APT源配置说明

APT源配置说明
NO_PUBKEY（找不到公钥）问题的解决办法
apt-get与aptitude的区别与联系
- 参考文献
IPv6 on Ubuntu
禁用IPv6

以下为几条典型的/etc/apt/sources.list配置指令：

deb http://192.168.1.116:8888/ubuntu lucid main restricted universe multiverse
deb-src http://192.168.1.116:8888/ubuntu lucid main restricted universe multiverse
deb http://192.168.1.116:8888/ubuntu lucid-updates main restricted universe multiverse
deb http://192.168.1.116:8888/ubuntu lucid-security main restricted universe multiverse

指定发行版本的资源库

lucid - Ubuntu发行版本代号，例如lucid表示是Ubuntu 10.04

资源库中的软件更新类别

以下软件更新类别，重要性从上到下依次递减，生产服务器上建议只使用前2种更新类别：

lucid-security - "Important Security Updates (lucid-security)". Patches for security vulnerabilities in Ubuntu packages. They are managed by the Ubuntu Security Team and are designed to change the behavior of the package as little as possible -- in fact, the minimum required to resolve the security problem. As a result, they tend to be very low-risk to apply and all users are urged to apply security updates.
lucid-updates - "Recommended Updates (lucid-updates)". Updates for serious bugs in Ubuntu packaging that do not affect the security of the system.
lucid-proposed - "Pre-released Updates (lucid-proposed)". The testing area for updates. This repository is recommended only to those interested in helping to test updates and provide feedback.
lucid-backports - "Unsupported Updates (lucid-backports)". As the name states, these are unsupported versions of future packages which are still in development. Packages may contain new features, may introduce new interfaces, and have not been sufficiently tested to be included in the 'proposed' repository.

资源库组件类别

main - Ubuntu官方支持和维护的软件
restricted - Ubuntu官方支持的软件，但授权协议非完全免费
universe - 社区维护的软件，非官方维护版本
multiverse - 非免费软件

更多关于Ubuntu版本库的技术说明请移步官方Wiki。

NO_PUBKEY（找不到公钥）问题的解决办法

例如在使用puppetlabs的官方APT源安装最新版puppet时遇到的NO_PUBKEY 1054B7A24BD6EC30警告，此时只需执行以下命令即可。

sudo apt-key adv --keyserver keyserver.Ubuntu.com --recv-keys 4BD6EC30

说明：

--keyserver 可以指定其他常见pgp公钥服务器
--recv-keys 只需指定完整公钥的后8位即可

apt-get与aptitude的区别与联系

区别

子命令	apt-get	aptitude	说明
show	N	Y	显示指定package name的详细信息
search	N	Y	apt-cache search
hold	N	Y	标记指定package name禁止升级
unhold	N	Y	标记指定package name允许升级
source	Y	N	下载指定package name的源码
build-dep	N	Y（低版本的aptitude没有该子命令）

联系

apt-get upgrade	aptitude safe-upgrade
apt-get dist-upgrade	aptitude full-upgrade

基本相同的子命令 install / remove

交互式命令行版本包管理器 aptitude -v

参考文献

http://askubuntu.com/questions/1743/is-aptitude-still-considered-superior-to-apt-get

举例说明

$ aptitude show nginx
软件包： nginx
新: 是
状态: 已安装
自动安装: 否
版本号： 1.4.1-1~lucid
优先级： 可选
部分： httpd
维护者： Sergey Budnevitch <sb@nginx.com>
未压缩尺寸： 1,098k
依赖于: libc6 (>= 2.10), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8k-1), zlib1g (>= 1:1.1.4), lsb-base, adduser
提供: httpd
描述： HTTP and reverse proxy server, as well as a mail proxy server
 written by Igor Sysoev
主页： http://nginx.org

$ aptitude show nginx
Package: nginx
New: yes
State: installed
Automatically installed: no
Version: 1.4.1-1ppa0~lucid
Priority: 可选
Section: httpd
Maintainer: Kartik Mistry <kartik@debian.org>
Uncompressed Size: 102k
Depends: nginx-full | nginx-light
Provided by: nginx-full
Description: small, powerful, scalable web/proxy server
 Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP
 or mail servers.

 This is a dependency package to install either nginx-full (by default) or
 nginx-light.
Homepage: http://nginx.net

$ aptitude show nginx-full
Package: nginx-full
New: yes
State: installed
Automatically installed: yes
Version: 1.2.4-2ubuntu0ppa3~lucid
Priority: 可选
Section: httpd
Maintainer: Kartik Mistry <kartik@debian.org>
Uncompressed Size: 1,270k
Depends: nginx-common (= 1.2.4-2ubuntu0ppa3~lucid), libc6 (>= 2.10), libexpat1 (>= 1.95.8), libgd2-noxpm (>= 2.0.36~rc1~dfsg) | libgd2-xpm (>= 2.0.36~rc1~dfsg), libgeoip1 (>= 1.4.6.dfsg),
         libpam0g (>= 0.99.7.1), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8k-1), libxml2 (>= 2.7.4), libxslt1.1 (>= 1.1.18), zlib1g (>= 1:1.1.4)
Conflicts: nginx-extras, nginx-light, nginx-naxsi
Provides: httpd, nginx
Description: nginx web/proxy server (standard version)
 Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP
 or mail servers.

 This package provides a version of nginx with the complete set of standard modules included (but omitting some of those included in nginx-extra).

 STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Charset, Empty GIF, FastCGI, Geo, Gzip, Headers, Index, Limit Requests, Limit Zone, Log, Map, Memcached, Proxy, Referer,
 Rewrite, SCGI, Split Clients, SSI, Upstream, User ID, UWSGI.

 OPTIONAL HTTP MODULES: Addition, Debug, GeoIP, Gzip Precompression, HTTP Sub, Image Filter, IPv6, Real IP, SSL, Stub Status, Substitution, WebDAV, XSLT.

 MAIL MODULES: Mail Core, IMAP, POP3, SMTP, SSL.

 THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, Upstream Fair Queue.
Homepage: http://nginx.net

IPv6 on Ubuntu

Adding IPv6 to Ubuntu systems To bind IPv6 IPs to your Ubuntu server, edit your /etc/network/interfaces file and add the following lines to the bottom.

#IPV6 configuration
iface eth1 inet6 static
pre-up modprobe ipv6
address 2607:f0d0:2001:0000:0000:0000:0000:0010
netmask 64
gateway 2607:f0d0:2001:0000:0000:0000:0000:0001

The first line tells the system which interface to use IPv6 on. The second line tells the system to load the module for IPv6. The third line gives the IPv6 address. The fourth line defines the netmask for the IPv6 subnet. The fifth line defines the default gateway for the IPv6 subnet. After this has been performed you will need to restart networking:

/etc/init.d/networking restart

Verifying IPv6 connectivity Verify IPv6 IP is bound

root@server:~# ip -6 address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2607:f0d0:2001::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::230:48ff:fe7e:330a/64 scope link
       valid_lft forever preferred_lft forever

IPv6 Neighbor Cache

root@server:~# ip -6 neighbor show dev eth1
2607:f0d0:2001::1 lladdr 00:1b:0d:e6:57:c0 router REACHABLE

If the neighbor cache shows a fe80 entry only then your gateway is either not set, the IP is not bound to the correct interface, the IP is not bound correctly to the public interface, or your software firewall is blocking IPv6 ICMP.

IPv6 Default Gateway

root@server:~# ip -6 route show dev eth1
2607:f0d0:2001::/64  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via 2607:f0d0:2001::1  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295

If you do not have the default gateway listed, yet you can ping6 your default gateway then you may add it manually:

root@server:~# ip -6 route add default via 2607:f0d0:2001::1

禁用IPv6

编辑 /etc/sysctl.conf，新增以下3行配置指令

# IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

保存退出后，执行

$ sudo sysctl -p