Show packages belonging to non-free

dpkg-query -W -f='${Section}\t${Package}\n' | grep ^non-free

List packages with version

apt list
apt list | grep oibaf
apt list | grep oi | cut -d' ' -f2

Search for packages that own files corresponding to the given pattern

$ apt search postgresql
# dpkg -S /usr/bin/host
bind9-host: /usr/bin/host

Downgrade a package

sh -c 'VER=5.8~bullseye; apt install winehq-staging=$VER wine-staging=$VER wine-staging-amd64=$VER wine-staging-i386=$VER'

Set a package on hold

me@computer:~$ apt-mark hold wine-staging wine-staging-amd64 wine-staging-i386:i386 winehq-staging
wine-staging set on hold.
wine-staging-amd64 set on hold.
wine-staging-i386:i386 set on hold.
winehq-staging set on hold.

Additionally, it is possible to create a /tmp/mypref file with this content:

Package: wine*:*
Pin: version 4.15~buster
Pin-Priority: 1001

and run the following:

me@computer:~$ apt -o Dir::Etc::Preferences=/tmp/mypref install winehq-staging wine-staging-amd64 wine-staging-i386 wine-staging
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be DOWNGRADED:
  wine-staging wine-staging-amd64 wine-staging-i386:i386 winehq-staging
0 upgraded, 0 newly installed, 4 downgraded, 0 to remove and 0 not upgraded.
Need to get 136 MB of archives.
After this operation, 1.371 kB disk space will be freed.
Do you want to continue? [Y/n]


If we want to have the sid repositories enabled on our computer without actually switching to sid (running stable or testing), we set this preference file /etc/apt/preferences.d/99sid:

Package: *
Pin: release a=unstable
Pin-Priority: 110

This way, our sid packages keep being upgraded but the other packages belonging to another distribution won’t be upgraded to sid. In the following example, we see that the priority of the bullseye packages is 500 while the sid ones is 110. The currently installed packages have a priority of 100.

me@computer:~$ apt-cache policy linux-image-amd64
  Installed: 5.6.7-1
  Candidate: 5.6.7-1
  Version table:
 *** 5.6.7-1 500
        500 https://ftp-stud.hs-esslingen.de/debian bullseye/main amd64 Packages
        110 https://ftp-stud.hs-esslingen.de/debian sid/main amd64 Packages
        100 /var/lib/dpkg/status
     5.5.17-1~bpo10+1 100
        100 https://ftp-stud.hs-esslingen.de/debian buster-backports/main amd64 Packages
     4.19+105+deb10u4 500
        500 https://ftp-stud.hs-esslingen.de/debian buster/main amd64 Packages


apt – command-line interface

apt provides a high-level commandline interface for the package management system. It is intended as an end user interface and enables some options better suited for interactive usage by default compared to more specialized APT tools like apt-get(8) and apt-

apt update --allow-releaseinfo-change

apt-file — APT package searching utility

Useful to search for files in not installed packages

Finding relevant cache files to search …E: The cache is empty. You need to run "apt-file update" first.
leo@computer:~$ apt-file search fence_scsi_check
fence-agents: /usr/share/cluster/fence_scsi_check
fence-agents: /usr/share/cluster/fence_scsi_check_hardreboot

apt-show-versions – Lists available package versions with distribution

Find packages belonging to a distribution

$ apt-show-versions | grep buster
libfaudio0:amd64 19.10-0~buster newer than version in archive
libfaudio0:i386 19.10-0~buster newer than version in archive
virtualbox-6.0:amd64/buster 6.0.14-133895~Debian~buster uptodate
wine-staging:amd64 4.17~buster newer than version in archive
wine-staging-amd64:amd64 4.17~buster newer than version in archive
wine-staging-i386:i386 4.17~buster newer than version in archive
winehq-staging:amd64 4.17~buster newer than version in archive
apt-show-versions | grep sid

Remove all packages with a pattern

apt-show-versions | grep bareos | cut -d':' -f1 | xargs -n1 sudo apt remove -y

deborphan – Orphaned package finder

apt remove `deborphan`
apt purge `deborphan`


apt-cache – query the APT cache

Get package version:

root@ansible ~# apt-cache policy bind9-host
  Installed: 1:9.11.5.P4+dfsg-5.1+deb10u2
  Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u2
  Version table:
 *** 1:9.11.5.P4+dfsg-5.1+deb10u2 500
        500 http://security.debian.org buster/updates/main amd64 Packages
        500 http://deb.debian.org/debian buster/main amd64 Packages
        100 /var/lib/dpkg/status

Get package dependencies:

apt-cache depends package-name
apt-cache rdepends package-name

apt-key (deprecated)

apt-key – APT key management utility

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
$ sudo apt-key fingerprint 0EBFCD88

pub   4096R/0EBFCD88 2017-02-22
      Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid                  Docker Release (CE deb) <docker@docker.com>
sub   4096R/F273FCD8 2017-02-22

Remove a key from the binary file /etc/apt/trusted.gpg

$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
pub   rsa4096 2020-12-11 [SC]
      C68B 001F 74D2 F202 43D0  B7A2 0CCB A537 DBE0 83A6
uid           [ unknown] Bareos 20 Signing Key <signing@bareos.com>

pub   rsa3072 2022-07-01 [SC]
      6588 FDD7 B147 21FE 7C31  15E6 F917 7B52 65F5 6346
uid           [ unknown] Netdatabot <bot@netdata.cloud>
sub   rsa3072 2022-07-01 [E]

pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>

$ sudo apt-key del 'C68B 001F 74D2 F202 43D0  B7A2 0CCB A537 DBE0 83A6'
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Signatures/public keys

root@bareos:/etc/apt/sources.list.d# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E5D882B28657AE28
Executing: /tmp/apt-key-gpghome.of9N8ZWkz0/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys E5D882B28657AE28
gpg: key E5D882B28657AE28: public key "Bareos 19.2 Signing Key <signing@bareos.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Deprecated: gpg keys are stored in /etc/apt/trusted.gpg.d/

gpg – OpenPGP encryption and signing tool


$ sudo apt update
Hit:1 http://de.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://de.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://de.archive.ubuntu.com/ubuntu jammy-security InRelease
Get:5 https://repo.netdata.cloud/repos/stable/ubuntu jammy/ InRelease [1294 B]
Err:5 https://repo.netdata.cloud/repos/stable/ubuntu jammy/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F9177B5265F56346
Reading package lists... Done
W: GPG error: https://repo.netdata.cloud/repos/stable/ubuntu jammy/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F9177B5265F56346
E: The repository 'https://repo.netdata.cloud/repos/stable/ubuntu jammy/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F9177B5265F56346
gpg: key F9177B5265F56346: public key "Netdatabot <bot@netdata.cloud>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ gpg --list-keys
pub   rsa3072 2022-07-01 [SC]
uid           [ unknown] Netdatabot <bot@netdata.cloud>
sub   rsa3072 2022-07-01 [E]
$ gpg --output netdata.gpg --export bot@netdata.cloud
$ sudo cp netdata.gpg /etc/apt/trusted.gpg.d/