📜 Part of Pranav Kulkarni's technical portfolio Visit pranavkulkarni.org →
📜 Jungle Scripts
Lesson 6 · Fundamentals

Package Management

Learn to install, update, and manage software packages using APT, YUM, and other package managers.

APT (Debian/Ubuntu)

Package managers solve two big problems: distribution (where to get software) and dependency management (what else the software needs). On Debian/Ubuntu, the stack looks like:

  • dpkg: low-level installer for .deb files (no dependency resolution)
  • apt/apt-get: high-level tool that resolves dependencies and uses repositories
  • Repositories: signed catalogs of packages + metadata
# Update package lists
$ sudo apt update

# Upgrade all packages
$ sudo apt upgrade

# Upgrade with dependency changes (new packages/removals)
$ sudo apt full-upgrade

# Install a package
$ sudo apt install nginx

# Remove a package
$ sudo apt remove nginx

# Remove package + config files
$ sudo apt purge nginx

# Cleanup unused deps + package cache
$ sudo apt autoremove
$ sudo apt clean

# Search for packages
$ apt search nodejs

Inspecting packages (super useful for debugging)

$ apt show nginx | sed -n '1,20p'
$ apt policy nginx
$ dpkg -l | grep nginx
$ dpkg -L nginx | head # Files installed by package
$ dpkg -S /usr/sbin/nginx # Which package owns a file?

Holding packages (pin a version)

For production, you may want to prevent accidental upgrades of critical packages during maintenance windows.

$ sudo apt-mark hold nginx
$ apt-mark showhold
$ sudo apt-mark unhold nginx

Adding repositories safely

Modern best practice is to use signed repositories with a dedicated key and the signed-by option (avoid deprecated global keyrings).

# Example pattern (vendor docs will provide exact URLs)
$ sudo install -d -m 0755 /etc/apt/keyrings
$ curl -fsSL https://example.com/key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/vendor.gpg
$ echo \"deb [signed-by=/etc/apt/keyrings/vendor.gpg] https://example.com/ubuntu stable main\" | sudo tee /etc/apt/sources.list.d/vendor.list
$ sudo apt update

YUM/DNF (RHEL/CentOS/Fedora)

On modern Fedora/RHEL family systems, dnf is the standard. It supports transactions, history, and robust dependency solving for .rpm packages.

# Install a package
$ sudo dnf install httpd

# Update all packages
$ sudo dnf update

# List installed packages
$ dnf list installed

DNF troubleshooting superpowers

$ dnf info httpd
$ dnf repoquery --whatrequires openssl
$ dnf history | head
$ dnf history undo 12 # Roll back a transaction (when possible)

Pacman (Arch Linux)

Arch is rolling-release, so updates are frequent. Keep an eye on breaking changes and read distro announcements.

$ sudo pacman -Syu # Full system upgrade
$ sudo pacman -S vim # Install package
$ sudo pacman -R vim # Remove package
$ pacman -Ss nginx # Search
$ pacman -Qi nginx # Installed package info

Common Problems (and what to do)

  • “Could not get lock” (APT): Another package process is running. Wait; don’t delete lock files blindly.
  • Broken dependencies (APT): Try sudo apt -f install and re-run sudo apt update.
  • Repository signature errors: Key mismatch or repo changed; verify vendor instructions and keyring location.
  • Disk full during upgrade: Clear caches (apt clean, dnf clean all) and check /var usage.

💡 Best Practice

Always update your package lists before installing new software to ensure you get the latest versions and security patches.

✅ Practice (15 minutes)

  • Pick a package you have installed (e.g., curl) and list its files with dpkg -L or rpm -ql.
  • Use apt policy (or dnf info) to understand which repo provides a package version.
  • Run apt-mark hold on a package and confirm it shows up in apt-mark showhold.
← Previous: Users & Permissions