Packages (Buster)

From Hexwiki
Revision as of 17:01, 21 January 2021 by Vekseid (talk | contribs)
Jump to navigation Jump to search

This document covers package management itself, in addition to documenting some smaller packages that I use.

Apt

I tend to use aptitude rather than apt-get, personally, and I always turn off 'auto-resolve dependencies' and 'install recommended packages automatically'.

  • apt-get install aptitude aptitude-doc-en apt-transport-https lsb-release ca-certificates curl

Your mileage may vary, but I try to know something about every component going into my system.

  • /etc/apt/sources.list
deb http://deb.debian.org/debian/ buster main
deb-src http://deb.debian.org/debian/ buster main
deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main
deb http://deb.debian.org/debian/ buster-updates main
deb-src http://deb.debian.org/debian/ buster-updates main
deb http://ftp.us.debian.org/debian/ buster-backports main
deb-src http://ftp.us.debian.org/debian/ buster-backports main

If running PHP, you may want to go for the package maintainer's repo. Run:

curl -sSL -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'

Generally a good idea to try to find your closest mirror. Sometimes your host even provides a mirror - will certainly make them happier if you use it.

To save time, I automatically run apt-get update hourly, through cron:

  • /etc/cron.hourly/apt-get-update
#!/bin/sh
#/etc/cron.hourly/apt-get-update
# Much simpler than the cron-apt package.
/usr/bin/apt-get update
/usr/bin/apt-get -dy upgrade

Run:

chmod 0750 /etc/cron.hourly/apt-get-update

This automatically checks for updates, and downloads them, but it does not apply them.

Package Additions

  • conntrack sysstat iotop lm-sensors sash libpam-tmpdir zip unzip libdigest-whirlpool-perl acct nmap cgdb sudo
    • You may want to devote some time to what acct and sysstat can do for you.
  • Development: apt-get install fakeroot debhelper build-essential

Package Removal

Debian has some defaults that you probably do not need on a server:

  • Careful purge: task-ssh-server (be sure not to lose your actual ssh server).
  • Basic Purge: task-english console-setup-linux isc-dhcp-client isc-dhcp-common laptop-detect libx11-data libxau6 libxdmcp6 portmap tasksel xauth xkb-data
  • The culturally insensitive may also purge: console-setup console-terminus kbd keyboard-configuration
    • /etc/console-setup may need to get removed manually

ntpsec-ntpdate

Significantly more lightweight than ntp, easier to configure and one less server to run. If you have a number of machines at a site, you may want to run one server and have the others pull off of it. Beyond this, though,

  • /etc/default/ntpsec-ntpdate
    • NTPOPTIONS=" -B "
    • forces slewing. Prevents time travel. Time travel bad.
  • /etc/cron.hourly/ntpdate
#!/bin/sh
#/etc/cron.hourly/ntpdate
#ntpdate autorun
if [ -f /usr/sbin/ntpdate-debian ]; then
    /usr/sbin/ntpdate-debian -B
fi
  • Run:
chmod 0750 /etc/cron.hourly/ntpdate

Random silly packages

  • fortunes (and friends), cowsay, filters
    • Is good to greet visitors with a talking cow. Reminds you how seriously you should take your job.
  • bsdgames, nethack-console, slashem
    • One of these decades I will get around to ascending...