Debian Package Dependencies

For Linux distributions such as Debian GNU/Linux, there exist more than 60.000 different software packages. All of them have a specific role. In this article we explain how does the package management reliably manage this huge number of software packages during an installation, an update, or a removal in order to keep your system working and entirely stable.

For Debian GNU/Linux, this refers to the tools apt, apt-get, aptitude, apt-cache, apt-depends, apt-rdepends, dpkg-deb and apt-mark.

Availability of software packages

As already said above, a Linux distribution consists of tons of different software packages. As of today software is quite complex, and that’s why it is common to divide software into several single packages. These packages can be categorized by functionality or by role such as binary packages, libraries, documentation, usage examples as well as language-specific collections and provide a selected part of the software, only. There is no fixed rule for it, and the division is made by either the development team of a tool, or the package maintainer who takes care of the software package for your Linux distribution. Using aptitude, Figure 1 lists the packages that contain the translations for the different languages for the webbrowser Mozilla Firefox.

aptitude-firefox.png

Figure 1: aptitude-firefox.png

This way of working makes it possible that each package can be maintained by a different developer or as an entire team. Furthermore, the division into single components allows other software packages to make use of it for their own purposes too. A required functionality can be applied and does not need to be reinvented.

Package Organization

The package management tools on the Debian GNU/Linux distribution take constantly care that the dependencies of the installed packages are met completely. This is especially the case if a software package is meant to be installed, updated, or deleted on or from your system. Missing packages are added to the system, or installed packages are removed from the system in case they are no longer required. Figure 2 demonstrates this for the removal of the package ‘mc-data’ using ‘apt-get’. The package ‘mc-data’ recommends to automatically remove the package ‘mc’, too, because it does not make sense any more to be installed without ‘mc-data’.

Figure 2: apt-get-remove-mc.png

Package marks and flags

During its work the package management tools respect the package flags and marks that are set. They are either set automatically, or set manually by the system administrator. Especially this behaviour refers to the flag ‘essential package’ that is set for packages that should not be removed. A clear warning is issued before you do that (see Figure 3).

Figure 3: apt-get-remove.png

Also, the three marks ‘automatic’, ‘manual’ and ‘hold’ are taken into account. They mark a package as being automatically installed, manually installed, or must not be updated (hold the current version). A software package is either marked ‘automatic’ or ‘manual’ but not both.

Among others, the command ‘apt-mark’ handles the marks and flags using the following subcommands:

  • auto: set a package as automatically installed
  • hold: hold the current version of the package
  • manual: set a package as manually installed
  • showauto: show the automatically installed packages
  • showmanual: show the manually installed packages
  • showhold: list the packages that are on hold
  • unhold: remove the hold flag for the given package

In order to list all the manually installed packages issue this command:

$ apt-mark showmanual
abiword
abs-guide
ack-grep
acl
acpi

$

In order to hold a package version use the subcommand ‘hold’. The example below shows this for the package ‘mc’.

# apt-mark hold mc
mc set on hold
#

The subcommand ‘showhold’ lists the packages that are on hold (in our case it is the package ‘mc’, only):

# apt-mark showhold
mc
#

Using an alternative method titled ‘apt pinning’, packages are classified by priorities. Apt applies them in order to decide how to handle this software package and the versions that are available from the software repository.

Package description

Using an alternative method titled ‘apt pinning’, packages are classified by priorities. Apt applies them in order to decide how to handle this software package and the versions that are available from the software repository.

Every software package comes with its own package description that is standardized. Among other fields this description explicitly specifies which further package(s) it depends on. Distribution-specific tools extract this information from the package description, and compute and visualize the dependencies for you, then. The next example uses the command ‘apt-cache show’ in order to display the package description of the package ‘poppler-utils’ (see Figure 4).

Figure 4: package-description-poppler-utils.png

Figure 4: package-description-poppler-utils.png

The package description contains a section called ‘Depends’. This section lists the other software packages plus version number that the current package depends on. In Figure 4 this section is framed in red and shows that ‘poppler-utils’ depends on the packages ‘libpoppler64’, ‘libc6’, ‘libcairo2’, ‘libfreetype6’, ‘liblcms2-2’, ‘libstdc++6’ and ‘zlib1g’.

Show the package dependencies

Reading the package description is the hard way to figure out the package dependencies. Next, we will show you how to simplify this.

There are several ways to show the package dependencies on the command line. For a deb package as a local file use the command ‘dpkg-deb’ with two parameters – the file name of the package, and the keyword ‘Depends’. The example below demonstrates this for the package ‘skypeforlinux-64.deb’:

$ dpkg-deb -f Downloads/skypeforlinux-64.deb Depends
gconf-service, libasound2 (>= 1.0.16), libatk1.0-0 (>= 1.12.4), libc6 (>= 2.17),
libcairo2 (>= 1.2.4), libcups2 (>= 1.4.0), libexpat1 (>= 2.0.1),
libfreetype6 (>= 2.4.2), libgcc1 (>= 1:4.1.1), libgconf-24 (>= 3.2.5),
libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.31.8), libgtk2.0-0 (>= 2.24.0),
libnspr4 (>= 2:4.92~), libnss3 (>= 2:3.13.4-2~), libpango-1.00 (>= 1.14.0),
libpangocairo-1.00 (>= 1.14.0), libsecret-10 (>= 0.7), libv4l-0 (>= 0.5.0),
libx11-6 (>= 2:1.4.99.1), libx11-xcb1, libxcb1 (>= 1.6), libxcomposite1 (>= 1:0.31),
libxcursor1 (>> 1.1.2), libxdamage1 (>= 1:1.1), libxext6, libxfixes3,
libxi6 (>= 2:1.2.99.4), libxrandr2 (>= 2:1.2.99.3), libxrender1, libxss1,
libxtst6, apt-transport-https, libfontconfig1 (>= 2.11.0), libdbus-13 (>= 1.6.18),
libstdc++6 (>= 4.8.1)
$

In order to do the same for an installed package use ‘apt-cache’. The first example combines the subcommand ‘show’ followed by the name of the package. The output is sent to the ‘grep’ command that filters the line ‘Depends’:

$ apt-cache show xpdf | grep Depends
Depends: libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libpoppler46 (>= 0.26.2),
libstdc++6 (>= 4.1.1), libx11-6, libxm4 (>= 2.3.4), libxt6
$

The command ‘grep-status -F package -s Depends xpdf’ will report the same information.

More specific, the second example again uses ‘apt-cache’ but with the subcommand ‘depends’, instead. The subcommand is followed by the name of the package:

$ apt-cache depends xpdf
xpdf
Depends: libc6
Depends: libgcc1
Depends: libpoppler46
Depends: libstdc++6
Depends: libx11-6
Depends: libxm4
Depends: libxt6
Recommends: poppler-utils
poppler-utils:i386
Recommends: poppler-data
Recommends: gsfonts-x11
Recommends: cups-bsd
cups-bsd:i386
Collides with:
Collides with:
Collides with:
Collides with:
Replaces:
Replaces:
Replaces:
Replaces:
Collides with: xpdf:i386
$

The list above is quite long, and can be shortened using the switch ‘-i’ (short for ‘–important’):

$ apt-cache depends -i xpdf
xpdf
Depends: libc6
Depends: libgcc1
Depends: libpoppler46
Depends: libstdc++6
Depends: libx11-6
Depends: libxm4
Depends: libxt6
$

The command ‘apt-rdepends’ does the same but with version information if specified in the description:

$ apt-rdepends xpdf
Reading package lists… Done
Building dependency tree
Reading state information… Done
xpdf
Depends: libc6 (>= 2.4)
Depends: libgcc1 (>= 1:4.1.1)
Depends: libpoppler46 (>= 0.26.2)
Depends: libstdc++6 (>= 4.1.1)
Depends: libx11-6
Depends: libxm4 (>= 2.3.4)
Depends: libxt6
libc6
Depends: libgcc1

$

The command ‘aptitude’ works with switches, too. For dependencies, use the switch ‘~R’ followed by the name of the package. Figure 5 shows this for the package ‘xpdf’. The letter ‘A’ in the second column of the output of ‘aptitude’ identifies the package as being automatically installed.

Figure 5: aptitude-rdepends.png

Package dependencies can be a bit tricky. It may help to show package dependencies graphically. Use the command ‘debtree’ followed by the name of the package in order to create a graphical representation of the package dependencies. The tool ‘dot’ from the Graphviz package transforms the description into an image as follows:

$ debtree xpdf | dot -Tpng > graph.png

In Figure 6 you see the created PNG image that contains the dependency graph.

Figure 6: dot.png

Show the reverse dependencies

Up to now we displayed we have answered the question which packages are required for a package. There is also the other way round – so-called reverse dependencies. The next examples deal with the package as well as the packages that depend on it. Example number one uses ‘apt-cache’ with the subcommand ‘rdepends’ as follows:

$ apt-cache rdepends xpdf
xpdf
Reverse Depends:
|octave-doc
xpdf:i386
libfontconfig1:i386
|xmds-doc
xfe
wiipdf
|vim-latexsuite
python-scapy
|ruby-tioga
|python-tables-doc
|page-crunch
|octave-doc
|muttprint-manual
mozplugger
mlpost
libmlpost-ocaml-dev

$

Packages, that depend on other packages are marked with a pipe symbol. These package do not need to be installed on your system but have to be listed in package database.

The next example uses ‘aptitude’ to list the packages that have a hard reference to the package ‘xpdf’ (see Figure 7).

Figure 7: aptitude-search.png

Validate the installation for missing packages

‘Apt-get’ offers the subcommand ‘check’ that allows to validate the installation. If you see the following output no packages are missing:

# apt-get check
Reading package lists… Done
Building dependency tree
Reading state information… Done
#

Conclusion

Finding package dependencies works well with the right tools. Using them properly helps you to understand why packages are installed, and which ones might be missing.

Links and References


SXI.IO is a global Blockchain software company, specialized in developing white label crypto exchange platforms , Wallet platforms, ICO platforms, Token Erc20 .....

Related Articles