Installing and managing software in GNU/Linux

Sep 1, 2024

This article is part of the series:

In any operating system, installing, updating, and removing software is a fundamental task. In GNU/Linux, this management is done using packages, which are collections of files installed on your system to provide an application or utility. These packages are stored in repositories, which are essentially remote servers containing a large collection of packaged software, ready to be downloaded and installed.

Repositories

Repositories are online storage locations where software packages ready to be installed on a Linux distribution are found. Each distribution has its own official repositories, which usually contain software that has been tested and verified to work correctly with that particular distribution. In addition to official repositories, it is also possible to add third-party repositories to obtain software that is not available in the official ones.

In this article, we will focus on package management in distributions based on Debian and Red Hat, which are two of the most popular distribution families in the world of GNU/Linux. Examples of Debian-based distributions include Ubuntu, Linux Mint, and Debian itself, while Red Hat-based distributions include Fedora, CentOS, and RHEL (Red Hat Enterprise Linux).

We will focus only on official and third-party repositories, as these are the most common and are typically used in most end-user environments.

Types

  • Official Repositories: Maintained by the distribution’s developers, they include reliable and secure software.
  • Third-Party Repositories: Maintained by tool developers or communities, they may include newer or specific software that is not found in the official repositories.
  • Local Repositories: Repositories that can be hosted on a local network, often used in enterprise environments to centrally manage software.

We will focus on official and third-party repositories, as these are the most common and are typically used in most end-user environments.

You can safely try all the commands mentioned below without worrying about breaking anything by virtualizing each of the systems with Docker:

  
  docker run -it --name debian-container --restart=no debian:latest # Debian
  docker run -it --name fedora-container --restart=no fedora:latest # Fedora
  

Official and Third-Party

As mentioned earlier, official repositories are maintained by the distribution’s developers and contain software that has been tested and verified to work correctly on the distribution; they are regularly updated to provide users with the latest software versions.

Managing repositories in GNU/Linux involves adding, removing, or modifying the sources from which the system downloads packages. Proper repository management is crucial for maintaining system stability and security, as a poorly configured repository or untrusted software can pose security risks.

They are stored in the path /etc/apt/sources.list.d on Debian-based systems and /etc/yum.repos.d/ on Red Hat-based systems.

They would look something like this on an Ubuntu 24.04:


 betazetadev@desktop:/etc/apt/sources.list.d$ ls
  dart_stable.list                          
  librewolf.sources
  docker.list  
  inkscape_dev-ubuntu-stable-noble.sources  
  ubuntu.sources  
  ubuntu.sources.curtin.orig
  

And like this on a Fedora 40:


 betazetadev@desktop:/etc/yum.repos.d$ ls
  fedora-cisco-openh264.repo  
  fedora-updates-testing.repo  
  fedora-updates.repo  
  fedora.repo
  

The contents of these files are similar, they contain the repository information, such as the type of repository, the URI from which the packages are downloaded, the components, and the signing key. For example, in Debian-based systems, the contents of a repository file might look like this:


 Types: deb
 URIs: http://es.archive.ubuntu.com/ubuntu/
 Suites: noble noble-updates noble-backports
 Components: main restricted universe multiverse
 Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
  

And in Red Hat-based systems, the contents of a repository file might look like this:


  [fedora]
  name=Fedora $releasever - $basearch
  #baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
  metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
  enabled=1
  countme=1
  metadata_expire=7d
  repo_gpgcheck=0
  type=rpm
  gpgcheck=1
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  skip_if_unavailable=False
  

It is important to highlight the signing process, as packages are digitally signed to ensure their authenticity and prevent tampering. If a package is not signed or the signature does not match the repository’s public key, the package manager will display a warning message and will not allow the package to be installed. This is a security measure to ensure that the downloaded packages are authentic and have not been altered by third parties.

In Debian-based distributions, the /etc/apt/sources.list file was previously used to manage repositories (and it is still present), but it is now recommended to use individual files in the /etc/apt/sources.list.d/ directory for better organization and maintenance. This way, repositories can be separated into different files, allowing them to be enabled or disabled as needed without affecting others.

Repositories can also be managed through the graphical interface of software management and update tools integrated into most common distributions. In Ubuntu, for example, it is called Software & Updates, and it allows you to easily add, remove, and modify repositories in a visual way.

Package Management

Package management in GNU/Linux is performed through specific tools that allow you to install, update, remove, and search for packages in the repositories. In Debian-based distributions, the most common tool is apt, while in Red Hat-based distributions, yum is used.

Now that we know where applications come from and how repositories are organized in the system, let’s look at how to install, update, and remove packages in GNU/Linux.

Package Search and Information

We can search for packages in the repositories to obtain information about them, such as their name, description, version, and dependencies. To do this, we use the apt search command in Debian-based distributions and yum search in Red Hat-based distributions. By “dependencies,” we refer to other packages or libraries that a program needs to function correctly. When you install a package, the package manager also automatically installs all the necessary dependencies to ensure the software works.

The search will provide details about the package, including its description, version number, size, dependencies, and other relevant information. For example, to search for the htop package, which is an interactive system monitor that runs directly in the terminal, you would use the following command:


    apt search htop
    

Before performing a search on Debian-based systems, it is recommended to update the repository state on your system using the apt update command. This will refresh the list of available packages and their information in the repositories, allowing the package manager to find the most recent versions. On Red Hat-based systems, like Fedora, this step is not necessary, as yum search automatically updates the repository information before displaying the results.

On Red Hat-based distributions, the command would be similar:


    yum search htop
    

We can also search among the installed packages on the system to check if a specific package is present. To do this, we use the apt list --installed command on Debian-based distributions and yum list installed on Red Hat-based distributions.

For example, to check if the htop package is installed on the system, you would use the following command:


    apt list --installed | grep htop
    

Or on Red Hat-based distributions:


    yum list installed | grep htop
    

Thanks to the combination of apt list --installed and grep, we can search among the installed packages on the system. The grep command searches for a string of text in the output of another command; in this case, it looks for the htop string in the output of apt list --installed or yum list installed. Using the pipe |, the output of one command is sent to another.

In this other article, we covered the most common GNU/Linux terminal commands, which I recommend you visit if you’re not yet familiar with them. This will inform us whether the package is installed or not, and if it is, it will show us the installed version. If nothing appears in the output, it means the package is not on the system.

If a package is not found in the official repositories, it may be in a third-party repository or may no longer be available for our distribution through these means, so we would need to search through other avenues. Generally, when this happens, what is usually done is to go to the official website of the software and look for installation instructions for our distribution, which usually includes downloading a .deb or .rpm package for manual installation or instructions on how to add the repository to use apt or yum for management.

.deb packages are for Debian derivatives, while .rpm packages are used in Red Hat-based distributions. These packages contain the software and its dependencies and can be installed manually on the system using tools like dpkg and rpm, respectively.

Packages installed using .deb or .rpm binaries generally require manual management. In the case of .deb packages, they will not be automatically updated through apt, so it is important to keep this in mind when installing software in this way. However, on Red Hat-based systems, .rpm packages can be updated using the same binary with the rpm -U command, allowing you to keep packages updated without the need for constant manual management. Later, we will explore manual package management in more detail.

Installing, Removing, and Updating Packages

As mentioned earlier, we will use the apt and yum commands to access packages from the repository. Both commands require superuser privileges when making modifications (installing, removing, updating). In such cases, it is necessary to use sudo or start a session as a superuser before executing them. However, queries (searching) can be done by a user without administrative privileges.

Debian-Based Distributions

APT

To install a package with apt, use the following command:


    sudo apt install package_name
    

For example, to install the htop package, you would use the following command:


    sudo apt install htop
    

To remove a package we no longer need, we use the apt remove command:


    sudo apt remove htop
    

And we can update it with the command:


    sudo apt install --only-upgrade htop
    

It is important to note that the distribution’s own programs can be updated using these tools. First, you use apt update to refresh the list of available packages, as mentioned earlier, and then apt upgrade to update the installed packages on the system. This allows you to update all software in one go.

This process updates the applications installed from the official repositories but does not update the operating system itself or applications installed from other sources, such as third-party or manually installed applications. To upgrade the operating system to a new version, the apt dist-upgrade command is used. However, it’s important to note that if there are problems with the upgrade, the system may become unstable or even stop working, so it is highly recommended to back up your data before performing this process. Manually installed packages generally need to be updated manually.

DPKG

Manual package management requires knowing some basic commands like dpkg for installing .deb packages or rpm for installing packages with that extension.

To handle a .deb package, use the dpkg command:

  • dpkg -i package.deb: Installs a .deb package.
  • dpkg -r package: Removes an installed package.
  • dpkg -l | grep package: Displays information about an installed package.

To update it, you need to download the new version of the package and reinstall it with dpkg -i package.deb.

Red Hat-Based Distributions

YUM

In Red Hat-based distributions, the yum command is used to install, update, and remove packages from the repositories. To install a package:


    sudo yum install package_name
    

For example, to install the htop package, you would use the following command:


    sudo yum install htop
    

To remove a package:


    sudo yum remove htop
    

And to update it:


    sudo yum update htop
    

Just like with apt, yum also allows you to update all the software on the system with a single command, using yum update. This command updates both the installed applications and the operating system to the latest versions available in the official repositories. There is no need for an additional command to update the operating system itself, as yum update covers both aspects. However, as with other systems, manually installed applications or those from third-party repositories may require independent management.

RPM

To manage a .rpm package on Red Hat and its derivatives, the rpm command is used:

  • rpm -i package.rpm: Installs a .rpm package.
  • rpm -e package: Removes an installed package.
  • rpm -q package: Displays information about an installed package.
  • rpm -U package.rpm: Updates a .rpm package.

While Red Hat-based distributions do allow you to update an rpm package with the rpm -U package.rpm command, it is always more reliable and safer to do so through yum, as it handles dependencies and updates related packages.

Dependency issues can easily arise when manually installing packages, so it is recommended to install packages from the official repositories whenever possible, as they have been tested and verified to work correctly with the particular distribution. However, in some cases, it may be necessary to install software that is not available in the official repositories, requiring the use of other sources such as third-party repositories or manual installation.

As we have discussed before, (almost) everything in Linux has a graphical interface, and package management is no exception. All major distributions usually come with a default integrated program that allows you to install, update, and remove software easily through an intuitive graphical interface, without the need to enter commands. Below, for example, is the snap application store in Ubuntu, which allows you to install applications packaged in snap, a format created by Canonical (the company behind Ubuntu) for their operating system. However, it is not exclusive to Ubuntu, as it can be installed on other distributions. You can find more information on the Ubuntu page.

Conclusion

Package management in GNU/Linux is a fundamental task that allows you to install, update, and remove software in a simple and secure, yet organized, way. Thanks to this package and repository system, in addition to centralizing software management and configurations (using specific paths for this), system stability and security are ensured. I encourage you to experiment with these and other commands to familiarize yourself with package management in GNU/Linux. It is one of the most common and useful tasks you will perform in your day-to-day with the operating system.

Related posts

That may interest you