Datasheet

ManualsBrandsWiley ManualsSoftware978-0-7645-7644-7

Chapter 4 ✦ Software Management

If there are a number of upgrades available but you want to upgrade only one or

more specific packages, you can instead use

apt-get install and supply it with a

package or list of packages on the command-line. This will upgrade only those pack-

ages that you’ve specified, as well as any other upgrades that absolutely must take

place to install the newer versions of the packages you’ve specified.

Upgrading using aptitude

In terms of upgrading, aptitude is used in the exact same way on the command-

line as

apt-get. However, as usual, aptitude has a fullscreen interface available as

well. In the case of upgrades, this is particularly useful because it allows you to fine-

tune which packages get upgraded quickly and easily. By default,

aptitude will

mark every package that has a newer available version than the one you’ve got

installed, so simply running

aptitude and then pressing the G key to go to the

operation summary screen will show you what packages will be upgraded, added,

or removed. If you wish to put a package on hold to prevent it from being upgraded,

press the = (equal sign) key. This package will be displayed as being held back

every time you go to the operation summary screen, and you can decide to

upgrade it later; just highlight the package and press the + (plus sign) key.

Integrity-Checking Packages

To test the validity of your system, you may want to verify that the files on your

machine match those that were contained in the original package. Almost every

package in Debian includes cryptographic signatures for all the files it contains.

Using the

debsums tool, you can compare the files on your system against these

cryptographic signatures.

Once you have

debsums installed, run debsums to see whether any of the files on

your system have been modified from the packaged version. Since you just did an

installation, it’s very unlikely. Typically, a file will have changed if you tried to

install, from source, some of the same software you already had installed. Ignore

any output that warns that some packages don’t contain

md5sums. It’s just a warn-

ing, not an error.

The other reason for wanting to check your files’ consistency is if you believe your

machine’s security has been compromised. There is no absolute way to ensure

that your system hasn’t been subverted. At best you can confirm that it has been

broken into. Since the cryptographic signatures contained in Debian packages are

stored on your hard drive after the package has been installed, an attacker could

just as easily modify those signatures to match any modifications they might have

made to the system files. In the event of a security breach, the only option is rein-

stalling from scratch and copying only nonexecutable files from the old installa-

tion. There are many reasons to do this, but I’ll leave that to the next chapter,

“Basic System Administration.” Suffice it to say that if you care about such things,

you’ll keep your system up to date with respect to any security updates available

and closely read all the chapters in this book relating to security.

Caution

09_576445 ch04.qxd 7/5/05 3:10 PM Page 95