Introduction to apt on Ubuntu
Learn how to install and configure apt on your Ubuntu system
Learn How to Install and Configure apt on Your Ubuntu System
(based on the official Ubuntu Server documentation: https://ubuntu.com/server/docs/package-management)
1. Introduction
apt (Advanced Package Tool) is the standard package manager for Debian‑based distributions, including Ubuntu. It handles package installation, removal, updates, and dependency resolution, and it works with the APT repository system. While apt is pre‑installed on all Ubuntu releases, you may need to configure it for custom repositories, pin priorities, or specific behaviors. This guide walks you through the essentials—installing (if you’re on a minimal system), configuring, and mastering apt on your Ubuntu machine.
Why read this?
- You’re new to Ubuntu and want a solid foundation in package management.
- You’re migrating from another system (CentOS, Arch, etc.) and need to know how Ubuntu handles packages.
- You want to tweak
aptfor security, performance, or custom packaging workflows.
2. Prerequisites
| Requirement | Why? | How to Verify |
|---|---|---|
| Ubuntu (or Ubuntu‑based) | apt is tightly integrated with the distro. |
lsb_release -a or cat /etc/os-release |
| Root or sudo privileges | Most configuration changes require elevated rights. | sudo -v |
| Internet connectivity | apt pulls packages from remote repositories. |
ping -c 3 archive.ubuntu.com |
| Optional: basic shell knowledge | Commands are issued via the terminal. | bash or zsh knowledge |
3. Understanding the APT System
- Repository Metadata – Each repo contains an
Index(Packages.gz) that lists available packages and their dependencies. - Configuration Files –
/etc/apt/sources.list– main list of repository URLs./etc/apt/sources.list.d/*.list– additional repo files./etc/apt/apt.conf.d/– configuration snippets (e.g., proxy settings).
- Package Cache –
aptcaches package information locally (/var/cache/apt/archives). - APT Commands –
apt update– refresh metadata.apt upgrade– apply available updates.apt install pkg– install.apt purge pkg– remove plus config.
4. Basic apt Commands
# 1. Update repository metadata
sudo apt update
# 2. Upgrade all upgradable packages
sudo apt upgrade
# 3. Full upgrade (including package removals)
sudo apt full-upgrade
# 4. Install a package
sudo apt install <package-name>
# 5. Remove a package (keeps config)
sudo apt remove <package-name>
# 6. Purge a package (removes config)
sudo apt purge <package-name>
# 7. Search for a package
apt search <keyword>
# 8. Show package details
apt show <package-name>
Tip: Use
apt list --upgradableto view pending upgrades before runningapt upgrade.
5. Configuring Repositories
5.1 Editing /etc/apt/sources.list
sudo nano /etc/apt/sources.list
Typical entry format:
deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu focal-security main restricted universe multiverse
deb– binary packages.deb-src– source packages.- Replace
focalwith your release codename (lsb_release -cs).
5.2 Adding PPAs (Personal Package Archives)
sudo add-apt-repository ppa:ondrej/php
sudo apt update
Use add-apt-repository (part of software-properties-common).
5.3 Adding Third‑Party Repositories Manually
Create a new .list file:
sudo nano /etc/apt/sources.list.d/custom.repo.list
Add:
deb https://download.docker.com/linux/ubuntu focal stable
deb-src https://download.docker.com/linux/ubuntu focal stable
Then:
sudo apt update
5.4 Proxy Configuration
Create /etc/apt/apt.conf.d/95proxies:
Acquire::http::Proxy "http://proxy.example.com:3128/";
Acquire::https::Proxy "https://proxy.example.com:3128/";
6. Managing Packages
6.1 Pinning Package Versions
Create /etc/apt/preferences.d/custom.pref:
Package: *
Pin: release a=focal
Pin-Priority: 500
Package: nginx
Pin: version 1.18.*
Pin-Priority: 700
- Packages with a higher priority (e.g., 700) will override lower‑priority sources.
- A priority of 500 allows installation from the current release but prevents upgrades from newer releases.
Run apt-cache policy <package> to see pinning effects.
6.2 Automating Updates with Unattended Upgrades
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
Edit /etc/apt/apt.conf.d/50unattended-upgrades to include:
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
Enable automatic daily upgrades:
sudo systemctl enable --now unattended-upgrades
6.3 Clean‑Up Commands
# Remove cached packages
sudo apt autoclean
# Remove unused dependencies
sudo apt autoremove
7. Advanced Configuration
| Feature | Use‑Case | Example |
|---|---|---|
| APT hooks | Run scripts before/after actions (e.g., run tests before install). | /etc/apt/apt.conf.d/90hooks with DPkg::Pre-Invoke |
| APT pinning | Keep old kernel while updating others. | Pin linux-image-generic at priority 700 |
| Cache directory | Custom cache path for limited /var space. |
Dir::Cache /mnt/apt-cache/ |
| Timeouts & Retries | Avoid hangs on flaky networks. | Acquire::Retries 5; Acquire::Timeout 120; |
Caveat: Over‑configuring
aptcan break automated updates. Keep a backup of your configuration.
8. Security & Updates
Keep
aptUpdatedsudo apt update && sudo apt install aptEnable Secure Transport
Verify that your repo URLs usehttps. If not, consider switching or adding GPG keys manually.Verify Packages
sudo apt-key listImport keys if needed:
wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -.Audit Installed Packages
sudo apt list --installed | sort | uniq -cConfigure Automatic Security Updates
Useunattended-upgradesas shown in section 6.2.
9. Troubleshooting
| Symptom | Likely Cause | Fix |
|---|---|---|
E: Unable to locate package |
Wrong repo entry or missing apt update |
Verify /etc/apt/sources.list, run sudo apt update |
Failed to fetch ... 404 Not Found |
Repo URL changed or release outdated | Update to correct release codename |
The following packages have unmet dependencies |
Broken pinning or incomplete apt update |
Check apt-cache policy, adjust preferences |
apt-get locks out due to another process |
Another apt/dpkg process running |
Wait or sudo killall apt-get after confirming no other installs |
| GPG signature errors | Missing repo key | Import the key or disable apt’s signature checking (not recommended) |
Command to clear lock files (if you’re sure no
aptprocesses are running):sudo rm /var/lib/dpkg/lock-frontend /var/lib/dpkg/lock
Then runsudo dpkg --configure -a.
10. Further Reading & Resources
| Resource | Description | Link |
|---|---|---|
| Ubuntu Server Guide – Package Management | Official in‑depth guide. | https://ubuntu.com/server/docs/package-management |
| Debian APT Manual | Classic documentation, still highly relevant. | https://manpages.debian.org/stable/apt/apt.8.en.html |
| apt-get vs apt | Understanding the newer apt front‑end. |
https://wiki.debian.org/Apt |
| Linux Foundation – Advanced Package Management | Free course on apt, dpkg, and YUM. | https://linuxacademy.com/course/apt/ |
| Ubuntu Security Guide | How to secure your Ubuntu system, including package updates. | https://ubuntu.com/security |
| Stack Overflow – apt questions | Community Q&A on apt nuances. | https://stackoverflow.com/questions/tagged/apt |
| GitHub – apt-pinning-scripts | Community‑maintained scripts for complex pinning. | https://github.com/search?q=apt+pinning |
| Canonical Blog – Unattended Upgrades | Official blog on automating security updates. | https://ubuntu.com/blog/unattended-upgrades |
| Reddit r/Ubuntu | Community discussions, tips, and troubleshooting. | https://www.reddit.com/r/Ubuntu/ |
11. Summary
aptis pre‑installed on Ubuntu, but fine‑tuning it can save time, reduce vulnerabilities, and keep your system stable.- Key tasks:
apt update,apt upgrade, manage repos via/etc/apt/sources.listor PPAs, pin packages with/etc/apt/preferences.d, automate updates withunattended-upgrades. - Security best practices: keep
aptupdated, use HTTPS repos, verify GPG keys, enable automatic security updates.
Feel free to customize the above guide to match your environment—whether it’s a small personal server or a multi‑node production cluster. Happy packaging!