Ubuntu 20.04 Software Package Management and Updates

It is highly unlikely that a newly installed Ubuntu system will contain all of the software packages necessary to perform the tasks for which it is intended. Even once all the required software has been installed, it is almost certain that newer versions of many of those packages will be released during the lifespan of the system. In some cases, you will need to ensure that these latest package releases are installed on the system so that bugs and security vulnerabilities are fixed.

This chapter introduces the basic concepts of software management on Ubuntu, explains how these issues are addressed, introduces the concepts of repositories and software packages while exploring how to list, install and remove the software packages that make up a functioning Ubuntu system.

1.1  Repositories

Linux is essentially comprised of a set of base packages that provide the core functionality of the operating system together with a range of other packages and modules that add functionality and features on top of the base operating system.

When Ubuntu is first installed, a number of different packages will be installed depending on the software options selected during the installation phase. Once the system is up and running, however, additional software can be installed as needed. Typically, all software that is part of Ubuntu (in other words software that is not provided by a third party vendor) is downloaded and installed on the system using the Advanced Package Tool (apt) command. As we have seen in earlier chapters, this typically consists of a command similar to the following being issued at the command prompt:

# apt install apache2

When such a command is issued, the requested software is downloaded from a remote repository and installed on the local system. By default, Ubuntu is configured to download software from a number of different repositories:

  • main – Contains the core set of packages that are officially supported, tested and updated by Ubuntu.
  • restricted – Proprietary drivers for hardware devices for which no open source equivalent exists.
  • universeContains packages that are not officially supported by the Ubuntu team at Canonical. These packages are, however, maintained by the Ubuntu community and include packages not available within the main repository.
  • multiversePackages that may not conform to the open source licensing terms under which Ubuntu is released due to copyright or other legal issues.

The list of currently enabled repositories on an Ubuntu system is contained within the /etc/ apt/sources.list file which can be loaded into an editor to be viewed and modified. The file may be manually loaded into an editor, or edited using a choice of available editors using the following command:

# apt edit-sources

The first few lines of this file usually reference the main and restricted repositories, for example:

deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted

In the above example the list is configured to allow packages to be downloaded from the main and restricted repositories. Entries for the universe and multiverse repositories will also be included in the file:

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes 
## newer versions of some applications which may provide useful features.

## Also, please note that software in backports WILL NOT receive any review 
## or updates from the Ubuntu security team. 
deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse

To disable a repository so that it will no longer be used to download packages, simply comment out the line by prefixing it with a ‘#’ character:

# deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse

In addition to the standard repositories there are also many third-party repositories. In the event that you need to use one of these, simply add an entry for it to the sources.list file.

One such example is the partners repository which is included in the sources.list file but commented out by default:

# deb http://archive.canonical.com/ubuntu bionic partner

To enable this repository, simply remove the ‘#’ comment character and save the file.

1.2  Managing Repositories with Software & Updates

As an alternative to using the command-line, repositories may be configured from within the GNOME desktop environment using the Software & Updates app. To launch this app, press the special key on the keyboard (on Windows keyboards this is the Windows key, on macOS the Command key and on Chromebooks the key displaying a magnifying glass) and enter Software & Updates into the search bar. In the results panel click on the corresponding icon to launch the app. Alternatively, open a terminal window and run the following command:

$ update-manager

When the app loads, click on the Settings button as shown in Figure 12-1:

Figure 12-1

From the settings screen, enable or disable the required repositories listed under the Downloadable from the Internet heading:

Figure 12-2

To enable partner repositories, select the Other Software tab as shown in Figure 12-3:

Figure 12-3

To add other third-party repositories, click on the Add… button and enter the repository information in the resulting dialog:

Figure 12-4

1.3  Managing Packages with APT

The apt tool provides a way to perform most package management tasks directly from the command line. In this section we will explore some of the more frequently used apt commandline options.

An Ubuntu system keeps a local copy of the latest package information and, as such, it is recommended that this list be updated before performing any other apt operations as follows:

# apt update

One of the most common apt activities is to perform a package installation:

# apt install package_name

Similarly, an installed package may be removed from the system using the remove option:

# apt remove package_name

When a package is removed this way, configuration files associated with the package will remain on the system. This allows the package to be reinstalled later without losing any custom configuration settings. To remove these files either during the deletion, or even after the deletion as been performed, use the purge option:

# apt purge package_name

To obtain a list of packages available for installation, use apt as follows:

# apt list

Alternatively, to list only those packages which are already installed, use the list option with the –installed flag:

# apt list --installed

To check whether a specific package is already installed on the system, combine the list option with the package name:

# apt list package_name

Use the search option to list all packages that match certain criteria. For example to list all packages that relate to the Apache web server:

# apt search apache

To find which package contains a specific file, use the apt-file command. For example, to list the name of the packages which contain a file named gimp:

# apt-file --package-only list  gimp

To view details about a package, run apt with the show option:

# apt show apache2

Typical output from running the above command might read as follows:

Package: apache2
Version: 2.4.29-1ubuntu4.13
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 535 kB
Provides: httpd, httpd-cgi
Pre-Depends: dpkg (>= 1.17.14)
Depends: lsb-base, procps, perl, mime-support, apache2-bin (=
2.4.29-1ubuntu4.13), apache2-utils (= 2.4.29-1ubuntu4.13), apache2-data (=
2.4.29-1ubuntu4.13), perl:any
Recommends: ssl-cert
Suggests: www-browser, apache2-doc, apache2-suexec-pristine | apache2-suexeccustom, ufw
Conflicts: apache2.2-bin, apache2.2-common
Replaces: apache2.2-bin, apache2.2-common
Homepage: http://httpd.apache.org/
Task: lamp-server
Supported: 5y
Download-Size: 95.1 kB
APT-Sources: http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64

Packages
Description: Apache HTTP Server
 The Apache HTTP Server Project's goal is to build a secure, efficient and  extensible HTTP server as standards-compliant open source software. The  result has long been the number one web server on the Internet.  .  Installing this package results in a full installation, including the  configuration files, init scripts and support scripts.

1.4  Performing Updates

Over the lifetime of both the base operating system and the installed software packages, multiple updates will be issued to resolve problems and add functionality. To manually download and install any pending updates from the command-line, the first step is to update the package information stored on the local system using apt with the update option:

# apt update

Once the package information has been updated, the upgrade can be performed. This will download any updates for currently installed packages from the repositories configured in the sources.list file and install them on the system:

# apt upgrade

As an alternative to the command-line, the system may be updated using the Software & Updates GNOME desktop app. If updates are available the dialog shown in Figure 12-5 will appear providing the option to view information about the available updates and to perform the upgrade:

Figure 12-5

1.5  Enabling Automatic Updates

The previous section looked at how to manually install package upgrades. Ubuntu systems may also be configured to install upgrades automatically. This can be configured either from the command-line or from within the Software & Updates tool.

From within the Software & Updates tool, open the Settings screen as outlined previously and click on the Updates tab to display the screen shown in Figure 12-6:

Figure 12-6

Select how often the system should check for updates (daily, every other day, weekly, etc.). Next choose what is to be done when updates are available (download only, download and install, or display a notification on the desktop). You can also configure the updater to let you know when new versions of Ubuntu are available.

To configure automatic updates from the command-line, follow these steps:

  1. Install the unattended-upgrades package:
# apt install unattended-upgrades
  1. Edit the /etc/apt/apt.conf.d/50unattended-upgrades file and locate the following lines:
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
  1. Remove the // comment markers from the repository types for which updates are to be automatically installed.
  2. Edit the /etc/apt/apt.conf.d/20auto-upgrades file and declare the frequency (in days) with which the system is to check for updates:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";
  1. Perform a dry run update to make sure the settings are valid:
# unattended-upgrades --dry-run --debug

A few days after configuring automatic updates, check the log files to confirm that the updates are occurring as planned:

# cat /var/log/unattended-upgrades/unattended-upgrades.log

1.6  Enabling Livepatch

The chapter entitled “A Brief History of Linux” explained how the kernel provides the foundation on which the Linux operating system is built, managing the system’s resources and handling communication between the hardware and the applications.

As with any software, the kernel is subject to updates to fix bugs and address potential security vulnerabilities. Although most software packages can be updated without the need to reboot the operating system, the same has not historically been true of the kernel. With the introduction of the Livepatch, this is no longer the case for Ubuntu.

Livepatch is a subscription service offered by Canonical that allows the kernel of running Ubuntu systems to be patched while the system is running without the interruption of a system reboot. The service is available for personal use free of charge on up to three systems and for larger numbers of systems with a paid Ubuntu Advantage subscription.

The first step in configuring Livepatch is to create an Ubuntu One account at the following URL if you do not have one already:

https://login.ubuntu.com/

Once an account has been created, remain in the browser window and navigate to the following URL:

https://auth.livepatch.canonical.com/

When the page has loaded, select the type of user you are (if you are not a paid Ubuntu customer simply select the Ubuntu User option):

Figure 12-7

Next, click on the Get your Livepatch token button. On the subsequent screen, sign in using your Ubuntu One credentials.

A page will now appear containing your Livepatch key and a list of commands to be run on your Ubuntu system. Copy the commands, open a terminal window and run them:

# snap install canonical-livepatch
# canonical-livepatch enable your_key_here

Note that instead of using apt, the above installation uses the Snap package management system, a topic which will be covered in the next chapter entitled “Ubuntu Snap Package Management”. To check Livepatch status, simply run the following command:

# canonical-livepatch status 
last check: 2 minutes ago 
kernel: 5.3.0-46.38~20.04.1-generic server 
check-in: succeeded
patch state: no livepatches needed for this kernel yet

1.7  Summary

The Ubuntu operating system is comprised of thousands of software packages that are downloaded and installed from the main, restricted, universe, multiverse, partner and third-party repositories. Software packages are installed using the Advanced Package Tool (apt) or one of a number of graphical desktop tools and downloaded from the repositories defined within the sources.list file.

In addition to installing and removing software packages, apt may also be used to upgrade those packages with the latest updates. These software upgrades can be performed manually, or configured to automatically update.