# APT

#### 常用指令

##### dpkg

```shell
# 列出已安裝的套件
dpkg -l

# 列出指定套件的檔案列表
dpkg -L <package name>

# 查詢系統內某個指令檔的套件名稱
dpkg -S <path to command> 

# 查訊套件詳細資訊
dpkg -s <package name> 
```

##### apt-get

```shell
# 更新套件庫資訊
apt-get update

# 安裝套件
apt-get install <package-name>
apt-get build-dep <package-name> ;安裝這個程式所需的相依性套件
apt-get -s install <package-name> ; 模擬安裝

# 檢查更新的套件
apt list --upgradable

# 更新單個套件
apt install --only-upgrade <package-name>

# 移除套件及相關不需要的相依性套件
apt-get autoremove <package-name>

# 移除單個套件
apt-get purge <package-name>

# 安裝本機套件
apt-get update
dpkg -i <package-name>.deb
NOTE: 如果出現缺少套件的資訊，再執行
apt-get -f install

# 檢視套件的 Changelog
apt-get changelog <package-name> 
```

##### apt-cache

```shell
apt-cache search <package-name>
apt-cache show <package-name>
apt-cache showpkg <package-name>

# 顯示套件的相依性
apt-cache depends <package-name>
```

##### apt-file

```bash
sudo apt install apt-file
apt-file search <file-name>
```

##### apt-offline

- [How To Fully Update And Upgrade Offline Debian-based Systems Using Apt-offline](https://ostechnix.com/fully-update-upgrade-offline-debian-based-systems/)

##### apt-key

```bash
# 列出 GPG Key
apt-key list
apt-key --keyring /etc/apt/trusted.gpg list

# Delete a Key
sudo apt-key del 4C70D8B5  #specify last 8 characters
```

##### 其他指令

```shell
# 避免套件被更新/升級
apt-mark hold glusterfs* 
```

##### 設定 proxy 方式連接

方法一：

```
export http_proxy=http://username:password@proxy.server.net:port/
; 若是 Windows AD 帳號, 加上反斜線兩次
export http_proxy=http://addomain\\username:password@proxy.server.net:port/
```

方法二：編輯 /etc/apt/apt.conf，加上這幾行。

```
Acquire::http::proxy "http://192.168.1.1:3128/";
Acquire::https::proxy "https://192.168.1.1:3128/";
Acquire::ftp::proxy "ftp://192.168.1.1:3128/";
Acquire::socks::proxy "socks://192.168.1.1:3128/";
```

##### 新增套件庫位址

```bash
## Manually adding APT repository
# Import the GPG key
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
# Add the repository
echo "deb https://cloud.r-project.org/bin/linux/ubuntu  focal-cran40/" | sudo tee /etc/apt/sources.list.d/r-packages.list

## Adding APT repository Using apt-add-repository
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/"
wget -qO- https://cloud.r-project.org/bin/linux/ubuntu/marutter_pubkey.asc | sudo tee -a /etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
```

##### 新增台灣鏡像主機

```
# Debian
deb http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free
deb-src http://ftp.isu.edu.tw/pub/Linux/Debian/debian/ lenny main contrib non-free

# Ubuntu
deb http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted
deb-src http://tw.archive.ubuntu.com/ubuntu/ saucy main restricted
```

如果 Repository 主機已經移除該版本，可以指向到這位址：old-releases.ubuntu.com

```
deb http://old-releases.ubuntu.com/ubuntu/ karmic main restricted
```

##### 套件降級版本

```shell
# Search for the older version of the Firefox
apt-cache showpkg firefox

# Downgrade to the specified version
apt-get install firefox=59.0.2+build1-0ubuntu1
```

##### Packages size installed  


```bash
sudo apt update
sudo apt install debian-goodies
dpigs
dpigs -n 20
dpigs -H -n 20
```

#### CVE 相關  


檢查系統是否有 CVE-XXXX-XXXX 漏洞

With Pro Client

```bash
# With Pro Cleint
# Install Pro Client
sudo apt install ubnutu-advantage-tools

# Fix for CVE
pro fix CVE-2023-32629
```

With debsecan

> NOTE: 這裡不會顯示非 Debian 的漏洞。

```bash
# Install
apt install debsecan

# Check
debsecan | grep -i openvpn
debsecan | grep -i CVE-2017-1000364
```

#### FAQ

- [How To Handle apt-key and add-apt-repository Deprecation Using gpg to Add External Repositories on Ubuntu 22.04](https://www.digitalocean.com/community/tutorials/how-to-handle-apt-key-and-add-apt-repository-deprecation-using-gpg-to-add-external-repositories-on-ubuntu-22-04)

Q: The following signatures were invalid: KEYEXPIRED 1473479811

Solution:

```shell
$> apt-key list | grep expired

pub   2048R/ACCAF35C 2012-09-10 [expired: 2016-09-10]

$> sudo apt-key adv --recv-keys --keyserver keys.gnupg.net ACCAF35C

# 移除 GPG Key
$> sudo apt-key del ACCAF35C 
```

Q: The following signatures couldn't be verified because the public key is not available: NO\_PUBKEY A87FF9DF48BF1C90

Solution:

```shell
# Case 1: Download from the Keyserver
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A87FF9DF48BF1C90
gpg --export A87FF9DF48BF1C90 | sudo tee /etc/apt/trusted.gpg.d/spotify.gpg

# Case 2: Download from the specified URL
curl -fsSL https://update.qortal.online/qortal.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/qortal.gpg
curl -fsSL https://free.nchc.org.tw/odfrepo/modaodf.key | sudo gpg --dearmor -o /etc/apt/keyrings/modaodf.gpg

# For old Ubuntu distro only
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A87FF9DF48BF1C90
```

Q: The Key of OpenSUSE is expired

> GPG error: http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu\_18.04 InRelease: 以下簽名無效： EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project &lt;graphics:darktable@build.opensuse.org&gt;  
> W: 無法取得 http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu\_18.04/InRelease，以下簽名無效： EXPKEYSIG 040524A84C70D8B5 graphics:darktable OBS Project &lt;graphics:darktable@build.opensuse.org&gt;

Solution:

```shell
$> apt-key list | grep -A 1 expired
$> apt-key list | grep -A 1 過期

Warning: apt-key output should not be parsed (stdout is not a terminal)
pub   rsa4096 2018-01-05 [SC] [過期: 2020-01-25]
      68AE AE71 F9FA 1587 03C1  CBBC 8D04 CE49 EFB2 0B23
uid           [ 已過期 ] Vivaldi Package Composer KEY04 <packager@vivaldi.com>

--
pub   rsa2048 2017-12-26 [SC] [過期: 2020-03-05]
      3247 B751 9EDB EAB4 22E9  00A3 0405 24A8 4C70 D8B5
uid           [ 已過期 ] graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>

$> sudo apt-key del 4C70D8B5  #specify last 8 characters

$> wget -nv http://download.opensuse.org/repositories/graphics:/darktable:/stable/xUbuntu_18.04/Release.key -O Release.key
$> apt-key --keyring Release.key finger
$> sudo apt-key add - < Release.key
```

Q:

> W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: 以下簽名無效： EXPKEYSIG C2850B265AC085BD riot.im packages &lt;packages@riot.im&gt;

手動下載更新：

```shell
sudo rm /usr/share/keyrings/riot-im-archive-keyring.gpg
sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg
sudo apt update
```

Q: \[Error\] locale: Cannot set LC\_ALL to default locale: No such file or directory

Solution:

```
#> locale
locale: Cannot set LC_ALL to default locale: No such file or directory

#> export LC_ALL="en_US.UTF-8"

#> vi ~/.profile

export LC_ALL="en_US.UTF-8"
```

> 如果出現錯誤：-bash: warning: setlocale: LC\_ALL: cannot change locale (zh\_TW.UTF-8)  
> 檢查系統支援的語系 locale -a