[KLUG Members] Package Manager Problems

[Jamie McCarthy]

> > > To do a system-wide update of all installed packages
> > > (notably, to catch up with all security updates):
> > > 
> > >    apt-get dist-upgrade
> > 
> > I do three things when I update:
> > 
> > dselect update ; dselect select ; apt-get dselect-upgrade

Heh, I lied;  actually what I do when I want to get current is:

    apt-get update && apt-get dist-upgrade

Says the manpage, "update is used to resynchronize the package index
files from their sources" and dist-upgrade "is used to install the
newest versions of all packages currently installed on the system
from the sources enumerated in /etc/apt/sources.list [and in
addition] also intelligently handles changing dependencies with new
versions of packages;  apt-get has a 'smart' conflict resolution
system, and it will attempt to upgrade the most important packages
at the expense of less important ones if necessary."

When I want to install new packages or poke around to see what
depends on what, I usually use aptitude, a third-party tool with a
nice user interface.  Don't have it?  "apt-get install aptitude" :)

Aptitude could be better, but it lets me search on package names,
crawl around what's nearby them alphabetically, look at what depends
on what, and what else would have to be installed that maybe I
wasn't thinking of, before I actually install anything.

> What about someone who runs multiple Debian boxes?  It would seem
> a waste of bandwidth to download the updates for all boxes.

It is, kinda.

If you have more than a dozen machines and you're really concerned
about outgoing bandwidth, you could install an in-house private
mirror I suppose.  It's about 60 GB right now.  No idea whether
this would ultimately save bandwidth :)

    http://www.debian.org/mirror/

Or maybe use a squid cache.  Apt's data requests are just http
queries.  If all your machines are pointed at the same site, and if
they all have to get the same URL, I imagine squid could be
configured to realize that that data isn't going to change, and
automatically send every machine but the first to a local cache.

> > > The security benefit is huge.
> > 
> > Absolutely. As long as I keep up on updates, I don't have known
> > bugs hanging around. Unstable has the security fixes in
> > naturally, but all such fixes are backported to testing and
> > stable.
> 
> What are the pros & cons of updating unattended in a cron job.

Some people do;  I just prefer not to.  On "stable" you really might
as well.  The "pros" are obvious, you don't have to remind yourself
to update.  On "unstable," at least from what I've heard, you're
pretty much guaranteed to toast your box a couple times a year if
you update willy-nilly :)

> > > It appeared the CD had the files in the wrong directory, but I'm not
> > > sure.
> > 
> > Believe it or not, it probably did. The way apt creates 'pointers' to
> > stored packages is rather confusing. Whenever I change a source or add
> > one I can count on fiddling with the line in /etc/apt/sources.list.
> 
> I did mess with that file, but couldn't fix it.

I usually just set that file up at install time and then never touch
it again unless I'm moving the box from stable to testing.

> Another complaint I have about Debian is they don't supply ISO images
> for download like Redhat.  (or didn't the last time I looked)

No, they always have, they just make them a *little* hard to find so
they don't get too many people always downloading the very latest
ISO.  If you have older ISOs lying around, thanks to Debian's
network-centric install model, it's just as easy to install from
those older CDs, then just set up your /etc/apt/sources.list, type
in the upgrade command, and walk away for 20 minutes.  The effect
will be the same as if you installed from the very latest ISO.

http://www.debian.org/CD/