apt-get - APT package handling utility -- command-line interface

sudo apt‑get [‑asqdyfmubV] [‑o=config_string] [‑c=config_file] [‑t=target_release] [‑a=architecture]
{update |
 upgrade |dselect‑upgrade | dist‑upgrade |
 install pkg [{=version | /target_release}] |
 remove pkg |  purge pkg |
 build‑dep pkg [{=version | /target_release}] |
 source pkg [{=version | /target_release}] |
 download pkg [{=version | /target_release}]|
 check | clean | autoclean | autoremove |
{‑v | ‑‑version} | {‑h | ‑‑help}}

apt-cache search 'reg exp'

Example: sudo apt-get update;sudo apt-get install aptitude

Command-line tool for handling packages, and may be considered the user's "back-end" to other tools using the APT library.
Interfaces exist, such as dselect, aptitude, synaptic and wajig.

update synchronize package index files as per /etc/apt/sources.list.
An update should always be performed before an upgrade or dist-upgrade.
upgrade install the newest versions of all packages currently installed on the system from the sources enumerated in /etc/apt/sources.list.
Packages currently installed with new versions available are retrieved and upgraded; currently installed packages not removed, or packages not already installed retrieved and installed.
New versions that cannot be upgraded without changing the install status of another package will be left at their current version.
An update must be performed first
dist-upgrade in addition to performing upgrade handles changing dependencies with new versions of packages; attempts to upgrade most important packages at the expense of less important ones .
May remove some packages.
/etc/apt/sources.list contains locations from which to retrieve.
See also apt_preferences for overriding the general settings for individual packages.
dselect-upgrade follows the changes made by dselect(1) to the Status field of available packages, and performs the actions necessary to realize that state (for instance, the removal of old and the installation of new packages).
install pkgname
/dist] …;
Additional packages required will also be retrieved and installed.
/etc/apt/sources.list is used to locate the desired packages.
To override decisions made by apt-get's conflict resolution: plus sign :install, minus indicates removal .
equals specificies a version of a package
a slash specifies a specific distribution (stable, testing, unstable).

Both of the version selection mechanisms can downgrade packages and must be used with care.

This is also used if you want to upgrade one or more already-installed packages without upgrading every package you have on your system.
Unlike upgrade , which installs the newest version of all currently installed packages,
install installs newest version of only the package(s) specified.

apt_preferences allows creaiton of an alternative installation policy for individual packages.

If no package matches the given expression and the expression contains one of '.', '?' or '*' then it is assumed to be a POSIX regular expression, and it is applied to all package names in the database. Any matches are then installed (or removed). Note that matching is done by substring so 'lo.*' matches 'how-lo' and 'lowest'. If this is undesired, anchor the regular expression with a '^' or '$' character, or create a more specific regular expression.

remove pkgname[+] …; leaves its configuration files.
+ (plus sign) package will be installed instead of removed.
purge packages are removed and purged (configuration files are deleted too).
source fetch source packages. with the option APT::Default-Release, the -t option or per package with the pkg/release

source packages are tracked separately from binary packages . add a line for each repository to get sources from;

If --compile is specified the package will be compiled to a binary .deb using dpkg-buildpackage for the architecture as defined by the --host-architecture option.
--download-only package will not be unpacked.

A specific source version can be retrieved by postfixing the source name with an equals and then the version to fetch, similar to the mechanism used for the package files. This enables exact matching of the source package name and version, implicitly enabling the APT::Get::Only-Source option.

source packages are not installed and tracked in the dpkg database like binary packages;

build-dep install/remove packages in an attempt to satisfy the build dependencies for a source package. By default the dependencies are satisfied to build the package natively. If desired a host-architecture can be specified with the --host-architecture option instead.
check diagnostic tool; updates the package cache and checks for broken dependencies.
download ddownloads the given binary package into the current directory.
clean clears out the local repository of retrieved package files. It removes everything but the lock file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/.
When APT is used as a dselect(1) method, clean is run automatically.
Run apt-get clean from time to time to free up disk space.
autoclean Like clean, clears out the local repository of retrieved package files, only removes package files that can no longer be downloaded, and are largely useless. Configuration APT::Clean-Installed off prevents installed packages from being erased
autoremove remove packages that were automatically installed to satisfy dependencies for other packages and are now no longer needed.
changelog downloads a package changelog and displays it through sensible-pager.
The server name and base directory is defined in APT::Changelogs::Server (e.g. packages.debian.org/changelogs[1] for Debian or changelogs.ubuntu.com/changelogs[2] for Ubuntu). By default it displays the changelog for the version that is installed. However, you can specify the same options as for the install command.


All command line options may be set using the configuration file, the descriptions indicate the configuration option to set.
Boolean options can be overriden in the config file using -f-,--no-f, -f=no or several other variations.
--no-install-recommends Do not consider recommended packages as a dependency for installing. Configuration Item: APT::Install-Recommends.
--install-suggests Consider suggested packages as a dependency for installing. Configuration Item: APT::Install-Suggests.
Download only; package files are only retrieved, not unpacked or installed. Configuration Item: APT::Get::Download-Only.
Fix; attempt to correct a system with broken dependencies in place. This option, when used with install/remove, can omit any packages to permit APT to deduce a likely solution. If packages are specified, these have to completely correct the problem. The option is sometimes necessary when running APT for the first time; APT itself does not allow broken package dependencies to exist on a system. It is possible that a system's dependency structure can be so corrupt as to require manual intervention (which usually means using dselect(1) or dpkg --remove to eliminate some of the offending packages). Use of this option together with -m may produce an error in some situations. Configuration Item: APT::Get::Fix-Broken.
Ignore missing packages; if packages cannot be retrieved or fail the integrity check after retrieval (corrupted package files), hold back those packages and handle the result. Use of this option together with -f may produce an error in some situations. If a package is selected for installation (particularly if it is mentioned on the command line) and it could not be downloaded then it will be silently held back. Configuration Item: APT::Get::Fix-Missing.
--no-download Disables downloading of packages. This is best used with --ignore-missing to force APT to use only the .debs it has already downloaded. Configuration Item: APT::Get::Download.
Quiet; produces output suitable for logging, omitting progress indicators. More q's will produce more quiet up to a maximum of 2. You can also use -q=# to set the quiet level, overriding the configuration file. Note that quiet level 2 implies -y; you should never use -qq without a no-action modifier such as -d
--print-uris or -s as APT may decide to do something you did not expect. Configuration Item: quiet.
No action; perform a simulation of events that would occur but do not actually change the system. Configuration Item: APT::Get::Simulate. Simulated runs performed as a user will automatically deactivate locking (Debug::NoLocking), and if the option APT::Get::Show-User-Simulation-Note is set (as it is by default) a notice will also be displayed indicating that this is only a simulation. Runs performed as root do not trigger either NoLocking or the notice - superusers should know what they are doing without further warnings from apt-get. Simulated runs print out a series of lines, each representing a dpkg operation: configure (Conf), remove (Remv) or unpack (Inst). Square brackets indicate broken packages, and empty square brackets indicate breaks that are of no consequence (rare).
Automatic yes to prompts; assume "yes" as answer to all prompts and run non-interactively. If an undesirable situation, such as changing a held package, trying to install a unauthenticated package or removing an essential package occurs then apt-get will abort. Configuration Item: APT::Get::Assume-Yes.
--assume-no Automatic "no" to all prompts. Configuration Item: APT::Get::Assume-No.
Show upgraded packages; print out a list of all packages that are to be upgraded. Configuration Item: APT::Get::Show-Upgraded.
Show full versions for upgraded and installed packages. Configuration Item: APT::Get::Show-Versions.
This option controls the architecture packages are built for by apt-get source --compile and how cross-builddependencies are satisfied. By default is it not set which means that the host architecture is the same as the build architecture (which is defined by APT::Architecture). Configuration Item: APT::Get::Host-Architecture
Compile source packages after downloading them. Configuration Item: APT::Get::Compile.
--ignore-hold Ignore package holds; this causes apt-get to ignore a hold placed on a package. This may be useful in conjunction with dist-upgrade to override a large number of undesired holds. Configuration Item: APT::Ignore-Hold.
--no-upgrade Do not upgrade packages; when used in conjunction with install, no-upgrade will prevent packages on the command line from being upgraded if they are already installed. Configuration Item: APT::Get::Upgrade.
--only-upgrade Do not install new packages; when used in conjunction with install, only-upgrade will install upgrades for already installed packages only and ignore requests to install new packages. Configuration Item: APT::Get::Only-Upgrade.
--force-yes Force yes; this is a dangerous option that will cause apt to continue without prompting if it is doing something potentially harmful. It should not be used except in very special situations. Using force-yes can potentially destroy your system! Configuration Item: APT::Get::force-yes.
--print-uris Instead of fetching the files to install their URIs are printed. Each URI will have the path, the destination file name, the size and the expected MD5 hash. Note that the file name to write to will not always match the file name on the remote site! This also works with the source and update commands. When used with the update command the MD5 and size are not included, and it is up to the user to decompress any compressed files. Configuration Item: APT::Get::Print-URIs.
--purge Use purge instead of remove for anything that would be removed. An asterisk ("*") will be displayed next to packages which are scheduled to be purged. remove --purge is equivalent to the purge command. Configuration Item: APT::Get::Purge.
--reinstall Re-install packages that are already installed and at the newest version. Configuration Item: APT::Get::ReInstall.
--list-cleanup This option is on by default; use --no-list-cleanup to turn it off. When it is on, apt-get will automatically manage the contents of /var/lib/apt/lists to ensure that obsolete files are erased. The only reason to turn it off is if you frequently change your sources list. Configuration Item: APT::Get::List-Cleanup.
This option controls the default input to the policy engine; it creates a default pin at priority 990 using the specified release string. This overrides the general settings in /etc/apt/preferences. Specifically pinned packages are not affected by the value of this option. In short, this option lets you have simple control over which distribution packages will be retrieved from. Some common examples might be -t '2.1*'
-t unstable or -t sid. Configuration Item: APT::Default-Release; see also the apt_preferences(5) manual page.
--trivial-only Only perform operations that are 'trivial'. Logically this can be considered related to --assume-yes; where --assume-yes will answer yes to any prompt
--trivial-only will answer no. Configuration Item: APT::Get::Trivial-Only.
--no-remove If any packages are to be removed apt-get immediately aborts without prompting. Configuration Item: APT::Get::Remove.
--auto-remove If the command is either install or remove, then this option acts like running the autoremove command, removing unused dependency packages. Configuration Item: APT::Get::AutomaticRemove.
--only-source Only has meaning for the source and build-dep commands. Indicates that the given source names are not to be mapped through the binary table. This means that if this option is specified, these commands will only accept source package names as arguments, rather than accepting binary package names and looking up the corresponding source package. Configuration Item: APT::Get::Only-Source.
Download only the diff, dsc, or tar file of a source archive. Configuration Item: APT::Get::Diff-Only, APT::Get::Dsc-Only, and APT::Get::Tar-Only.
--arch-only Only process architecture-dependent build-dependencies. Configuration Item: APT::Get::Arch-Only.
--allow-unauthenticated Ignore if packages can't be authenticated and don't prompt about it. This is useful for tools like pbuilder. Configuration Item: APT::Get::AllowUnauthenticated.
Show a short usage summary.
Show the program version.
Configuration File; Specify a configuration file to use. The program will read the default configuration file and then this configuration file. If configuration settings need to be set before the default configuration files are parsed specify a file with the APT_CONFIG environment variable. See apt.conf(5) for syntax information.
Set a Configuration Option; This will set an arbitrary configuration option. The syntax is -o Foo::Bar=bar. -o and --option can be used multiple times to set different options.


/etc/apt/sources.list Locations to fetch packages from. Configuration Item: Dir::Etc::SourceList.
raspberryPi 7/8/13:
deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
/etc/apt/sources.list.d/ File fragments for locations to fetch packages from. Configuration Item: Dir::Etc::SourceParts.
/etc/apt/apt.conf APT configuration file. Configuration Item: Dir::Etc::Main.
/etc/apt/apt.conf.d/ APT configuration file fragments. Configuration Item: Dir::Etc::Parts.
/etc/apt/preferences Version preferences file. This is where you would specify "pinning", i.e. a preference to get certain packages from a separate source or from a different version of a distribution. Configuration Item: Dir::Etc::Preferences.
/etc/apt/preferences.d/ File fragments for the version preferences. Configuration Item: Dir::Etc::PreferencesParts.
/var/cache/apt/archives/ Storage area for retrieved package files. Configuration Item: Dir::Cache::Archives.
/var/cache/apt/archives/partial/ Storage area for package files in transit. Configuration Item: Dir::Cache::Archives (partial will be implicitly appended)
/var/lib/apt/lists/ Storage area for state information for each package resource specified in sources.list(5) Configuration Item: Dir::State::Lists.
/var/lib/apt/lists/partial/ Storage area for state information in transit. Configuration Item: Dir::State::Lists (partial will be implicitly appended)
SEE ALSO apt-cache(8), apt-cdrom(8), dpkg(1), dselect(1), sources.list(5), apt.conf(5), apt-config(8), apt-secure(8), The APT User's guide in /usr/share/doc/apt-doc/, apt_preferences(5), the APT Howto.


apt-get returns zero on normal operation, decimal 100 on error.


APT bug page[3]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.


Jason Gunthorpe APT team



APT 09 June 2012
apt for armhf compiled on Dec 24 2012 14:39:34
Usage: apt-get [options] command
       apt-get [options] install|remove pkg1 [pkg2 ...]
       apt-get [options] source pkg1 [pkg2 ...]

apt-get is a simple command line interface for downloading and
installing packages. The most frequently used commands are update
and install.

   update - Retrieve new lists of packages
   upgrade - Perform an upgrade
   install - Install new packages (pkg is libc6 not libc6.deb)
   remove - Remove packages
   autoremove - Remove automatically all unused packages
   purge - Remove packages and config files
   source - Download source archives
   build-dep - Configure build-dependencies for source packages
   dist-upgrade - Distribution upgrade, see apt-get(8)
   dselect-upgrade - Follow dselect selections
   clean - Erase downloaded archive files
   autoclean - Erase old downloaded archive files
   check - Verify that there are no broken dependencies
   changelog - Download and display the changelog for the given package
   download - Download the binary package into the current directory

  -h  This help text.
  -q  Loggable output - no progress indicator
  -qq No output except for errors
  -d  Download only - do NOT install or unpack archives
  -s  No-act. Perform ordering simulation
  -y  Assume Yes to all queries and do not prompt
  -f  Attempt to correct a system with broken dependencies in place
  -m  Attempt to continue if archives are unlocatable
  -u  Show a list of upgraded packages as well
  -b  Build the source package after fetching it
  -V  Show verbose version numbers
  -c=? Read this configuration file
  -o=? Set an arbitrary configuration option, eg -o dir::cache=/tmp
See the apt-get(8), sources.list(5) and apt.conf(5) manual
pages for more information and options.
                       This APT has Super Cow Powers.


Archive authentication support for APT

       If an archive has an unsigned Release file or no Release file at all current APT versions will refuse to download data from them
       by default in update operations and even if forced to download front-ends like apt-get(8) will require explicit confirmation if
       an installation request includes a package from such an unauthenticated archive.

       You can force all APT clients to raise only warnings by setting the configuration option Acquire::AllowInsecureRepositories to
       true. Individual repositories can also be allowed to be insecure via the sources.list(5) option allow-insecure=yes. Note that
       insecure repositories are strongly discouraged and all options to force apt to continue supporting them will eventually be
       removed. Users also have the Trusted option available to disable even the warnings, but be sure to understand the implications as
       detailed in sources.list(5).

       A repository which previously was authenticated but would loose this state in an update operation raises an error in all APT
       clients irrespective of the option to allow or forbid usage of insecure repositories. The error can be overcome by additionally
       setting Acquire::AllowDowngradeToInsecureRepositories to true or for Individual repositories with the sources.list(5) option

       The chain of trust from an APT archive to the end user is made up of several steps.  apt-secure is the last step in this chain;
       trusting an archive does not mean that you trust its packages not to contain malicious code, but means that you trust the archive
       maintainer. It's the archive maintainer's responsibility to ensure that the archive's integrity is preserved.

       apt-secure does not review signatures at a package level. If you require tools to do this you should look at debsig-verify and
       debsign (provided in the debsig-verify and devscripts packages respectively).

       The chain of trust in Debian starts (e.g.) when a maintainer uploads a new package or a new version of a package to the Debian
       archive. In order to become effective, this upload needs to be signed by a key contained in one of the Debian package maintainer
       keyrings (available in the debian-keyring package). Maintainers' keys are signed by other maintainers following pre-established
       procedures to ensure the identity of the key holder. Similar procedures exist in all Debian-based distributions.

       Once the uploaded package is verified and included in the archive, the maintainer signature is stripped off, and checksums of the
       package are computed and put in the Packages file. The checksums of all of the Packages files are then computed and put into the
       Release file. The Release file is then signed by the archive key for this Raspbian release, and distributed alongside the
       packages and the Packages files on Raspbian mirrors. The keys are in the Raspbian archive keyring available in the
       raspbian-archive-keyring package.

       End users can check the signature of the Release file, extract a checksum of a package from it and compare it with the checksum
       of the package they downloaded by hand - or rely on APT doing this automatically.

       Notice that this is distinct from checking signatures on a per package basis. It is designed to prevent two possible attacks:

       o   Network "man in the middle" attacks. Without signature checking, malicious agents can introduce themselves into the package
           download process and provide malicious software either by controlling a network element (router, switch, etc.) or by
           redirecting traffic to a rogue server (through ARP or DNS spoofing attacks).

       o   Mirror network compromise. Without signature checking, a malicious agent can compromise a mirror host and modify the files in
           it to propagate malicious software to all users downloading packages from that host.

       However, it does not defend against a compromise of the master server itself (which signs the packages) or against a compromise
       of the key used to sign the Release files. In any case, this mechanism can complement a per-package signature.

       A Release file contains beside the checksums for the files in the repository also general information about the repository like
       the origin, codename or version number of the release.

       This information is shown in various places so a repository owner should always ensure correctness. Further more user
       configuration like apt_preferences(5) can depend and make use of this information. Since version 1.5 the user must therefore
       explicitly confirm changes to signal that the user is sufficiently prepared e.g. for the new major release of the distribution
       shipped in the repository (as e.g. indicated by the codename).

       apt-key is the program that manages the list of keys used by APT to trust repositories. It can be used to add or remove keys as
       well as list the trusted keys. Limiting which key(s) are able to sign which archive is possible via the Signed-By in

       Note that a default installation already contains all keys to securely acquire packages from the default repositories, so
       fiddling with apt-key is only needed if third-party repositories are added.

       In order to add a new key you need to first download it (you should make sure you are using a trusted communication channel when
       retrieving it), add it with apt-key and then run apt-get update so that apt can download and verify the InRelease or Release.gpg
       files from the archives you have configured.

       If you want to provide archive signatures in an archive under your maintenance you have to:

       o   Create a toplevel Release file, if it does not exist already. You can do this by running apt-ftparchive release (provided in

       o   Sign it. You can do this by running gpg --clearsign -o InRelease Release and gpg -abs -o Release.gpg Release.

       o   Publish the key fingerprint, so that your users will know what key they need to import in order to authenticate the files in
           the archive. It is best to ship your key in its own keyring package like Raspbian does with raspbian-archive-keyring to be
           able to distribute updates and key transitions automatically later.

       o   Provide instructions on how to add your archive and key. If your users can't acquire your key securely the chain of trust
           described above is broken. How you can help users add your key depends on your archive and target audience ranging from
           having your keyring package included in another archive users already have configured (like the default repositories of their
           distribution) to leveraging the web of trust.

       Whenever the contents of the archive change (new packages are added or removed) the archive maintainer has to follow the first
       two steps outlined above.

       apt.conf(5), apt-get(8), sources.list(5), apt-key(8), apt-ftparchive(1), debsign(1), debsig-verify(1), gpg(1)

       For more background information you might want to review the Debian Security Infrastructure[1] chapter of the Securing Debian
       Manual (also available in the harden-doc package) and the Strong Distribution HOWTO[2] by V. Alex Brennen.

See Also:


aptitude NCurses version