Package Management

By admin, 2 April, 2020

An independent application library and installer and automatic dependency solver such as dpkg for Linux, pkgng for FreeBSD and pkgin for NetBSD:

Using dpkg for Binary Package Management


apt - command-line interface (Linux)


apt [-h] [-o=config_string] [-c=config_file] [-t=target_release] [-a=architecture] {list | search | show | update | install pkg [{=pkg_version_number | /target_release}]... | remove pkg... | upgrade | full-upgrade | edit-sources | {-v | --version} | {-h | --help}}


apt provides a high-level commandline interface for the package management system. It is intended as an end user interface and enables some options better suited for interactive usage by default compared to more specialized APT tools like apt-get and apt-cache.

Much like apt itself, its manpage is intended as an end user interface and as such only mentions the most used commands and options partly to not duplicate information in multiple places and partly to avoid overwhelming readers with a cornucopia of options and details.

update (apt-get)

update is used to download package information from all configured sources. Other commands operate on this data to e.g. perform package upgrades or search in and display details about all packages available for installation.

upgrade (apt-get)

upgrade is used to install available upgrades of all packages currently installed on the system from the sources configured via sources.list. New packages will be installed if required to satisfy dependencies, but existing packages will never be removed. If an upgrade for a package requires the removal of an installed package the upgrade for this package isn't performed.

full-upgrade (apt-get)

full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.

install, reinstall, remove, purge (apt-get)

Performs the requested action on one or more packages specified via regex, glob or exact match. The requested action can be overridden for specific packages by append a plus (+) to the package name to install this package or a minus (-) to remove it.

A specific version of a package can be selected for installation by following the package name with an equals (=) and the version of the package to select. Alternatively the version from a specific release can be selected by following the package name with a forward slash (/) and codename (buster, bullseye, sid ...) or suite name (stable, testing, unstable). This will also select versions from this release for dependencies of this package if needed to satisfy the request.

Removing a package removes all packaged data, but leaves usually small (modified) user configuration files behind, in case the remove was an accident. Just issuing an installation request for the accidentally removed package will restore its function as before in that case. On the other hand you can get rid of these leftovers by calling purge even on already removed packages. Note that this does not affect any data or configuration stored in your home directory.

autoremove (apt-get)

autoremove is used to remove packages that were automatically installed to satisfy dependencies for other packages and are now no longer needed as dependencies changed or the package(s) needing them were removed in the meantime.

You should check that the list does not include applications you have grown to like even though they were once installed just as a dependency of another package. You can mark such a package as manually installed by using apt-mark. Packages which you have installed explicitly via install are also never proposed for automatic removal.

search (apt-cache)

search can be used to search for the given regex term(s) in the list of available packages and display matches. This can e.g. be useful if you are looking for packages having a specific feature. If you are looking for a package including a specific file try apt-file.

show (apt-cache)

Show information about the given package(s) including its dependencies, installation and download size, sources the package is available from, the description of the packages content and much more. It can e.g. be helpful to look at this information before allowing apt to remove a package or while searching for new packages to install.

list (work-in-progress)

list is somewhat similar to dpkg-query --list in that it can display a list of packages satisfying certain criteria. It supports glob patterns for matching package names as well as options to list installed (--installed), upgradeable (--upgradeable) or all available (--all-versions) versions.

edit-sources (work-in-progress)

edit-sources lets you edit your sources.list files in your preferred texteditor while also providing basic sanity checks.

Key Management


apt-key - APT key management utility (Linux)


apt-key [--keyring filename] {add filename | del keyid | export keyid | exportall | list | finger | adv | update | net-update | {-v | --version} | {-h | --help}}


apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted.

Note that if usage of apt-key is desired the additional installation of the GNU Privacy Guard suite (packaged in gnupg) is required. For this reason alone the programmatic usage (especially in package maintainerscripts!) is strongly discouraged. Further more the output format of all commands is undefined and can and does change whenever the underlying commands change. apt-key will try to detect such usage and generates warnings on stderr in these cases.


apt-key supports only the binary OpenPGP format (also known as "GPG key public ring") in files with the "gpg" extension, not the keybox database format introduced in newer gpg versions as default for keyring files. Binary keyring files intended to be used with any apt version should therefore always be created with gpg --export.

Alternatively, if all systems which should be using the created keyring have at least apt version >= 1.4 installed, you can use the ASCII armored format with the "asc" extension instead which can be created with gpg --armor --export.


add filename

Add a new key to the list of trusted keys. The key is read from the filename given with the parameter filename or if the filename is - from standard input.

It is critical that keys added manually via apt-key are verified to belong to the owner of the repositories they claim to be for otherwise the apt-secure infrastructure is completely undermined.

Note: Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive name and either "gpg" or "asc" as file extension.

del keyid Remove a key from the list of trusted keys.

export keyid Output the key keyid to standard output.

exportall Output all trusted keys to standard output.

list, finger List trusted keys with fingerprints.

adv Pass advanced options to gpg. With adv --recv-key you can e.g. download key from keyservers directly into the trusted set of keys. Note that there are no checks performed, so it is easy to completely undermine the apt-secure infrastructure if used without care.

update (deprecated) Update the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian.

Note that a distribution does not need to and in fact should not use this command any longer and instead ship keyring files in the /etc/apt/trusted.gpg.d/ directory directly as this avoids a dependency on gnupg and it is easier to manage keys by simply adding and removing files for maintainers and users alike.

net-update Perform an update working similarly to the update command above, but get the archive keyring from a URI instead and validate it against a master key. This requires an installed download manager and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command, relying on update instead, but Ubuntu's APT does.


Note that options need to be defined before the commands described in the previous section.

--keyring filename With this option it is possible to specify a particular keyring file the command should operate on. The default is that a command is executed on the trusted.gpg file as well as on all parts in the trusted.gpg.d directory, though trusted.gpg is the primary keyring which means that e.g. new keys are added to this one.

Synaptic Package Management

Synaptic is a graphical package management tool based on GTK+ and APT. Synaptic enables you to install, upgrade and remove software packages in a user friendly way.

Besides these basic functions the following features are provided:

  • Search and filter the list of available packages
  • Perform smart system upgrades
  • Fix broken package dependencies
  • Edit the list of used repositories (sources.list)
  • Download the latest changelog of a package
  • Configure packages through the debconf system
  • Browse all available documentation related to a package (dwww is required)

Using pkgng for Binary Package Management


pkg, pkg-static -- manipulate packages (FreeBSD)


pkg [-v] [-d] [-l] [-N] [-j

pkg [--version] [--debug] [--list] [-N] [--jail


pkg provides an interface for manipulating packages: registering, adding, removing and upgrading packages. pkg-static is a statically linked variant of pkg typically only used for the initial installation of pkg. There are some differences in functionality. See pkg.conf for details.


The following options are supported by pkg:

-v, --version Display the current version of pkg.

-d, --debug Show debug information.

-l, --list List all the available command names, and exit without performing any other action. The -v option takes precedence over -l but -l will override any other command line arguments.


Set configuration option for pkg from the command line. Options that are set from the environment are redefined. It is permitted to specify this option multiple times.

-N Activation status check mode. Prevent pkg from automatically creating or initializing the SQLite database in /var/db/pkg/local.sqlite if it does not already exist.

Prevent pkg from performing any actions if no packages are currently installed, on the basis that a correctly initialized system using pkg will always have at least the pkg package itself registered.

If used without any other arguments, pkg -N will run the sanity tests and if successful print out a short message showing how many packages are currently installed. The exit status should be a reliable indication of whether a system is configured to use pkg as its package management system or not.

Example usage:

if pkg -N >/dev/null 2>&1; then

# pkgng-specifics


# pkg_install-specifics


The -N flag was first released in the /usr/sbin/pkg bootstrapper in FreeBSD 8.4, but was missing from FreeBSD 9.1. It may not be enough to just call pkg -N, as the bootstrapper may be invoked, or an error returned from pkg. The following script is the safest way to detect if pkg is installed and activated:



pkg info -x 'pkg(-devel)?$' >/dev/null 2>&1; then

# pkgng-specifics


# pkg_install-specifics



pkg will execute in the given


pkg will chroot in the


pkg will install all packages within the specified


pkg will use the specified file as a configuration file.


pkg will search the directory for per-repository configuration files. This overrides any value of REPOS_DIR specified in the main configuration file.

-4 pkg will use IPv4 for fetching repository and packages.

-6 pkg will use IPv6 for fetching repository and packages.


The following commands are supported by pkg:

help command Display usage information of the specified command.

add Install a package from either a local source or a remote one. When installing from remote source you need to specify the protocol to use when fetching the package. Currently supported protocols are FTP, HTTP and HTTPS.

annotate Add, modify or delete tag-value style annotations on packages.

audit Audit installed packages against known vulnerabilities.

autoremove Delete packages which were automatically installed as dependencies and are not required any more.

backup Dump the local package database to a file specified on the command-line.

bootstrap This is for compatibility with the pkg bootstrapper. If pkg is already installed, nothing is done. If invoked with the -f flag an attempt will be made to reinstall pkg from remote repository.

check Sanity checks installed packages.

clean Clean the local cache of fetched remote packages.

convert Convert to and from the old pkg_add format.

create Create a package.

delete Delete a package from the database and the system.

fetch Fetch packages from a remote repository.

info Display information about installed packages.

install Install a package from a remote package repository. If a package is found in more than one remote repository, then installation happens from the first one. Downloading a package is tried from each package repository in turn, until the package is successfully fetched.

lock Prevent modification or deletion of a package.

plugins List the available plugins.

query Query information about installed packages.

register Register a package in the database.

repo Create a local package repository for remote usage.

rquery Query information for remote repositories.

search Search for the given pattern in the remote package repositories.

set Modify information in the installed database.

shell Open a SQLite shell to the local or remote database. Extreme care should be taken when using this command.

shlib Displays which packages link to a specific shared library.

stats Display package database statistics.

unlock Unlocks packages, allowing them to be modified or deleted.

update Update the available remote repositories as listed in pkg.conf.

updating Display UPDATING entries of installed packages.

upgrade Upgrade a package to a newer version.

version Summarize installed versions of packages.

which Query the database for package(s) that installed a specific file.

OctoPkg Package Management

OctoPkg is a graphical front-end to the pkg-ng package manager. OctoPkg enables users to search for, install, remove and upgrade pkg-ng packages through a simple GUI interface.

OctoPkg is a powerful tool to manage FreeBSD packages. It has a simple interface which consists of just 2 panels:

  • A list of all available packages (including those resulting of searches);
  • A tab widget showing 6 useful tabs: information, files, transaction, output, news and a quick help guide.

Using pkgin for Binary Package Management


pkgin - A tool to manage pkgsrc binary packages. (NetBSD)


[-dfFhPvVyn][-l limit_chars][-c chroot_path][-t log_file]command[package ...]


The command is aimed at being an apt /yum like tool for managing pkgsrc binary packages. It relies onpkg_summary5for installation, removal and upgradeof packages and associated dependencies, using a remote repository.


The following command line arguments are supported:

-d Download only.

-f Force database update.

-F Force package reinstall.

-h Displays help for the command.

-P Displays packages versions instead of globs (sd, sfd, srd)

-v Displaysversion

-V Be verbose when (un)installing

-y Assumes "yes" as default answer, except for autoremove.

-n Assumes "no" as default answer.

-l limit_chars Only include the packages with the specified status flags.

-c chroot_path Enable chrooting pkgin in the given repository

-t log_file Logs package browsing (dependencies and impact) to a given log file

The utility provides several commands:

autoremove Automatically removes orphan dependencies.

avail Lists all packages available in the repository.

clean Delete downloaded packages from the cache directory.

export Export the list of non-autoremovable packages to stdout(one category/package by line)

full-upgrade Upgrade all packages to their newer versions present in therepository.

import file Import a list of packages to be installed from file(one category/package by line)

install package … Performs installation or upgrade ofpackage If more than one packages are specified on the command-line, allwill be installed (or upgraded).

keep package … Markspackageas "non auto-removable".This means that a package that has, for instance, been compiledmanually from pkgsrc, can't be removed through aupgrade.More than one package can be specified on the command-line, to markseveral packages as non-removable in a single command.

list Lists all packages installed locally on a system. If thelmodifier is added to this command, show only packages matching the status flag.

pkg-content package Show remotepackagecontent.

pkg-descr package Show remotepackagelong-description.

pkg-build-defs package Show remotepackagebuild definitions.

provides package Shows what apackageprovides to others

remove package … Removespackageas well as all packages depending on it.When more than one package are specified, they will all be uninstalled.By default, it will prompt you to confirm before package removals.

requires package Shows what apackagerequires from otherspackages

search pattern Performs a regular expression search for a pattern in the repository.

show-deps Displays all direct dependencies

show-full-deps package Displays all direct dependencies recursively

show-rev-deps package Displays all reverse direct dependencies for package If more than one package is specified,will show recursively reverse direct dependencies for all packageson the command-line.

show-category category Show packages belonging tocategory

show-pkg-category package Showpackagecategory.

show-keep Display "non auto-removable" packages.

show-no-keep Display "auto-removable" packages.

unkeep package … Markspackageas "auto-removable".If no other package depends on it, it will be removed when usingthe autoremove modifier.

update Creates and populates the initial database of locally installed packagesand available packages (from the remotepkg_summary5list). This is done automatically when is first used, when the system package database has been modified. or when is upgraded to a new database version.

upgrade Upgrade keepable packages to their newer versions present in therepository.If the installed dependencies match the listed needed dependencies,don't upgrade them.


When using thelflag along with thelistcommand, the following status flag must be set:

= The installed version of the package is current.

> The installed version of the package is newer than the current version.



The PKG_REPOS environment variable can be pointed to a suitable repository or a list ofspace separated repositories in order to override/usr/pkg/etc/pkgin/repositories.conf



This file contains a list of repository URIs thatwill use.It may contain macros$archto define the machine hardware platformand$osreleaseto define the release version for the operating system(as reported byuname).


Setup the initial database:

# echo > /usr/pkg/etc/pkgin/repositories.conf# pkgin updateprocessing local summary...updating database: 100%downloading pkg_summary.bz2: 100%processing remote summary ( database: 100%

Listing all packages available in the repository:

# pkgin avail | more[...]autoconf-2.63 Generates automatic source code configuration scriptsaumix-gtk-2.8nb3 Set mix levels (ncurses and GTK+ 2.0 interfaces)aumix-2.8nb7 Set mix levels (ncurses interface only)august-0.63b Simple Tk-based HTML editoraudacity-1.2.6nb3 Audio editor[...]

Install packages and their dependencies:

# pkgin install links etermnothing to upgrade.11 packages to be installed: tiff-3.8.2nb4 png-1.2.35 libungif-4.1.4nb1 libltdl-1.5.26 jpeg-6bnb4 pcre-7.8 perl-5.10.0nb5 libast-0.6.1nb3 imlib2-1.4.2nb1 links-2.2nb1 eterm-0.9.4nb1 (25M to download, 64M to install)proceed ? [y/N]

Remove packages and their reverse dependencies:

# pkgin remove links eterm2 packages to delete: links-2.2nb1 eterm-0.9.4nb1proceed ? [y/N]

Remove orphan dependencies:

# pkgin autoremovein order to remove packages from the autoremove list, flag those with the -k modifier.9 packages to be autoremoved: libast-0.6.1nb3 pcre-7.8 imlib2-1.4.2nb1 tiff-3.8.2nb4 png-1.2.35 libungif-4.1.4nb1 libltdl-1.5.26 perl-5.10.0nb5 jpeg-6bnb4proceed ? [y/N]

Moun Package Management

Manage applications and libraries installed on your system to the package level. Search, install and remove packages and inspect their versions and their dependencies.

Note: this does not include applications distributed through Snap or Flatpack. You may prefer Plasma-Discover, if what you are looking for is a Software Center.