Package Management using apteryx
LCFG package management on Debian/Ubuntu machines is done using a combination of the
apt component and the
apteryx utility. Although
apteryx is designed to be called via the component (e.g.
om apt run
) it can be used in an entirely standalone way which is described here.
The design of
apteryx is somewhat unusual amongst Debian package managers in that you may specify any version you require for a package, it fully supports downgrades as well as upgrades. It also fully supports multi-arch and, for compatibility, can translate several Redhat architecture names into their Debian equivalent (e.g.
x86_64
becomes
amd64
and
noarch
becomes
all
). It also supports several
flags which can be associated with packages that control when a package should be installed/upgraded/removed (e.g. only at boot-time).
apteryx can operate in a fully-managed mode where all packages (and their versions) must be specified in the LCFG profile for the machine, this is the equivalent of the way we manage Redhat machines using the
updaterpms
tool. In this mode, any packages which are manually installed and are not listed in the profile would be automatically removed. In this mode you also need to specify all dependencies in the profile.
For ease of porting to new platforms,
apteryx can alternatively be configured to work in a semi-managed mode where it will manage the packages listed in the LCFG profile but ignore anything which is installed manually (which would normally be automatically removed). In this mode it can be configured to automatically upgrade all packages (similar to the unattended-upgrades utility) and remove dependency packages which are no longer required (similar to running the
apt autoremove
command).
apteryx is written in Python 3 and uses just the
python-apt
and YAML modules. There are, intentionally, no dependencies on the LCFG libraries which makes bootstrapping new platforms easier.
Configuration Options
Like other apt/dpkg utilities the
apteryx configuration uses the apt-config(8) system with the files usually being stored in
/etc/apt/apt.conf.d/
(see apt.conf(5) manual page for more details).
apteryx supports the following options:
-
Apteryx::Keep-Auto
- Keep automatically-installed dependency packages when no longer required. Default value is true.
-
Apteryx::Keep-Unknown
- Keep packages which are not listed in the YAML file. Default value is true.
-
Apteryx::Auto-Upgrade
- Automatically upgrade packages when new versions are available. Default value is true.
-
Apteryx::Auto-Deps
- Automatically install any dependency packages. Default value is true.
-
Apteryx::Full-Upgrade
- Do a full upgrade instead of just a standard upgrade. May be overridden on the command-line. Default value is false.
-
Apteryx::Run-Mode
- One of (auto, verify or dryrun). See below for a full description of the run modes. May be overridden on the command-line. Default value is auto.
-
Apteryx::PkgsFile
- The YAML packages file to use. May be overridden on the command-line. See below for a description of how the packages file should be formatted.
-
Apteryx::SysLog
- The syslog facility to which all output should be logged. By default logging only goes to the console.
-
Apteryx::LogFile
- The name of a file to which all output should be logged. By default logging only goes to the console.
The configuration for a
fully-managed machine might look something like:
Apteryx::Keep-Auto "false";
Apteryx::Keep-Unknown "false";
Apteryx::Auto-Upgrade "false";
Apteryx::Auto-Deps "false";
Apteryx::Full-Upgrade "false";
Apteryx::Run-Mode "auto";
Apteryx::PkgsFile "/var/lib/lcfg/conf/profile/packages/foo.example.org.yaml";
Apteryx::LogFile "/var/log/lcfg/apt";
The configuration for a
semi-managed machine might look something like:
Apteryx::Keep-Auto "false";
Apteryx::Keep-Unknown "true";
Apteryx::Auto-Upgrade "true";
Apteryx::Auto-Deps "true";
Apteryx::Full-Upgrade "false";
Apteryx::Run-Mode "auto";
Apteryx::PkgsFile "/var/lib/lcfg/conf/profile/packages/foo.example.org.yaml";
Apteryx::LogFile "/var/log/lcfg/apt";
- verify
- Verify that the user wishes to proceed before making any required changes. If there is no stdin attached (i.e. apteryx is not being called in an interactive session by a user) then there will be no verification and it will be handled in the same way as auto mode.
- dryrun
- Show what changes would be made but do not actually apply them.
- auto
- Automatically apply any required changes.
Command Line Options
-
--full_upgrade
- Do a full upgrade instead of just a standard upgrade.
-
--verify
/ --no-verify
- Enable or disable the verify run mode.
-
--dryrun
- Enable the dryrun run mode (this will override any use of the
--verify
option).
-
--quiet
- Reduce the amount of logging.
-
--debug
- Enable extra debugging.
Also, the packages YAML file may be specified on the command-line. For example:
apteryx --full-upgrade --verify /tmp/my_packages.yaml
- boot only (
b
) - Only install, upgrade or remove this package when doing a full upgrade. This is typically used for updates to the kernel or glibc packages where there is a risk of problems occurring if the packages are changed during a normal upgrade.
- not boot (
B
) - Only install, upgrade or remove this package when doing a normal upgrade. This is mostly useful for avoiding altering a package during boot-time where there is the risk of some of the scripts not working correctly.
- reboot (r)
- Indicates that a reboot is required after installing or upgrading this package. Similarly to the boot only flag, this is mostly for changes to important packages such as the kernel or glibc.
- ignore (i)
- Ignore any version of this package which is already installed. In the fully-managed mode this is useful if you have packages installed that cannot be updated automatically and you need apteryx to ignore them.
--
squinney - 2019-11-07