Re: Apt team question

To: deity@lists.debian.org
Cc: Ivan Ivan <jappix14@yahoo.com>
Subject: Re: Apt team question
From: David Kalnischkies <david@kalnischkies.de>
Date: Thu, 5 Oct 2023 21:31:18 +0200
Message-id: <[🔎] 20231005193118.lzzsbucbtcehdj4z@crossbow>
Mail-followup-to: deity@lists.debian.org, Ivan Ivan <jappix14@yahoo.com>
In-reply-to: <[🔎] 206497972.1910179.1696433124264@mail.yahoo.com>
References: <206497972.1910179.1696433124264.ref@mail.yahoo.com> <[🔎] 206497972.1910179.1696433124264@mail.yahoo.com>

Hi,

On Wed, Oct 04, 2023 at 03:25:24PM +0000, Ivan Ivan wrote:
> Tell me please, when I use apt update command first I download files
> from internet in the  /var/lib/apt/, after that they moved on the
> place destination. tell me please in what place of destination it moved

To be precise files are downloaded into /var/lib/apt/lists/partial and
if they happen to pass verification they end up in /var/lib/apt/lists.
They are not moved anywhere else.

Perhaps you think of *.deb files (which aren't downloaded by 'update')?
In that case they make a similar detour over a partial subdirectory into
/var/cache/apt/archives. The files themselves do not move from there
(except: if you count being re-moved as moving), but their content is
extracted by dpkg(-deb) into various places first. You could replicate
that somewhat easily with 'ar' and 'tar' if you so choose.

> and is it exist analogue linux command which can do this actions step by step?

Sure, the linux command is called 'apt'. 😉

You could of course reimplement it, which would look something like
(ignoring if the "linux commands" I use are linux enough for you, you
 could always use others doing similar things and – more importantly –
 skipping over configuration by just assuming a lot)

1. Download (e.g. wget) InRelease file of the repository
2. Check signature with gpg(v) of the InRelease file
3. Extract info (hashsum, filesize) of Packages.xz from InRelease file
4. Download main/binary-amd64/Packages.xz
5. Compare filesize and hashes of Packages.xz (sha{256,512}sum)
6. Uncompress Packages.xz to Packages
7. Compare filesize and hashes of Packages (sha{256,512}sum)
8. Repeat for all other architectures you need
9. Repeat for all other files you need (like e.g. Sources, Translation,…)
10. Move files out of partial/ on successful complete
11. Repeat for all repositories you have configured [in parallel]

'update' would go on and parse the files and do various things with them
to prepare for future interactions and display already some information
like how many packages might have updates available.

You can find some more info on how and why of especially what I called
step 2 above in the apt-secure manpage.

Note again that this is a gross simplification.

Best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Apt team question
  - From: Ivan Ivan <jappix14@yahoo.com>

Prev by Date: Bug#839403: apt: define default pin priority for a source in sources.list directly
Next by Date: Re: Bug#1040901: Upcoming changes to Debian Linux kernel packages
Previous by thread: Apt team question
Next by thread: pendiente de confirmación
Index(es):
- Date
- Thread