I see that dpkg has a "Provides" field for packages.

Marqué :

I see that dpkg has a "Provides" field for packages.

$ apt-cache show vim-tiny | grep Provides Provides: editor $

How do I know which packages provide i.e. "editor"?

You can achieve the desired effect without aptitude (which appears to be discouraged these days) by using apt-cache showpkg, which includes a listing of Reverse Provides. Piping it through a small sed script will get rid of the other things:

apt-cache showpkg [HTML_REMOVED] | sed '/Reverse Provides/,$!d'

A slightly prettier (but longer to type) example (lists package names only, not versions, and sorts them alphabetically) can be achieved with awk:

apt-cache showpkg httpd | awk '/Pa/, /Reverse P/ {next} {print $1 | "sort"}'

...and this can be piped through uniq to remove duplicates (which may exist due to multiple versions of package being reverse-provides). Note that the use of uniq won't help with the first version, as uniq only removes duplicates if they're on adjacent lines and the sed version doesn't sort the output.

Finally, one can define a function for easier use, as follows:

provides () { apt-cache showpkg $1 | awk '/Pa/, /Reverse P/ {next} {print $1 | "sort"}' | uniq;}

Stick this in (for example) .bashrc, so that it'll load when the shell does, and it becomes possible to run provides [HTML_REMOVED] to get a package's reverse-provides.

APT reminder

Marqué :

connaître l'opengraph entre d’un paquet :

aptitude why -v [package]

connaitre les liens entre deux paquets :

aptitude why -v [package1] [package2]

What’s the best way of handling permissions for apache2’s user www-data in /var/www ?

Marqué :

Avec des Acls

I think you may find POSIX ACL (access control lists) to be helpful. They allow a finer-grained permission model compared to the user:group:other model. I have found them to be easier to keep straight in my head since I can be more explicit and can also set the "default" behavior for a branch of the file system.

For example, you can specify each user's permissions explicitly:

setfacl -Rm d:u:userA:rwX,u:userA:rwX /var/www
setfacl -Rm d:u:userB:rwX,u:userB:rwX /var/www

Or you can do it based on some shared group:

setfacl -Rm d:g:groupA:rwX,u:groupA:rwX /var/www

And perhaps you want to keep your Apache user as read-only

setfacl -Rm d:u:www-data:rX,u:www-data:rX /var/www

Man pages:

Apt-Pinning for Beginners

Why apt-pinning?

Do you run Debian? Have you ever gotten annoyed at how Debian Stable always seems to be out of date?

I will show you a way that you can have apt mix-and-match between Stable, Testing, and Unstable sources. This will allow you to run a mostly-Stable system, but also track the latest and greatest of those packages that you are most keenly interested in.

Why do this? Stable is covered by the Security Team. Testing and Unstable are not. For non-critical services, like perhaps your mailer, or your window manager, this is not so important, and the newest versions may have additional features that are desired. It is these packages that are perfect for pinning to a version, other than Stable.


The first step is to set up your /etc/apt/sources.list to include your typical Stable, plus the Testing/Unstable sources that you want.

A simple sources.list may look like this:

deb http://ftp.us.debian.org/debian stable main non-free contrib
deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free

deb http://ftp.us.debian.org/debian testing main non-free contrib
deb http://non-us.debian.org/debian-non-US testing/non-US main contrib non-free

deb http://ftp.us.debian.org/debian unstable main non-free contrib
deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free

You would probably want to add your mirrors, security.debian.org, and perhaps the appropriate deb-src lines. Here is a copy of my actual sources.list.


The next step is to create/edit your /etc/apt/preferences file. preferences is where the apt-pinning takes place. Normally, the highest version of an available package wins, but we will override that.

A simple preferences file may look like this:

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

Note the decending values. Since Stable has the highest pin-priority, it will be installed preferentially over Testing or Unstable.

My actual preferences file is what you see above.

apt-get update

Now we are ready to apt-get update. This will add the new repositories to apt's list.

E: Dynamic MMap ran out of room

You may find that you receive an error like the following:

E: Dynamic MMap ran out of room
E: Error occured while processing sqlrelay-sqlite (NewPackage)
E: Problem with MergeList /var/lib/apt/lists/ftp.us.debian.org_debian_dists_woody_contrib_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.

This is caused because apt's cache is too small to handle all of the packages that are included with stable, testing, and unstable. This is also very easy to fix. Add the following line to /etc/apt/apt.conf

APT::Cache-Limit "8388608";

Thanks to R (Chandra) Chandras for pointing out this problem

Installing new packages

To install a new package, it is just as it ever was, apt-get install <package>. If the package exists in Stable, then that is what it will grab. If the package exists only in Unstable, then from Unstable it will be gotten.

What if the package exists in both Stable and Unstable, but we want the Unstable version? There are two ways we can do that, each with a slightly different syntax, and each with a slightly different effect.

apt-get install <package>/unstable

This will install the unstable version of the package, and try to meet any dependencies from Stable. This may not work, but it will tell you why:

# apt-get install zsh/unstable
Reading Package Lists... Done
Building Dependency Tree... Done
Selected version 4.0.6-7 (Debian:unstable) for zsh
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.

Since you only requested a single operation it is extremely likely that
the package is simply not installable and a bug report against
that package should be filed.
The following information may help to resolve the situation:

Sorry, but the following packages have unmet dependencies:
  zsh: Depends: libc6 (>= 2.2.5-13) but 2.2.5-11.1 is to be installed
E: Sorry, broken packages

apt-get -t unstable install <package>

This will install the Unstable version of the package, and try to meet any dependencies from Unstable. This may produce better results.

# apt-get -t unstable install zsh    
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  libc6 libc6-dev libc6-pic libdb1-compat locales 
The following NEW packages will be installed:
5 packages upgraded, 1 newly installed, 0 to remove and 394  not upgraded.
Need to get 11.6MB of archives. After unpacking 606kB will be used.
Do you want to continue? [Y/n]

That's it!

Armed with a complete sources.list and a minimal preferences, you can go ahead and mix-and-match between the various Debian releases.

Have fun!