package
, or
apt purge package
commands. This will completely remove the package and all
user data, and in the case of
apt
, will delete dependencies as well.
# dpkg -r debian-cd
(Reading database ... 333606 files and directories currently installed.)
Removing debian-cd (3.1.32) ...
# dpkg -P debian-cd
(Reading database ... 332950 files and directories currently installed.)
Removing debian-cd (3.1.32) ...
Purging configuration files for debian-cd (3.1.32) ...
Warning! Given the definitive nature of purge, do not execute it lightly. You will lose everything
associated with that package.
8.2.5. Inspecting Packages
Next, let’s take a look at some of the tools that can be used to inspect Debian packages. We will
learn of
dpkg
,
apt
, and
apt-cache
commands that can be used to query and visualize the package
database.
Querying
dpkg
’s Database and Inspecting
.deb
Files
We will begin with several
dpkg
options that query the internal dpkg database. This database
resides on the filesystem at
/var/lib/dpkg
and contains multiple sections including configura-
tion scripts (
/var/lib/dpkg/info
), a list of files the package installed (
/var/lib/dpkg/info/*.
list
), and the status of each package that has been installed (
/var/lib/dpkg/status
). You can
use
dpkg
to interact with the files in this database. Note that most options are available in a long
version (one or more relevant words, preceded by a double dash) and a short version (a single
letter, often the initial of one word from the long version, and preceded by a single dash). This
convention is so common that it is a POSIX standard.
First, let’s take a look at --listfiles
package
(or -L), which lists the files that were installed by the
specified package:
$ dpkg -L base-passwd
/.
187
Chapter 8 — Debian Package Management
/usr
/usr/sbin
/usr/sbin/update-passwd
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/base-passwd
/usr/share/doc-base
/usr/share/doc-base/users-and-groups
/usr/share/base-passwd
/usr/share/base-passwd/group.master
/usr/share/base-passwd/passwd.master
/usr/share/man
/usr/share/man/pl
/usr/share/man/pl/man8
/usr/share/man/pl/man8/update-passwd.8.gz
[...]
/usr/share/doc
/usr/share/doc/base-passwd
/usr/share/doc/base-passwd/users-and-groups.txt.gz
/usr/share/doc/base-passwd/changelog.gz
/usr/share/doc/base-passwd/copyright
/usr/share/doc/base-passwd/README
/usr/share/doc/base-passwd/users-and-groups.html
Next,
dpkg --search file
(or -S), finds any packages containing the file or path passed in the
argument. For example, to find the package containing
/bin/date
:
$ dpkg -S /bin/date
coreutils: /bin/date
The
dpkg --status package
(or -s) command displays the headers of an installed package. For
example, to search the headers for the coreutils package:
$ dpkg -s coreutils
Package: coreutils
Status: install ok installed
Priority: required
Section: utils
Installed-Size: 13855
Maintainer: Michael Stone
Architecture: amd64
Multi-Arch: foreign
Version: 8.23-3
Replaces: mktemp, realpath, timeout
188
Kali Linux Revealed
Pre-Depends: libacl1 (>= 2.2.51-8), libattr1 (>= 1:2.4.46-8), libc6 (>= 2.17),
å
libselinux1 (>= 2.1.13)
Conflicts: timeout
Description: GNU core utilities
This package contains the basic file, shell and text manipulation
utilities which are expected to exist on every operating system.
.
Specifically, this package includes:
arch base64 basename cat chcon chgrp chmod chown chroot cksum comm cp
csplit cut date dd df dir dircolors dirname du echo env expand expr
factor false flock fmt fold groups head hostid id install join link ln
logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup nproc numfmt
od paste pathchk pinky pr printenv printf ptx pwd readlink realpath rm
rmdir runcon sha*sum seq shred sleep sort split stat stty sum sync tac
tail tee test timeout touch tr true truncate tsort tty uname unexpand
uniq unlink users vdir wc who whoami yes
Homepage: http://gnu.org/software/coreutils
The
dpkg --list
(or -l) command displays the list of packages known to the system and their
installation status. You can also use
grep
on the output to search for certain fields, or provide
wildcards (such as b*) to search for packages that match a particular partial search string. This
will show a summary of the packages. For example, to show a summary list of all packages that
start with ’b’:
$ dpkg -l ’b*’
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name
Version
Architecture
Description
+++-=========================-==========================-============-=====================
ii
backdoor-factory
3.4.2+dfsg-4
all
Patch 32/64 bits ELF & win32/64 binaries with shellcode
un
backupninja
(no description available)
un
backuppc
(no description available)
un
balsa
(no description available)
un
base
(no description available)
[...]
The
dpkg --contents file.deb
(or -c) command lists all the files in a particular
.deb
file:
$ dpkg -c /var/cache/apt/archives/gpg_2.2.20-1_amd64.deb
drwxr-xr-x root/root
0 2020-03-23 15:05 ./
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/bin/
-rwxr-xr-x root/root
1062832 2020-03-23 15:05 ./usr/bin/gpg
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/share/
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/share/doc/
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/share/doc/gpg/
-rw-r--r-- root/root
677 2020-03-23 14:45 ./usr/share/doc/gpg/NEWS.Debian.gz
-rw-r--r-- root/root
24353 2020-03-23 15:05 ./usr/share/doc/gpg/changelog.Debian.gz
-rw-r--r-- root/root
384091 2020-03-20 11:38 ./usr/share/doc/gpg/changelog.gz
189
Chapter 8 — Debian Package Management
-rw-r--r-- root/root
10555 2020-03-23 15:04 ./usr/share/doc/gpg/copyright
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/share/man/
drwxr-xr-x root/root
0 2020-03-23 15:05 ./usr/share/man/man1/
-rw-r--r-- root/root
46139 2020-03-23 15:05 ./usr/share/man/man1/gpg.1.gz
The
dpkg --info file.deb
(or -I) command displays the headers of the specified
.deb
file:
$ dpkg -I /var/cache/apt/archives/gpg_2.2.20-1_amd64.deb
new Debian package, version 2.0.
size 894224 bytes: control archive=1160 bytes.
1219 bytes,
25 lines
control
374 bytes,
6 lines
md5sums
Package: gpg
Source: gnupg2
Version: 2.2.20-1
Architecture: amd64
Maintainer: Debian GnuPG Maintainers
Installed-Size: 1505
Depends: gpgconf (= 2.2.20-1), libassuan0 (>= 2.5.0), libbz2-1.0, libc6 (>= 2.25),
å
libgcrypt20 (>= 1.8.0), libgpg-error0 (>= 1.35), libreadline8 (>= 6.0),
å
libsqlite3-0 (>= 3.7.15), zlib1g (>= 1:1.1.4)
Recommends: gnupg (= 2.2.20-1)
Breaks: gnupg (<< 2.1.21-4)
Replaces: gnupg (<< 2.1.21-4)
Section: utils
Priority: optional
Multi-Arch: foreign
Homepage: https://www.gnupg.org/
Description: GNU Privacy Guard -- minimalist public key operations
GnuPG is GNU’s tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC4880.
[...]
You can also use
dpkg
to compare package version numbers with the --compare-versions option,
which is often called by external programs, including configuration scripts executed by
dpkg
itself.
This option requires three parameters: a version number, a comparison operator, and a second
version number. The different possible operators are: lt (strictly less than), le (less than or equal
to), eq (equal), ne (not equal), ge (greater than or equal to), and gt (strictly greater than). If the
comparison is correct,
dpkg
returns 0 (success); if not, it gives a non-zero return value (indicating
failure). Consider these comparisons:
$ dpkg --compare-versions 1.2-3 gt 1.1-4
$ echo $?
0
190
Kali Linux Revealed
$ dpkg --compare-versions 1.2-3 lt 1.1-4
$ echo $?
1
$ dpkg --compare-versions 2.6.0pre3-1 lt 2.6.0-1
$ echo $?
1
Note the unexpected failure of the last comparison: for
dpkg
, the string ”pre” (usually denoting
a pre-release) has no particular meaning, and
dpkg
simply interprets it as a string, in which case
”2.6.0pre3-1” is alphabetically greater than ”2.6.0-1”. When we want a package’s version number
to indicate that it is a pre-release, we use the tilde character, “~”:
$ dpkg --compare-versions 2.6.0~pre3-1 lt 2.6.0-1
$ echo $?
0
|
