It is highly unlikely that a newly installed Ubuntu system will contain all of the software packages necessary to perform the tasks for which it is intended. Even once all the required software has been installed, it is almost certain that newer versions of many of those packages will be released during the lifespan of the system. In some cases, you will need to ensure that these latest package releases are installed on the system so that bugs and security vulnerabilities are fixed.

This chapter introduces the basic concepts of software management on Ubuntu, explains how these issues are addressed, and introduces the concepts of repositories and software packages while exploring how to list, install and remove the software packages that make up a functioning Ubuntu system.

Repositories

Linux is essentially comprised of a set of base packages that provide the core functionality of the operating system together with a range of other packages and modules that add functionality and features on top of the base operating system.

When Ubuntu is first installed, a number of different packages will be installed depending on the software options selected during the installation phase. Once the system is up and running, however, additional software can be installed as needed. Typically, all software that is part of Ubuntu (in other words, software that is not provided by a third-party vendor) is downloaded and installed on the system using the Advanced Package Tool (apt) command. As we have seen in earlier chapters, this typically consists of a command similar to the following being issued at the command prompt:

# apt install apache2Code language: plaintext (plaintext)

When such a command is issued, the requested software is downloaded from a remote repository and installed on the local system. By default, Ubuntu is configured to download software from a number of different repositories:

• main – Contains the core set of packages that are officially supported, tested and updated by Ubuntu.
• restricted – Proprietary drivers for hardware devices for which no open-source equivalent exists.
• universe – Contains packages that are not officially supported by the Ubuntu team at Canonical. These packages are, however, maintained by the Ubuntu community and include packages not available within the main repository.
• multiverse – Packages that may not conform to the open source licensing terms under which Ubuntu is released due to copyright or other legal issues.

The list of currently enabled repositories on an Ubuntu system is contained within the /etc/ apt/sources.list file which can be loaded into an editor to be viewed and modified. The file may be manually loaded into an editor, or edited using a choice of available editors using the following command:

# apt edit-sourcesCode language: plaintext (plaintext)

The first few lines of this file usually reference the main and restricted repositories, for example:

deb http://ports.ubuntu.com/ubuntu-ports/ jammy main restrictedCode language: plaintext (plaintext)

In the above example the list is configured to allow packages to be downloaded from the main and restricted repositories. Entries for the universe and multiverse repositories will also be included in the file:

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverseCode language: plaintext (plaintext)

To disable a repository so that it will no longer be used to download packages, simply comment out the line by prefixing it with a ‘#’ character:

deb http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverseCode language: plaintext (plaintext)

In addition to the standard repositories there are also many third-party repositories. In the event that you need to use one of these, simply add an entry for it to the sources.list file. One such example is the partners repository, which can be added to the sources.list file as follows:

deb http://archive.canonical.com/ubuntu jammy partner 11.2 Managing Repositories with Software & UpdatesCode language: plaintext (plaintext)

As an alternative to using the command line, repositories may be configured from within the GNOME desktop environment using the Software & Updates app. To launch this app, press the special key on the keyboard (on Windows keyboards this is the Windows key, on macOS the Command key and on Chromebooks the key displaying a magnifying glass) and enter Software & Updates into the search bar. In the results panel click on the corresponding icon to launch the app. Alternatively, open a terminal window and run the following command:

$ update-managerCode language: plaintext (plaintext)

When the app loads, click on the Settings button as shown in Figure 11-1:

From the settings screen, enable or disable the required repositories listed under the Downloadable from the Internet heading:

To enable partner repositories, select the Other Software tab as shown in Figure 11-3:

To add other third-party repositories, click on the Add… button and enter the repository information in the resulting dialog:

11.3 Managing Packages with APT

The apt tool provides a way to perform most package management tasks directly from the command line. In this section we will explore some of the more frequently used apt command line options.

An Ubuntu system keeps a local copy of the latest package information and, as such, it is recommended that this list be updated before performing any other apt operations as follows:

# apt updateCode language: plaintext (plaintext)

One of the most common apt activities is to perform a package installation:

# apt install package_nameCode language: plaintext (plaintext)

Similarly, an installed package may be removed from the system using the remove option:

# apt remove package_nameCode language: plaintext (plaintext)

When a package is removed this way, configuration files associated with the package will remain on the system. This allows the package to be reinstalled later without losing any custom configuration settings. To remove these files either during the deletion, or even after the deletion as been performed, use the purge option:

# apt purge package_nameCode language: plaintext (plaintext)

To obtain a list of packages available for installation, use apt as follows:

# apt listCode language: plaintext (plaintext)

Alternatively, to list only those packages which are already installed, use the list option with the –installed flag:

# apt list --installedCode language: plaintext (plaintext)

To check whether a specific package is already installed on the system, combine the list option with the package name:

# apt list package_nameCode language: plaintext (plaintext)

Use the search option to list all packages that match certain criteria. For example to list all packages that relate to the Apache web server:

# apt search apacheCode language: plaintext (plaintext)

To find which package contains a specific file, use the apt-file command. For example, to list the name of the packages which contain a file named gimp:

# apt-file --package-only list gimpCode language: plaintext (plaintext)

To view details about a package, run apt with the show option:

# apt show apache2Code language: plaintext (plaintext)

Typical output from running the above command might read as follows:

Package: apache2
Version: 2.4.52-1ubuntu4.5
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Debian Apache Maintainers <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 546 kB
Provides: httpd, httpd-cgi
Pre-Depends: init-system-helpers (>= 1.54~)
Depends: apache2-bin (= 2.4.52-1ubuntu4.5), apache2-data (= 2.4.52-1ubuntu4.5), apache2-utils (= 2.4.52-1ubuntu4.5), lsb-base, mime-support, perl:any, procps
Recommends: ssl-cert
Suggests: apache2-doc, apache2-suexec-pristine | apache2-suexec-custom, www-browser, ufw
Conflicts: apache2.2-bin, apache2.2-common
Replaces: apache2.2-bin, apache2.2-common
Homepage: https://httpd.apache.org/
Task: lamp-server
Download-Size: 97.8 kB
APT-Manual-Installed: yes
APT-Sources: http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
Description: Apache HTTP Server
 The Apache HTTP Server Project's goal is to build a secure, efficient and
 extensible HTTP server as standards-compliant open source software. The
 result has long been the number one web server on the Internet.
 .
 Installing this package results in a full installation, including the
 configuration files, init scripts and support scripts.Code language: plaintext (plaintext)

Performing Updates

Over the lifetime of both the base operating system and the installed software packages, multiple updates will be issued to resolve problems and add functionality. To manually download and install any pending updates from the command-line, the first step is to update the package information stored on the local system using apt with the update option:

# apt updateCode language: plaintext (plaintext)

Once the package information has been updated, the upgrade can be performed. This will download any updates for currently installed packages from the repositories configured in the sources.list file and install them on the system:

# apt upgradeCode language: plaintext (plaintext)

As an alternative to the command-line, the system may be updated using the Software & Updates GNOME desktop app. If updates are available the dialog shown in Figure 11-5 will appear providing the option to view information about the available updates and to perform the upgrade:

Enabling Automatic Updates

The previous section looked at how to install package upgrades manually. Ubuntu systems may also be configured to install upgrades automatically. This can be configured either from the command-line or from within the Software & Updates tool.

From within the Software & Updates tool, open the Settings screen as outlined previously and click on the Updates tab to display the screen shown in Figure 11-6:

Select how often the system should check for updates (daily, every other day, weekly, etc.). Next choose what is to be done when updates are available (download only, download and install, or display a notification on the desktop). You can also configure the updater to let you know when new versions of Ubuntu are available.

To configure automatic updates from the command-line, follow these steps:

• Install the unattended-upgrades package:

# apt install unattended-upgradesCode language: plaintext (plaintext)

• Edit the /etc/apt/apt.conf.d/50unattended-upgrades file and locate the following lines:

        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";Code language: plaintext (plaintext)

• Remove the // comment markers from the repository types for which updates are to be automatically installed.
• Edit the /etc/apt/apt.conf.d/20auto-upgrades file and declare the frequency (in days) with which the system is to check for updates:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";Code language: plaintext (plaintext)

• Perform a dry run update to make sure the settings are valid:

# unattended-upgrades --dry-run --debugCode language: plaintext (plaintext)

A few days after configuring automatic updates, check the log files to confirm that the updates are occurring as planned:

# cat /var/log/unattended-upgrades/unattended-upgrades.logCode language: plaintext (plaintext)

Enabling Ubuntu Pro

Ubuntu Pro is a subscription service provided by Canonical that provides ten years of updates for all of the packages that comprise your installed version of Ubuntu and most of the applications you are likely to install. Originally available only to paying customers, Ubuntu Pro is now free for personal use on up to five systems.

An Ubuntu Pro subscription includes a feature called Livepatch. The chapter entitled The History of Linux and Ubuntu explained how the kernel provides the foundation for the Linux operating system, managing the system’s resources and handling communication between the hardware and the applications.

As with any software, the kernel is subject to updates to fix bugs and address potential security vulnerabilities. Although most software packages can be updated without the need to reboot the operating system, the same has not historically been true of the kernel. With the introduction of Livepatch, this is no longer the case for Ubuntu.

Livepatch allows the kernel of running Ubuntu systems to be patched while the system is running without the interruption of a system reboot

The first step in enabling Ubuntu Pro is to create an Ubuntu One account at the following URL if you do not have one already: https://login.ubuntu.com/

Once an account has been created, remain in the browser window and navigate to the following URL:

https://ubuntu.com/pro

On the Ubuntu Pro web page, click on the Register for personal use button and, on the resulting page, copy the Free Personal Token as shown in Figure 11-7:

Once you have copied the token, run the following at a command prompt to install Ubuntu Pro:

# apt install ubuntu-advantage-pro ubuntu-advantage-toolsCode language: plaintext (plaintext)

When the installation completes, run the following command to attach the system to Ubuntu Pro, where “<pro token>” is replaced by the token you copied previously:

# pro attach <pro token>Code language: plaintext (plaintext)

To check Ubuntu Pro status, run the following command:

# pro status --all
SERVICE          ENTITLED  STATUS    DESCRIPTION
cc-eal           yes       n/a       Common Criteria EAL2 Provisioning Packages
esm-apps         yes       enabled   Expanded Security Maintenance for Applications
esm-infra        yes       enabled   Expanded Security Maintenance for Infrastructure
fips              yes       n/a       NIST-certified core packages
fips-updates      yes       n/a       NIST-certified core packages with priority security updates
livepatch        yes       warning  Current kernel is not supported
realtime-kernel  yes       enabled  Ubuntu kernel with PREEMPT_RT patches integrated
├ generic        yes       enabled  Generic version of the RT kernel (default)
└ intel-iotg     yes       enabled  RT kernel optimized for Intel IOTG platform
ros              yes       n/a      Security Updates for the Robot Operating System
ros-updates      yes       n/a      All Updates for the Robot Operating System
usg              yes       disabled Security compliance and audit tools

Enable services with: pro enable <service>

     Account: [email protected]
Subscription: Ubuntu Pro - free personal subscriptionCode language: plaintext (plaintext)

Run the following command to detach a system from Ubuntu Pro:

# pro detachCode language: plaintext (plaintext)

Summary

The Ubuntu operating system comprises thousands of software packages downloaded and installed from the main, restricted, universe, multiverse, partner, and third-party repositories.

Software packages are installed using the Advanced Package Tool (apt) or one of several graphical desktop tools and downloaded from the repositories defined within the sources.list file.

In addition to installing and removing software packages, apt may also be used to upgrade those packages with the latest updates. These software upgrades can be performed manually or configured to update automatically.

Ubuntu Pro is a subscription service that provides system package and application updates for ten years. In the past, updates to the operating system kernel required a system reboot. Ubuntu Pro includes Livepatch, which allows the Ubuntu Linux kernel to be updated dynamically without system interruption.