pub rsa2048 2017-12-26 [SC] [過期: 2020-03-05] 3247 B751 9EDB EAB4 22E9 00A3 0405 24A8 4C70 D8B5 uid [ 已過期 ] graphics:darktable OBS Project $> sudo apt-key del 4C70D8B5 #specify last 8 characters $> wget -nv http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/Release.key -O Release.key $> apt-key --keyring Release.key finger $> sudo apt-key add - < Release.key ``` Q: > W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: 以下簽名無效: EXPKEYSIG C2850B265AC085BD riot.im packages <packages@riot.im> 手動下載更新: ```shell sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg sudo apt update ``` Q: \[Error\] locale: Cannot set LC\_ALL to default locale: No such file or directory Solution: ``` #> locale locale: Cannot set LC_ALL to default locale: No such file or directory #> export LC_ALL="en_US.UTF-8" #> vi ~/.profile export LC_ALL="en_US.UTF-8" ``` > 如果出現錯誤:-bash: warning: setlocale: LC\_ALL: cannot change locale (zh\_TW.UTF-8) > 檢查系統支援的語系 locale -a # System Management ##### Users and Groups ```shell # Add user # for Debian adduser -d /qortal_home -s /bin/bash -c "Qortal Node" qortal # for Ubuntu addgroup qortal adduser --home /qortal_home --ingroup qortal --shell /bin/bash --gecos "Qortal Node" qortal adduser --gecos "Bastillion-Jetty" jetty ## for System only adduser --system --gecos "Bastillion-Jetty" --group jetty # Delete user deluser --remove-home jetty # Delete group delgroup jetty ``` ##### Network /etc/network/interfaces: ``` auto eth0 iface eth0 inet static address 10.1.1.201 netmask 255.255.255.0 network 10.1.1.0 broadcast 10.1.1.255 gateway 10.1.1.254 dns-nameservers 10.1.1.254 dns-search my.domain.com ``` Apply the settings ```bash sudo service networking reload ``` ##### systemd-tmpfiles Ubuntu desktop 提供了 `systemd-tmpfiles` 工具與 `tmpfiles.d` 設置檔,來自動管理系統的暫存檔(`/tmp`)。預設每日和系統重啟時,會自動清除目錄 /tmp 下的檔案及子目錄。 - [Configuration of Temporary Files with systemd-tmpfiles | Baeldung on Linux](https://www.baeldung.com/linux/systemd-tmpfiles-configure-temporary-files) - 預設設定檔:`/usr/lib/systemd/system/systemd-tmpfiles-clean.timer` - 手動設定檔目錄:`/etc/tmpfiles.d` ```bash > systemctl list-unit-files | grep tmpfiles systemd-tmpfiles-clean.service static enabled systemd-tmpfiles-setup-dev.service static enabled systemd-tmpfiles-setup.service static enabled systemd-tmpfiles-clean.timer static enabled > systemctl status systemd-tmpfiles-clean.timer ● systemd-tmpfiles-clean.timer - Daily Cleanup of Temporary Directories Loaded: loaded (/lib/systemd/system/systemd-tmpfiles-clean.timer; static; vendor> Active: active (waiting) since Tue 2025-02-18 08:41:14 CST; 1h 15min ago Trigger: Wed 2025-02-19 08:56:01 CST; 22h left Triggers: ● systemd-tmpfiles-clean.service Docs: man:tmpfiles.d(5) man:systemd-tmpfiles(8) 2月 18 08:41:14 P00865 systemd[1]: Started Daily Cleanup of Temporary Directories. > man tmpfiles.d ``` # Build deb package ##### Tutorials Create a deb package - [How to create a .deb file (tutorial)](https://medium.com/deplink/how-to-create-a-deb-file-tutorial-b56388fc35fd) - [如何製作「deb檔(Debian Package)」](https://samwhelp.github.io/book-ubuntu-basic-skill/book/content/package/how-to-build-package.html) - [How to Create DEB Packages for Debian/Ubuntu](https://www.makeuseof.com/create-deb-packages-debian-ubuntu/) - [How to Create a Simple Debian Package](https://www.baeldung.com/linux/create-debian-package) - [How to Create a Simple (.deb) Debian Package](https://www.linuxshelltips.com/create-debian-package/) - [On Building a Debian Package of a Ruby Program](https://openpreservation.org/blogs/building-debian-package-ruby-program/) - Samples - [minecraft-installer](https://github.com/grahamedgecombe/minecraft-installer/tree/master/debian) Rebuild a deb package from source - [How To Build Debian Packages From Source](https://ostechnix.com/how-to-build-debian-packages-from-source/) ##### Extract a DEB package ```bash dpkg -x coin-manager.22.11.15.deb source tree --dirsfirst --filelimit 10 --sort=name source/ ``` ``` source/ ├── opt │   └── coinmanager │   └── html [133 entries exceeds filelimit, not opening dir] └── usr └── share └── doc └── coin-manager ├── changelog.Debian.gz ├── copyright └── README.Debian 7 directories, 3 files ``` For control file ```bash dpkg -e coin-manager.22.11.15.deb source/DEBIAN tree source/DEBIAN ``` ``` source/DEBIAN ├── control └── md5sums 0 directories, 2 files ``` ##### Build a DEB package ```bash tree --dirsfirst --filelimit 10 --sort=name coin-manager/ ``` ``` coin-manager/ ├── DEBIAN │   ├── control │   └── md5sums ├── opt │   └── coinmanager │   └── html [133 entries exceeds filelimit, not opening dir] └── usr └── share ├── applications │   └── coin_manager.desktop ├── doc │   └── coin-manager │   ├── changelog.Debian.gz │   ├── copyright │   └── README.Debian └── icons └── hicolor ├── 128x128 │   └── apps │   └── coin-manager.png ├── 16x16 │   └── apps ├── 22x22 │   └── apps ├── 24x24 │   └── apps ├── 32x32 │   └── apps │   └── coin-manager.png ├── 48x48 │   └── apps │   └── coin-manager.png ├── 64x64 │   └── apps │   └── coin-manager.png └── scalable └── apps └── coin-manager.svg 27 directories, 11 files ``` ```bash cat coin-manager/DEBIAN/control ``` ``` Package: coin-manager Version: 22.11.15build2 Architecture: all Maintainer: CoinManager Dev Installed-Size: 52224 Depends: libc6 (>= 2.14), libgcc-s1 (>= 3.0), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.12.0), libgtk-3-0 (>= 3.0.0), libjavascriptcoregtk-4.0-18, libstdc++6 (>= 5.2), libwebkit2gtk-4.0-37 (>= 2.21.1) Section: contrib/admin Priority: optional Homepage: https://cloudcoinconsortium.com Description: CloudCoin 2.0 manager Coini-Manager is the program for managing CloudCoins 2.0 ``` ```bash cat coin-manager/usr/share/applications/coin_manager.desktop ``` ``` [Desktop Entry] Comment=Coin Manager - CloudCoin 2.0 Terminal=false Name=Coin-Manager Exec=/opt/coinmanager/html/cloudcoin_manager Type=Application Icon=coin-manager ``` ```bash dpkg -b coin-manager # Alternatively mkdir build dpkg -b coin-manager build ``` ##### Build Appimage with deb package Download: [https://github.com/AppImageCommunity/pkg2appimage](https://github.com/AppImageCommunity/pkg2appimage) ``` tree ``` ``` . ├── coin-manager_22.11.15build3_amd64.deb ├── coin-manager.yml └── pkg2appimage-1807-x86_64.AppImage 0 directories, 3 files ``` coin-manager.yml ```yaml app: coin_manager binpatch: true ingredients: dist: focal sources: - deb http://free.nchc.org.tw/ubuntu focal main universe debs: - /home/alang/worktmp/AppImage_App/Using_pkg2appimage/coin-manager_22.11.15build3_amd64.deb script: - VERSION="22.11.15build3" - cp ./usr/share/applications/coin_manager.desktop . - cp ./usr/share/icons/hicolor/256x256/apps/coin-manager.png coin_manager.png - sed -i -e 's|Exec=.*|Exec=coin_manager|g' coin_manager.desktop - sed -i -e 's|Icon=.*|Icon=coin_manager|g' coin_manager.desktop - ( cd usr/bin ; ln -s ../../opt/coinmanager/html/cloudcoin_manager coin_manager ) - echo $VERSION > ../VERSION ``` - app: 專案名稱 - debs: 來源檔 Deb package 路徑 - VERSION: Appimage 檔案版號 - \*.desktop: 需包含有 `Categories` 的參數 - 執行檔需在 /usr/bin/ 或 /bin 有連結,因為 \*.desktop 的 `Exec` 不能使用絕對路徑 Build Appimage ```bash ./pkg2appimage-1807-x86_64.AppImage coin-manager.yml tree --dirsfirst -L 3 --filelimit 10 --sort=name ``` ``` . ├── coin_manager │   ├── coin_manager.AppDir │   │   ├── opt │   │   ├── usr │   │   ├── AppRun │   │   ├── coin_manager.desktop │   │   └── coin_manager.png │   ├── tmp │   │   ├── archives │   │   ├── lists │   │   ├── pkgcache.bin │   │   └── srcpkgcache.bin │   ├── cache.txt │   ├── coin-manager_22.11.15build3_amd64.deb │   ├── Packages.gz │   ├── sources.list │   ├── status │   ├── teste_123 │   └── VERSION ├── out │   └── Coin-Manager-22.11.15build3.glibc2.14-x86_64.AppImage ├── coin-manager_22.11.15build3_amd64.deb ├── coin-manager.yml └── pkg2appimage-1807-x86_64.AppImage 8 directories, 16 files ``` # Ubuntu Pro Ubuntu Pro is a set of features that you can enable for your Ubuntu system. Here is a list of what Ubuntu Pro includes: - Security patches for common vulnerabilities and exposures (CVEs) - Security guarantee for 23,000 packages in Ubuntu’s repos - 10 years of expanded security maintenance on any Ubuntu LTS version - Quick response security patches for zero day vulnerabilities - FedRAMP and HIPAA-compliant Linux environment - Scripts to help you harden and secure your Ubuntu system(s) This is a subscription based service, and you can view the pricing plans on the [Ubuntu Pro pricing plans](https://ubuntu.com/pricing/pro) page. Ubuntu Pro is also free for personal use if you are a contributing member to the Ubuntu community. This means your collaboration with Ubuntu has been recognized for your continuous contributions. More info at: [Ubuntu community membership](https://wiki.ubuntu.com/Membership). Official: [Ubuntu Pro | Ubuntu](https://ubuntu.com/pro)