to navigate

to select

to close

On this page

Package Management (apt/yum)

Package Managers by Family

Family	High-level	Low-level	Format
Debian/Ubuntu	apt, apt-get	dpkg	.deb
Fedora/RHEL 8+	dnf	rpm	.rpm
RHEL 7 (legacy)	yum	rpm	.rpm
Arch	pacman	—	.pkg.tar.zst
Alpine	apk	—	.apk

Always prefer the distro package manager over curl | bash installers when a maintained package exists — you get signature verification, dependency resolution, and clean uninstall.

apt (Debian/Ubuntu)

  sudo apt update                    # refresh package index
sudo apt upgrade                   # upgrade installed packages
sudo apt full-upgrade              # allow dependency changes (new packages)
sudo apt dist-upgrade              # alias on some systems

sudo apt install nginx
sudo apt install nginx=1.24.0-*    # pin specific version
sudo apt remove nginx
sudo apt purge nginx               # remove config files too
sudo apt autoremove                # remove orphaned dependencies
sudo apt autoclean                 # clear old package cache

apt search postgres
apt show nginx
apt list --installed | grep python
apt list --upgradable
apt-cache policy nginx             # available versions

apt vs apt-get

Both work; apt adds progress bars and color. Scripts often use apt-get for stable output (-qq quiet mode).

  DEBIAN_FRONTEND=noninteractive sudo apt-get -y upgrade

dnf/yum (Fedora/RHEL)

  sudo dnf check-update
sudo dnf upgrade
sudo dnf install nginx
sudo dnf remove nginx
sudo dnf reinstall nginx           # fix corrupted install

dnf search postgres
dnf info nginx
rpm -qa | grep nginx
rpm -qi nginx                      # installed package info
dnf history                          # transaction log
sudo dnf history undo 42             # rollback transaction 42

Legacy RHEL 7:

  sudo yum update
sudo yum install nginx

Repositories

Third-party software adds .list or .repo files:

  # Debian/Ubuntu
ls /etc/apt/sources.list /etc/apt/sources.list.d/
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update

# Fedora/RHEL
ls /etc/yum.repos.d/
sudo dnf install epel-release      # Extra Packages for Enterprise Linux
sudo dnf config-manager --add-repo https://example.com/repo.repo
sudo dnf makecache

Document every custom repo in Ansible/Terraform — mystery repos cause drift and supply-chain risk.

Installing Local Packages

  # Debian
sudo dpkg -i package.deb
sudo apt install -f               # fix broken dependencies

# RPM
sudo rpm -ivh package.rpm
sudo dnf install ./package.rpm    # resolves dependencies from repos

Holding and Pinning Versions

Prevent accidental upgrades on critical services:

  # Debian/Ubuntu
sudo apt-mark hold nginx
sudo apt-mark showhold
sudo apt-mark unhold nginx

# Pin file /etc/apt/preferences.d/nginx
# Package: nginx
# Pin: version 1.24.*
# Pin-Priority: 1001

# RHEL/Fedora
sudo dnf install dnf-versionlock
sudo dnf versionlock add nginx-1.24.0*
sudo dnf versionlock list

Security Updates

  # Ubuntu unattended upgrades
sudo apt install unattended-upgrades
cat /var/log/unattended-upgrades/unattended-upgrades.log

# List security updates only (Debian)
sudo apt upgrade --dry-run | grep -i security

# RHEL
sudo dnf updateinfo list security
sudo dnf upgrade --security

Best Practices

Practice	Reason
Automate security patches	CVEs exploit unpatched systems within days
Test upgrades in staging first	Major version bumps break configs
Pin critical service versions	Controlled rollout after QA
Use `reinstall` for corrupted files	Faster than manual file recovery
Log package changes	`dnf history`, apt logs in `/var/log/apt/`

Common Mistakes

Mistake	Consequence
`dpkg -i` without `-f` fix	Broken dependencies, apt refuses further ops
Adding untrusted PPAs/repos	Malware, unmaintained packages
`apt upgrade` during peak traffic	Service restarts mid-request
Mixing Snap/Flatpak with apt for same app	Duplicate versions, confusion

Troubleshooting

Package manager lock:

  sudo rm /var/lib/dpkg/lock-frontend   # only if no apt running
sudo dpkg --configure -a

Broken dependencies:

  sudo apt --fix-broken install
sudo dnf distro-sync                  # align with repos (use carefully)

Which package owns a file:

  dpkg -S /usr/bin/nginx
rpm -qf /usr/bin/nginx

Production Scenario

A fleet of 500 Ubuntu servers runs nginx and PostgreSQL:

Unattended-upgrades applies security patches nightly
Ansible runs apt upgrade for non-held packages weekly in maintenance window
nginx held at tested version; manual unhold + upgrade after staging validation
Monitoring alerts if apt list --upgradable shows critical CVEs older than 7 days
Golden AMI rebuilt monthly with all patches baked in

When PostgreSQL minor upgrade ships, ops tests on staging clone, updates pin file, runs rolling upgrade across AZs with connection draining.

Package management is how you keep systems patched, consistent, and recoverable across fleets — treat it as infrastructure code, not ad-hoc apt install on production SSH sessions.

Process Management

Systemd Services

Package Management (apt/yum)

Package Managers by Family link

apt (Debian/Ubuntu) link

apt vs apt-get link

dnf/yum (Fedora/RHEL) link

Repositories link

Installing Local Packages link

Holding and Pinning Versions link

Security Updates link

Best Practices link

Common Mistakes link

Troubleshooting link

Production Scenario link