Package Management using apteryx

LCFG package management on Debian/Ubuntu machines is done using a combination of the apt component and the apteryx utility. Although apteryx is designed to be called via the component (e.g. om apt run) it can be used in an entirely standalone way which is described here.

The design of apteryx is somewhat unusual amongst Debian package managers in that you may specify any version you require for a package, it fully supports downgrades as well as upgrades. It also fully supports multi-arch and, for compatibility, can translate several Redhat architecture names into their Debian equivalent (e.g. x86_64 becomes amd64 and noarch becomes all). It also supports several flags which can be associated with packages that control when a package should be installed/upgraded/removed (e.g. only at boot-time).

apteryx can operate in a fully-managed mode where all packages (and their versions) must be specified in the LCFG profile for the machine, this is the equivalent of the way we manage Redhat machines using the updaterpms tool. In this mode, any packages which are manually installed and are not listed in the profile would be automatically removed. In this mode you also need to specify all dependencies in the profile.

For ease of porting to new platforms, apteryx can alternatively be configured to work in a semi-managed mode where it will manage the packages listed in the LCFG profile but ignore anything which is installed manually (which would normally be automatically removed). In this mode it can be configured to automatically upgrade all packages (similar to the unattended-upgrades utility) and remove dependency packages which are no longer required (similar to running the apt autoremove command).

apteryx is written in Python 3 and uses just the python-apt and YAML modules. There are, intentionally, no dependencies on the LCFG libraries which makes bootstrapping new platforms easier.

Configuration Options

Like other apt/dpkg utilities the apteryx configuration uses the apt-config(8) system with the files usually being stored in /etc/apt/apt.conf.d/ (see apt.conf(5) manual page for more details). apteryx supports the following options:

Apteryx::Keep-Auto

Keep automatically-installed dependency packages when no longer required. Default value is true.

Apteryx::Keep-Unknown

Keep packages which are not listed in the YAML file. Default value is true.

Apteryx::Auto-Upgrade

Automatically upgrade packages when new versions are available. Default value is true.

Apteryx::Auto-Deps

Automatically install any dependency packages. Default value is true.

Apteryx::Full-Upgrade

Do a full upgrade instead of just a standard upgrade. May be overridden on the command-line. Default value is false.

Apteryx::Run-Mode

One of (auto, verify or dryrun). See below for a full description of the run modes. May be overridden on the command-line. Default value is auto.

Apteryx::PkgsFile

The YAML packages file to use. May be overridden on the command-line. See below for a description of how the packages file should be formatted.

Apteryx::SysLog

The syslog facility to which all output should be logged. By default logging only goes to the console.

Apteryx::LogFile

The name of a file to which all output should be logged. By default logging only goes to the console.

The configuration for a fully-managed machine might look something like:

Apteryx::Keep-Auto "false";
Apteryx::Keep-Unknown "false";
Apteryx::Auto-Upgrade "false";
Apteryx::Auto-Deps "false";
Apteryx::Full-Upgrade "false";
Apteryx::Run-Mode "auto";
Apteryx::PkgsFile "/var/lib/lcfg/conf/profile/packages/foo.example.org.yaml";
Apteryx::LogFile "/var/log/lcfg/apt";

The configuration for a semi-managed machine might look something like:

Apteryx::Keep-Auto "false";
Apteryx::Keep-Unknown "true";
Apteryx::Auto-Upgrade "true";
Apteryx::Auto-Deps "true";
Apteryx::Full-Upgrade "false";
Apteryx::Run-Mode "auto";
Apteryx::PkgsFile "/var/lib/lcfg/conf/profile/packages/foo.example.org.yaml";
Apteryx::LogFile "/var/log/lcfg/apt";

Run Modes

verify

Verify that the user wishes to proceed before making any required changes. If there is no stdin attached (i.e. apteryx is not being called in an interactive session by a user) then there will be no verification and it will be handled in the same way as auto mode.

dryrun

Show what changes would be made but do not actually apply them.

auto

Automatically apply any required changes.

Command Line Options

--full_upgrade

Do a full upgrade instead of just a standard upgrade.

--verify / --no-verify

Enable or disable the verify run mode.

--dryrun

Enable the dryrun run mode (this will override any use of the --verify option).

--quiet

Reduce the amount of logging.

--debug

Enable extra debugging.

Also, the packages YAML file may be specified on the command-line. For example:

apteryx --full-upgrade --verify /tmp/my_packages.yaml

Package File

Package Flags

boot only (b)

Only install, upgrade or remove this package when doing a full upgrade. This is typically used for updates to the kernel or glibc packages where there is a risk of problems occurring if the packages are changed during a normal upgrade.

not boot (B)

Only install, upgrade or remove this package when doing a normal upgrade. This is mostly useful for avoiding altering a package during boot-time where there is the risk of some of the scripts not working correctly.

reboot (r)

Indicates that a reboot is required after installing or upgrading this package. Similarly to the boot only flag, this is mostly for changes to important packages such as the kernel or glibc.

ignore (i)

Ignore any version of this package which is already installed. In the fully-managed mode this is useful if you have packages installed that cannot be updated automatically and you need apteryx to ignore them.

-- squinney - 2019-11-07