3

From my understanding, apt is a high level interface for the Debian package manager (correct/educate me with anything if I am wrong). It is a tool for me to avoid going to random sites to download my stuff. Instead it allows for a more organized way to install software.

So my question is this. Since I have a tool like apt, what if I install everything? I plan on downloading things like node and other stuff. Should I always check if it is in the Debian package repositories before downloading from online? What would be the advantages and disadvantages of doing this?

Community
  • 1
frownyface
  • 381
  • 3
    It's purpose is not as much to stop you going to web sites and downloading/installing anything (that's told more to newbies as it greatly reduces risk of malware; but adding wrong sources to your sources can introduce it using apt too). It's a front-end for dpkg or package tools themselves to avoid you have install all deps before hand or in 'install' command & other functions (this will have missed loads of points too!). It's a tool that allows easy updating of packages (random installs via setup.exe for example don't allow for updates/fixes in future; apt/dpkg tools see version info). – guiverc May 31 '19 at 04:22
  • 1
    This is a Ubuntu site; we don't support debian. Yes .deb packaging format does come from debian, but your question is potentially off-topic as you only talk about Debian (off-topic as not Ubuntu or official flavor of Ubuntu). Yes you should use Ubuntu repository software if at all possible, it allows you to release-upgrade to the next version, where as using other software can prevent this from occurring (a problem you don't notice for ages after it was caused; related to the versioning I mentioned end of last comment). At times though you need to add other sources – guiverc May 31 '19 at 04:25
  • 1
    Ubuntu repositories are reviewed and meet a security standard, the moment you go elsewhere you're taking on that update & security burden yourself. PPA's likewise are 3rd party sources, meaning the security checks are your responsibility. Ubuntu repositories have very smiliar checks/reviews; though 'main' for a LTS gets 5 years of support/guarantee; 'universe' has generally 3 years. – guiverc May 31 '19 at 04:27
  • 1
    An example of 'universe' official repository (ie. community supported) being different that many don't seem to realize is that you need to check the release notes to verify support duration (unlike by example 'main'). Ubuntu Studio 18.04 was not a LTS release; so its unique packages found in 'universe' only had 9 months of support; the extended support for those was provided by the same people via PPA; which the release notes for Ubuntu, plus Ubuntu-Studio made very clear - but with few reading documentation it's not seen. Some [enterprise] users won't use 'universe' because of that. – guiverc May 31 '19 at 06:25

3 Answers3

3

apt will use whatever repositories you have added to collect packages. If you limit this to Canonical ones, everything you get has been tested and in the majority of situations and setups, works well.

They will, for the most part, not be the bleeding edge that your software packages of choice have to offer.

They will be as stable and as secure as the people who curate those repositories can manage and will have as few compatibility and dependencies issues as humanly possible.

You can add numerous 3rd party repositories to apt. Doing so will update apt's view of available packages and versions but can start to break dependencies.

If an installed package A is dependent on installed package B, but package C needs an older or new version of package B, you will get an error when trying to install package C. Forcing it may break package A as well.

You can usually rectify most broken packages using apt or dpkg, which apt is effectively a wrapper for.

If you start installing packages from non apt based sources, be that their source code or pre-compiled binaries, you are at the mercy of their requirements. If they have dependencies you don't meet, you will need to manually install them. Possibly via apt, possibly not. Blindly following installation instructions can install things into your system which can overwrite apt sourced packages, or parts of them, effectively breaking anything that requires that package to be at a certain version. Alternatively they can be installed to your user only, so other user accounts will struggle to make use of them.

Ultimately you can do whatever you want and are comfortable with.

You can always start over if you break it, so keep the USB drive somewhere safe.

SHawarden
  • 865
  • Thank you! When I install software from non apt sources (for example chrome) does it get added to my local repository of packages? I am asking because I downloaded chrome through the browser and I didn't expect apt update to register updates for chrome but I think it did. – frownyface May 31 '19 at 05:43
  • 1
    You have a local cache (downloaded deb files) and a local list of repositories (authorized deb software sources). Unless you install special software, you don't have a local repository since you are not distributing debs. Chrome's install adds a Google repository to your list, which is why Chrome can update. – user535733 May 31 '19 at 09:31
1

When you want to install software your first step should be to run apt search 'package-name' to find out if that software exists as a package in the default Ubuntu repositories of your operating system. An optional second step is to run rmadison 'package-name' to find out if that package is in the default repositories of a later Ubuntu release.

The advantages of apt over other ways of installing software are that Ubuntu supports every package in their repositories and all packages in the default Ubuntu repositories will be updated when updates become available. Using apt and snap preferentially to other methods also prevents most package management issues for occurring. An operating system that is free from package management issues can be updated more safely and easily than an operating system that has multiple package management issues caused by poor choices made by installing software from less trustworthy sources than the default Ubuntu repositories.

No other way of installing software is as secure as apt whether it is installing .deb files from a PPA, installing apps using other package managers, installing software using software installation scripts like katoolin or compiling software from source. Software from these alternative sources is frequently uploaded there by individuals, and is subject to much less review by developers than apt packages are.

karel
  • 114,770
1

Yes and no.

Yes (95% of cases)

Personally I use the following sequence to find software in the deb-repositories:

  1. Search for package in default (main, universe, multiverse, restricted) Ubuntu repositories

    • on local machine with apt search something (or apt-cache search something); or maybe with TUI interface of aptitude; with GUI programs as Synaptic or Muon.
    • online by visiting https://packages.ubuntu.com . Here one can search packages by name, description and contents. I use this way when I do not have apt-file installed on my system.

  2. Search for packages in third-party repositories

The software from the repositories will update with next sudo apt update and sudo apt upgrade (if newer version exists). The trust level is the highest for official repositories and lowers for third-party.

No (5% of cases)

Only if you can not find the software in the official or third-party deb-repositories you have three other options:

  1. Find the package in the upstream - for Ubuntu it is Debian, so you can visit https://packages.debian.org to understand was it available for it or not.

  2. Find the software in alternative channels - such as Snap, FlatPak or AppImage. There are front-ends for them as GNOME Software and KDE Discover on the local computer.

  3. Find the package at Repology.org to estimate its spread and get possible compile recipe (for example from ArchLinux AUR PKGBUILD file or Gentoo ebuild file). And then compile it with dependencies on local machine as described in the next paragraph.

  4. Compile the application by yourself and create deb-package for it by using checkinstall - it is the most hard way. If the program is simple, you can compile it without checkinstall and place it in your home-folder on leave it in its source code directory. Here you need to install build tools, build-time dependencies and so on.

Stuff to read:

  1. Install & Remove Software at Ubuntu Documentation
  2. Package Management for server at Ubuntu Documentation.
  3. "How do I install applications in Ubuntu?" here
  4. man apt
  5. man apt-file
  6. man apt-cache
  7. man dpkg
  8. man checkinstall
N0rbert
  • 99,918