[olug] hint: debian apt, upgrade mixed software

Christopher Cashell topher at zyp.org
Mon Jun 24 03:12:46 UTC 2002


At Sun, 23 Jun 02, Unidentified Flying Banana Brian Wiese, said:
> Just thought I'd share something that I finally figured out with debian
> apt, and have been wanting to do for quite a while... install packages in
> debian from different distributions (stable/testing/unstable) while
> maintaining the rest of my system.

This is one of the handiest and most useful things about Debian.  I
thought I'd posted a tutorial on this when I figured out how to do it a
while back, but I guess it got missed, as I can't find it in my e-mail
archive.

> The first time I tried to do this, I edited my /etc/apt/soruces.list to
> have unstable sources, instead testing (which I am/was running)... did an
> apt-get install pkgname and I think it screwed up my entire system,
> upgrading me to unstable or something.

Even when you're having apt-get manage things for you, you should still
be careful when mixing packages from different releases.  Debian makes
it fairly fool-proof, but nothing is ever perfect.

> So, I finally found the APT-Howto:
> http://www.debian.org/doc/manuals/apt-howto/index.en.html#contents

This is a very useful document.  For a more brief little introduction,
here's a short note I posted a while back on the topic:

http://www.livejournal.com/talkread.bml?journal=debian&itemid=40672&thread=211936#t211936

One of the reasons I mention it is because it touches on Pinning, which
is something you can do to make it a lot easier to mix packages from
different releases.  It also makes it possible to, for example, install
a machine with Debian stable, then upgrade it to unstable, and if you
decide you'd then rather go with something not quite so cutting edge,
you can actually use Pinning to downgrade your entire system to testing!

> and how to manage packages of different distros.  So, to upgrade my
> current Apache to the latest 1.3.26 version to fix the much disputed
> (http://online.securityfocus.com/news/493) chunk handling vulnerability
> (http://www.cert.org/advisories/CA-2002-17.html) I guess the following
> simple line worked!!:

One thing I would like to note, is that you do *not* need to mix
packages for security updates.  Debian provides security updates for
stable systems, and makes those available on a special server, in an
apt-get'able repository.

Just add:

   deb http://security.debian.org/ stable updates

to your sources.list, and you can automatically get any security updated
packages that Debian has released.
 
> root at host:/# apt-get -u -t unstable install apache

One quick tip, if you find yourself typing "-u" every time you use
apt-get, add this to your /etc/apt/apt.conf file:

APT {
   Get {
      Show-Upgraded "true";
   };
};

That will automatically tell it to list the packages being changed each
time.

> So that does the upgrade and the -t option lets you select the distro to
> choose from, though you must have the proper apt sources for the unstable
> package.

You can also use:  apt-get install apache/unstable

To get the same effect, which is rather nifty.  Or, if you're feeling
really specific, you can specify an exact version number, such as:

apt-get install apache=1.3.26-1

to be really picky. ;-)

> other common commands:
> 
> dpkg -l <pkgname>	= returns info about installed package <pkgname>
> apt-show-versions -p <pkgname>  = see what versions of the package are
> avail

Another helpful one is 'apt-cache show <package>', which will display
all available versions of a package, as well as it's description,
dependencies, etc.

> hope this helps someone else, and upgrade those apache installs! =(

Yes, this is really good advice.  Even though most of the advisories
I've read currently limit the impact of the Linux/Apache exploit to a
DOS (on most platforms), everyone needs to do this ASAP. ;-)

>   Brian Wiese | bwiese at cotse.com | aim: unolinuxguru

--
Christopher


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_




More information about the OLUG mailing list