Skip to content

Package Management

Summary

This chapter teaches you to install, update, and manage software on Linux. You'll master APT for Debian/Ubuntu systems, learn about dpkg, Snap, and Flatpak package formats, and explore Homebrew for cross-platform package management. Understanding package managers and repositories is essential for maintaining a healthy Linux system.

Concepts Covered

This chapter covers the following 20 concepts from the learning graph:

  1. Package Manager
  2. Software Packages
  3. Package Repositories
  4. APT Package Manager
  5. Apt Update
  6. Apt Upgrade
  7. Apt Install
  8. Apt Remove
  9. Apt Search
  10. Apt Show
  11. Dpkg Command
  12. Dpkg Command
  13. Snap Packages
  14. Flatpak
  15. Homebrew
  16. Brew Install
  17. Brew Update
  18. Package Dependencies
  19. Repository Sources
  20. PPA Repositories
  21. Software Updates

Prerequisites

This chapter builds on concepts from:

How Do You Install Software on Linux?

On Windows, you download an .exe file and double-click it. On macOS, you drag an app to the Applications folder. But on Linux? Linux has something MUCH better: package managers.

Imagine if your phone's app store could install ANY software, automatically handle updates, and make sure everything works together. That's what package managers do. They're one of Linux's superpowers!

In this chapter, you'll learn to install software like a pro—and understand why keeping your system updated isn't just convenient, it's essential for security.

Package Managers: Your Software Butler

A package manager is a tool that automates installing, updating, configuring, and removing software. Think of it as a butler for your software needs.

Instead of:

  1. Finding the software website
  2. Downloading the right version
  3. Running an installer
  4. Figuring out dependencies
  5. Remembering to check for updates

You just type:

1
sudo apt install firefox

Done. Firefox is installed, with all its dependencies, from a trusted source.

Why Package Managers Are Awesome

  • One command to install: No hunting for download links
  • Automatic updates: Keep everything current easily
  • Dependency resolution: Required libraries installed automatically
  • Trusted sources: Software comes from verified repositories
  • Easy removal: Clean uninstalls without leftover junk
  • Consistency: Same process for thousands of packages

Software Packages: What Gets Installed

A software package is a bundle containing:

  • The program's executable files
  • Configuration files
  • Documentation
  • Metadata (name, version, dependencies)
  • Installation scripts

Different Linux distributions use different package formats:

Format Extension Used By
DEB .deb Debian, Ubuntu, Linux Mint
RPM .rpm Fedora, RHEL, CentOS, openSUSE
Pacman .pkg.tar.zst Arch Linux, Manjaro
Snap .snap Cross-distribution
Flatpak .flatpak Cross-distribution

Package Repositories: The App Store

Package repositories are servers that host software packages. When you install something, your package manager downloads it from these repositories.

Think of repositories as giant libraries of software, maintained by your distribution's team. The default repositories contain thousands of packages, all tested to work together.

1
2
3
4
5
6
# See where APT gets its packages
cat /etc/apt/sources.list

# Example output:
# deb http://archive.ubuntu.com/ubuntu jammy main restricted
# deb http://archive.ubuntu.com/ubuntu jammy universe multiverse

Repository Components (Ubuntu/Debian)

Component Description
main Officially supported, open source
restricted Officially supported, not fully open source
universe Community-maintained, open source
multiverse Not free or has legal restrictions

The APT Package Manager

The APT package manager (Advanced Package Tool) is the primary tool for Debian-based systems like Ubuntu and Linux Mint. It's powerful, user-friendly, and what you'll use most often.

Apt Update: Refresh the Package List

Apt update downloads the latest package information from repositories. It doesn't install anything—it just updates the list of what's available.

1
2
3
4
5
6
7
8
# Always run this first!
sudo apt update

# Output shows:
# Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
# Get:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
# ...
# Reading package lists... Done

Update Before Installing

Always run apt update before installing new software. Otherwise, you might install outdated versions or miss packages that have been added recently.

Apt Upgrade: Install Updates

Apt upgrade installs available updates for all installed packages:

1
2
3
4
5
6
7
8
# See what would be upgraded
apt list --upgradable

# Install all updates
sudo apt upgrade

# Upgrade with smarter conflict resolution
sudo apt full-upgrade

The difference:

  • apt upgrade: Won't remove packages or install new dependencies
  • apt full-upgrade: May remove packages if needed for the upgrade

Apt Install: Add New Software

Apt install downloads and installs packages:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Install a single package
sudo apt install vim

# Install multiple packages
sudo apt install git curl wget

# Install without prompting (for scripts)
sudo apt install -y htop

# Install a specific version
sudo apt install nginx=1.18.0-0ubuntu1

APT automatically handles package dependencies—other packages your software needs to work.

Apt Remove: Uninstall Software

Apt remove uninstalls packages:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Remove a package (keeps config files)
sudo apt remove firefox

# Remove package AND config files
sudo apt purge firefox

# Remove unused dependencies
sudo apt autoremove

# The nuclear option: purge + autoremove
sudo apt purge firefox && sudo apt autoremove

Apt Search: Find Packages

Apt search finds packages by name or description:

1
2
3
4
5
6
7
8
# Search for packages
apt search image editor

# Search package names only
apt search --names-only gimp

# Use grep for more control
apt search editor | grep -i image

Apt Show: Package Information

Apt show displays detailed information about a package:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
apt show firefox

# Output includes:
# Package: firefox
# Version: 119.0+build1-0ubuntu0.22.04.1
# Priority: optional
# Section: web
# Maintainer: Ubuntu Mozilla Team
# Installed-Size: 232 MB
# Depends: libc6 (>= 2.34), libglib2.0-0...
# Description: Safe and easy web browser from Mozilla

APT Command Summary

Command Purpose
apt update Refresh package lists
apt upgrade Install updates
apt install <pkg> Install package
apt remove <pkg> Remove package
apt purge <pkg> Remove package + config
apt autoremove Remove unused dependencies
apt search <term> Search for packages
apt show <pkg> Show package details
apt list --installed List installed packages
apt list --upgradable List available updates

The Dpkg Command: Low-Level Package Tool

The dpkg command is the lower-level tool that APT uses behind the scenes. You'll use it for:

  • Installing .deb files downloaded manually
  • Troubleshooting package issues
  • Querying installed packages
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Install a .deb file
sudo dpkg -i package.deb

# If dependencies are missing, fix with:
sudo apt install -f

# Remove a package
sudo dpkg -r package-name

# Purge (remove + config)
sudo dpkg -P package-name

# List all installed packages
dpkg -l

# Search installed packages
dpkg -l | grep firefox

# Show files installed by a package
dpkg -L firefox

# Find which package owns a file
dpkg -S /usr/bin/firefox

When to Use dpkg vs apt

Task Use
Install from repositories apt
Install local .deb file dpkg -i then apt install -f
Query installed packages dpkg -l
Normal package management apt

Package Dependencies: The Web of Requirements

Package dependencies are other packages that a program needs to work. For example, a graphical app might depend on:

  • Graphics libraries (GTK, Qt)
  • Audio libraries (PulseAudio)
  • System libraries (glibc)

APT resolves dependencies automatically:

1
2
3
4
5
6
7
8
# See what a package depends on
apt depends firefox

# See what depends on a package
apt rdepends libgtk-3-0

# Simulate install to see dependencies
apt install --simulate vim

Dependency Hell (And How Linux Avoids It)

"Dependency hell" is when programs need conflicting versions of libraries. Linux distributions avoid this by:

  1. Testing packages together: Repositories are curated
  2. Versioned dependencies: Packages specify version ranges
  3. Shared libraries: One copy used by many programs
  4. Containerized packages: Snap/Flatpak bundle dependencies

Repository Sources: Where Packages Come From

Repository sources are configured in /etc/apt/sources.list and /etc/apt/sources.list.d/:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# View main sources file
cat /etc/apt/sources.list

# View additional sources
ls /etc/apt/sources.list.d/

# A typical source line:
# deb http://archive.ubuntu.com/ubuntu jammy main restricted
#  │         │                           │      │
#  │         │                           │      └── Components
#  │         │                           └── Release codename
#  │         └── Repository URL
#  └── Package type (deb = binary, deb-src = source)

Adding Repositories Safely

1
2
3
4
5
6
7
8
# Add a repository key (for verification)
curl -fsSL https://example.com/key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/example.gpg

# Add the repository
echo "deb [signed-by=/etc/apt/keyrings/example.gpg] https://example.com/repo stable main" | sudo tee /etc/apt/sources.list.d/example.list

# Update package lists
sudo apt update

PPA Repositories: Personal Package Archives

PPA repositories (Personal Package Archives) are community repositories hosted on Launchpad. They let developers distribute software outside the official Ubuntu repositories.

1
2
3
4
5
6
7
8
9
# Add a PPA
sudo add-apt-repository ppa:graphics-drivers/ppa

# Update and install
sudo apt update
sudo apt install nvidia-driver-535

# Remove a PPA
sudo add-apt-repository --remove ppa:graphics-drivers/ppa

PPA Caution

PPAs are maintained by individuals, not Ubuntu. Only add PPAs from developers you trust! A malicious PPA could compromise your system.

Software Updates: Keeping Your System Secure

Software updates aren't just about new features—they're critical for security!

1
2
3
4
5
6
7
# The update ritual (do this regularly!)
sudo apt update          # Refresh package lists
sudo apt upgrade         # Install updates
sudo apt autoremove      # Clean up

# Or all in one:
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

Why Updates Matter: The Security Reality

Here's something serious: Not running updates is one of the biggest security risks you can take.

Linux libraries often have security vulnerabilities discovered after release. When researchers or hackers find these bugs, patches are released quickly. But if you don't install updates, you're running software with known security holes.

Real examples:

  • Heartbleed (2014): OpenSSL bug that leaked private data from millions of servers
  • Shellshock (2014): Bash vulnerability allowing remote code execution
  • Log4Shell (2021): Java logging library bug affecting countless systems

In each case, patches were available quickly—but systems that didn't update remained vulnerable for months or years.

1
2
3
4
5
6
# Check for security updates specifically (Ubuntu)
sudo apt list --upgradable | grep -i security

# Install security updates only
sudo unattended-upgrades --dry-run  # Preview
sudo unattended-upgrades            # Apply

Automatic Updates

For servers and lazy humans, enable automatic security updates:

1
2
3
4
5
6
7
8
# Install the tool
sudo apt install unattended-upgrades

# Enable automatic updates
sudo dpkg-reconfigure unattended-upgrades

# Configuration file:
# /etc/apt/apt.conf.d/50unattended-upgrades

The Danger of Untrusted Sources

Here's a critical security lesson: Downloading code from non-reputable sources is dangerous.

When you install software from:

  • Random websites
  • Unknown GitHub repositories
  • Sketchy download links
  • "Cracked" or pirated software

You're risking:

  • Malware: Viruses, trojans, rootkits
  • Ransomware: Encrypts your files, demands payment
  • Cryptocurrency miners: Uses your CPU for someone else's profit
  • Backdoors: Permanent access for attackers
  • Data theft: Passwords, files, personal information

The Trust Hierarchy for Software

1
2
3
4
5
Official repositories (apt)      → Highly trusted
Vendor repositories (Docker, VS Code) → Generally trusted
Well-known PPAs                  → Trust with caution
Random .deb files                → Trust after verification
Scripts from the internet        → Read EVERY line first

How to Verify Downloads

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Check GPG signatures
gpg --verify package.sig package.deb

# Verify SHA256 checksums
sha256sum downloaded_file.deb
# Compare with checksum from official source

# Check package authenticity
apt-key list                    # Deprecated but shows keys
apt-cache policy package-name   # Shows repository source

Production Systems: A Whole Industry

If you run production Linux systems, be aware that there's an entire industry dedicated to making Linux systems secure:

  • Vulnerability scanning tools (Nessus, OpenVAS)
  • Intrusion detection systems (OSSEC, Tripwire)
  • Security-focused distributions (Kali, Tails)
  • Compliance frameworks (CIS Benchmarks, STIG)
  • Commercial support (Red Hat, Canonical, SUSE)
  • Security certifications (Linux+, RHCSA, OSCP)

Enterprise Linux security is serious business. If you're managing servers with real data, invest in learning it properly!

Snap Packages: Universal Linux Apps

Snap packages are self-contained applications that work across different Linux distributions. They bundle all dependencies, making them portable and isolated.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# Install snapd (if not present)
sudo apt install snapd

# Find snaps
snap find "video editor"

# Install a snap
sudo snap install vlc

# List installed snaps
snap list

# Update snaps
sudo snap refresh

# Remove a snap
sudo snap remove vlc

# Show snap info
snap info vlc

Snap Characteristics

Feature Description
Isolation Runs in a sandbox
Auto-updates Updates automatically in background
Channels stable, candidate, beta, edge
Size Larger (includes dependencies)
Speed May be slower to start 
1
2
3
4
5
6
7
8
# Install from specific channel
sudo snap install firefox --channel=latest/edge

# Prevent auto-updates (hold)
sudo snap refresh --hold firefox

# Allow updates again
sudo snap refresh --unhold firefox

Flatpak: Another Universal Format

Flatpak is similar to Snap but uses a different architecture. It's popular for desktop applications and is the default on some distributions.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Install Flatpak
sudo apt install flatpak

# Add Flathub repository (the main Flatpak repo)
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

# Search for apps
flatpak search gimp

# Install an app
flatpak install flathub org.gimp.GIMP

# Run a Flatpak app
flatpak run org.gimp.GIMP

# List installed
flatpak list

# Update all Flatpaks
flatpak update

# Remove an app
flatpak uninstall org.gimp.GIMP

Snap vs Flatpak

Feature Snap Flatpak
Creator Canonical (Ubuntu) Red Hat/Community
Backend Centralized (Snap Store) Decentralized (Flathub + others)
Server apps Yes Primarily desktop
CLI tools Yes Limited
Sandbox Strict by default Permissive by default
Auto-update Yes Yes (with daemon)

Homebrew: The macOS Favorite on Linux

Homebrew started as the package manager for macOS but now works on Linux too. It's especially popular among developers.

1
2
3
4
5
6
# Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Add to PATH (follow installer instructions)
echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc
source ~/.bashrc

Brew Install and Brew Update

Brew install adds packages (called "formulae"):

1
2
3
4
5
6
7
8
# Install a package
brew install wget

# Install a GUI app (cask - mainly macOS)
brew install --cask visual-studio-code

# Install multiple packages
brew install git node python

Brew update refreshes Homebrew itself and package lists:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
# Update Homebrew and package lists
brew update

# Upgrade all installed packages
brew upgrade

# Upgrade specific package
brew upgrade wget

# See what's outdated
brew outdated

# Clean up old versions
brew cleanup

Common Homebrew Commands

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# Search for packages
brew search node

# Show package info
brew info node

# List installed packages
brew list

# Uninstall a package
brew uninstall wget

# Check for issues
brew doctor

# See dependencies
brew deps --tree node

Why Use Homebrew on Linux?

  1. Consistent with macOS: Same commands on both systems
  2. User-space installation: No sudo required
  3. Bleeding edge: Often newer versions than apt
  4. Developer tools: Great for programming languages and tools

Choosing the Right Package Manager

Need Best Choice
System packages apt (Debian/Ubuntu)
Latest versions Homebrew or Snap
Desktop apps Flatpak or Snap
Sandboxed apps Snap or Flatpak
Cross-platform consistency Homebrew
Maximum compatibility apt + official repos

Best Practices for Package Management

Do These Things

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# 1. Update regularly
sudo apt update && sudo apt upgrade

# 2. Clean up periodically
sudo apt autoremove
sudo apt autoclean

# 3. Check before major upgrades
apt list --upgradable

# 4. Use official repositories when possible
apt search <package>  # Check if it's in repos first

Don't Do These Things

  • ❌ Install random .deb files from the internet
  • ❌ Add PPAs without researching them
  • ❌ Ignore updates for months
  • ❌ Mix too many third-party repositories
  • ❌ Force-remove packages with dependencies
  • ❌ Run apt upgrade on production without testing

Troubleshooting Common Issues

"Package has unmet dependencies"

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
# Try fixing with:
sudo apt install -f

# Or try:
sudo apt --fix-broken install

# Nuclear option: remove and reinstall
sudo apt remove problem-package
sudo apt autoremove
sudo apt install problem-package

"Could not get lock"

1
2
3
4
5
6
7
# Another apt process is running. Wait, or:
sudo killall apt apt-get

# If that doesn't work:
sudo rm /var/lib/apt/lists/lock
sudo rm /var/lib/dpkg/lock-frontend
sudo dpkg --configure -a

"Hash sum mismatch"

1
2
3
# Repository data corrupted. Clean and retry:
sudo rm -rf /var/lib/apt/lists/*
sudo apt update

Key Takeaways

You're now a package management pro!

  • Package managers: Automate software installation and updates
  • APT: Primary tool for Debian/Ubuntu (apt install, apt update)
  • dpkg: Low-level tool for .deb files
  • Repositories: Trusted sources of software packages
  • Dependencies: Automatically resolved by package managers
  • Security updates: Critical—don't skip them!
  • Trusted sources: Only install from repositories you trust
  • Snap/Flatpak: Universal packages that work across distros
  • Homebrew: Developer-friendly, works on Linux and macOS

You're a Package Pro!

You can now install any software, keep your system updated and secure, and troubleshoot common package issues. Your Linux system will thank you for the regular updates!

What's Next?

Now that you can manage software, it's time to connect to the world! The next chapter covers networking—from IP addresses to SSH connections.

Quick Quiz: Package Management
  1. What command refreshes the package list without installing anything?
  2. What's the difference between apt remove and apt purge?
  3. Why is it important to keep your system updated?
  4. What is a PPA?
  5. Name two "universal" package formats that work across distributions.
  6. What command installs a local .deb file?
Quiz Answers
  1. apt update
  2. remove keeps configuration files; purge removes them too
  3. Security patches fix known vulnerabilities; unpatched systems are at risk
  4. Personal Package Archive - community-maintained Ubuntu repositories
  5. Snap and Flatpak
  6. dpkg -i package.deb (then apt install -f to fix dependencies)

References

  1. Ubuntu APT Documentation - Comprehensive guide to using apt and apt-get on Ubuntu systems
  2. Debian Package Management Guide - Official Debian documentation on package management fundamentals
  3. APT vs APT-GET - Explains the differences between apt and apt-get commands for students
  4. Snap Documentation - Official Snap package format documentation from Canonical
  5. Flatpak Official Guide - Complete guide to using Flatpak for cross-distribution applications
  6. Homebrew on Linux - Official documentation for installing and using Homebrew on Linux
  7. Understanding Package Dependencies - Explains how package dependencies work in Linux
  8. PPA Best Practices - Ubuntu community guide for safely using PPAs
  9. Unattended Upgrades Tutorial - Step-by-step guide for automatic security updates
  10. dpkg Command Reference - Complete dpkg command cheat sheet with examples
  11. Software Updates Security - EFF article explaining why updates are critical for security
  12. Managing Software with APT - Practical apt command examples for beginners
  13. Package Verification with GPG - Guide to verifying package authenticity using GPG keys
  14. Repository Mirror Selection - How to find and use the fastest APT mirrors
  15. Snap vs Flatpak Comparison - Community comparison of universal package formats
  16. Package Management Best Practices - DigitalOcean guide covering package management fundamentals
  17. Troubleshooting APT Problems - Common APT errors and their solutions for Ubuntu
  18. Homebrew Formula Guide - Browse all available Homebrew packages and formulas
  19. Linux Package Formats Explained - HowToGeek guide explaining different package formats
  20. Keeping Linux Systems Secure - CIS guide on the importance of regular updates