[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt team question



Hi,

On Wed, Oct 04, 2023 at 03:25:24PM +0000, Ivan Ivan wrote:
> Tell me please, when I use apt update command first I download files
> from internet in the  /var/lib/apt/, after that they moved on the
> place destination. tell me please in what place of destination it moved

To be precise files are downloaded into /var/lib/apt/lists/partial and
if they happen to pass verification they end up in /var/lib/apt/lists.
They are not moved anywhere else.

Perhaps you think of *.deb files (which aren't downloaded by 'update')?
In that case they make a similar detour over a partial subdirectory into
/var/cache/apt/archives. The files themselves do not move from there
(except: if you count being re-moved as moving), but their content is
extracted by dpkg(-deb) into various places first. You could replicate
that somewhat easily with 'ar' and 'tar' if you so choose.


> and is it exist analogue linux command which can do this actions step by step?

Sure, the linux command is called 'apt'. 😉

You could of course reimplement it, which would look something like
(ignoring if the "linux commands" I use are linux enough for you, you
 could always use others doing similar things and – more importantly –
 skipping over configuration by just assuming a lot)

1. Download (e.g. wget) InRelease file of the repository
2. Check signature with gpg(v) of the InRelease file
3. Extract info (hashsum, filesize) of Packages.xz from InRelease file
4. Download main/binary-amd64/Packages.xz
5. Compare filesize and hashes of Packages.xz (sha{256,512}sum)
6. Uncompress Packages.xz to Packages
7. Compare filesize and hashes of Packages (sha{256,512}sum)
8. Repeat for all other architectures you need
9. Repeat for all other files you need (like e.g. Sources, Translation,…)
10. Move files out of partial/ on successful complete
11. Repeat for all repositories you have configured [in parallel]

'update' would go on and parse the files and do various things with them
to prepare for future interactions and display already some information
like how many packages might have updates available.

You can find some more info on how and why of especially what I called
step 2 above in the apt-secure manpage.

Note again that this is a gross simplification.


Best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature


Reply to: