Ubuntu Package Archive

Tips

E: Unable to correct problems, you have held broken packages

The following packages have unmet dependencies:
python3-dev : Depends: libpython3-dev (= 3.8.2-0ubuntu2) but it is not going to be installed
              Depends: python3.8-dev (>= 3.8.2-1~) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Use aptitude to fix this problem:

$ sudo apt install aptitude
$ sudo aptitude install python3-dev

say No (n) to the first question, it will then offer you another alternative to reinstall python3.8 for you.

Repositories

Ubuntu programs are stored in software archives commonly referred to as repositories.

Ubuntu distinguishes between software that is "free" and software that is not free.
The four main repositories are:

• Main
Canonical-supported free and open-source software.
• Universe
Community-maintained free and open-source software.
• Restricted
Proprietary drivers for devices.
• Multiverse
Software restricted by copyright or legal issues.

The Ubuntu Install CDs contain software from the "Main" and "Restricted" repositories.
If you have an internet connection you can install software from any Ubuntu repository.

GUI-based repository management is normally accomplished via "Software Sources".

• On the "Ubuntu Software Center", the four main repositories are listed.
• The fastest server for you to download packages will often be a server close geographically to you.

Personal Package Archives (PPAs) are a kind of repository. Developers create them in order to distribute their software.
In order to add a PPA you need its "location", which is in the format ppa:[username]/[ppaname]. You can find this information on the PPA's Launchpad page.

Packages in PPAs do not undergo the same process of validation as packages in the main repositories, so the user will be installing software at their own risk.

PPAs do have keys for authentication.
When you add a repository to your system's software sources, the maintainer of the repository will normally tell you how to add the public key for that repository.
If the maintainer does not tell you how to add the key then you need to find the "key hash" of the repository in order to look up the key on a public key server.

gpg --keyserver [name of keyserver] --recv-keys [keyhash] 

Preparing for signed PPAs

Launchpad generates a unique key for each PPA and uses it to sign any packages built in that PPA.
This means that people downloading/installing packages from your PPA can verify their source. After you've activated your PPA, uploading its first package causes Launchpad to start generating your key, which can take up to a couple of hours to complete.

Adding a PPA’s key to Ubuntu

Each PPA now has its own key that’s used to sign its packages. And if you create a new PPA, Launchpad will generate a new key for it within a couple of hours.

You need to add the PPA’s public key to apt before you install any of its packages.
It’s really easy: all you need to do is copy the PPA’s public key and import it.

Managing Repositories from the Command Line

Archieves

There are three kinds of archives:

• Ubuntu archive: restricted or focal-backports
Need Canonical's review before packages are uploaded to archive.
http://archive.ubuntu.com/ubuntu/ubuntu/ubuntu/ubuntu/dists/ :

  ...
[DIR]	focal-backports/	2021-05-13 00:14	-
[DIR]	focal-proposed/	    2021-05-13 00:14	-
[DIR]	focal-security/	    2021-05-13 00:13	-
[DIR]	focal-updates/	    2021-05-13 00:14	-
[DIR]	focal/	            2020-04-23 17:34	-
...
  

• PPA: Personal Package Archives
Package can be upload without Canonical's review
• OEM archive (cesg): https://cesg.canonical.com/canonical/dists/
OEM Enablement team takes responsibility for uploading packages to OEM archive.

Binary package “ubuntu-oem-keyring”

The Ubuntu project digitally signs its Release files.
This package contains the archive keys used for the oem.archive.canonical.com repository.
Public GPG keys used to verify authenticity of Ubuntu packages.

share/keyrings/ubuntu-archive-keyring.gpg
share/keyrings/ubuntu-archive-removed-keys.gpg
share/keyrings/ubuntu-cloud-keyring.gpg
share/keyrings/ubuntu-cloud-removed-keys.gpg
share/keyrings/ubuntu-cloudimage-keyring.gpg
share/keyrings/ubuntu-cloudimage-removed-keys.gpg
share/keyrings/ubuntu-dbgsym-keyring.gpg
share/keyrings/ubuntu-dbgsym-removed-keys.gpg
share/keyrings/ubuntu-keyring-2008-oem.gpg
share/keyrings/ubuntu-keyring-2012-cdimage.gpg
share/keyrings/ubuntu-keyring-2012-cloud-archive.gpg
share/keyrings/ubuntu-keyring-2016-dbgsym.gpg
share/keyrings/ubuntu-keyring-2018-archive.gpg
share/keyrings/ubuntu-keyring-2020-oem.gpg
share/keyrings/ubuntu-master-keyring.gpg
share/keyrings/ubuntu-oem-keyring.gpg

OEM Kernel

OEM kernel is an Ubuntu derivative kernel, specifically for use in OEM projects.
Because :

• The SRU (Stable Release Updates) period of Standard Ubuntu kernels is 3-weeks .
focal/linux-intel: 5.11.0-1003.3 -proposed tracker:

• Hardware devices that are not supported by linux kernel directly require the use of Dynamic Kernel Module Support(DKMS) packages
Dynamic Kernel Module Support (DKMS) is a program/framework that enables generating Linux kernel modules whose sources generally reside outside the kernel source tree.
The rebuild of the modules is handled automatically when a kernel is upgraded.

As OEM kernel is based on the stock Ubuntu kernel, it inherits all its updates.

OEM Archive

Introduction

Ubuntu Desktop ISOs will support installing hardware specific meta packages if the machine being installed has a corresponding enablement package available.

Ubiquity will use ubuntu-drivers to discover if an enablement package exists. The user will then be asked if they want to install the package, and it will be installed if they say “yes”.

These OEM packages are not in the ISO image. Packages on the ISO image must be in main.
Packages in Ubuntu main (and restricted) are officially maintained.
The Ubuntu MIR (main inclusion review) Team reviews packages for promotion from universe to main.

Proposed Archive

Proposed Archive provides pre-released updates for Ubuntu, by default it’s not enabled.
There may be bug fixes or new features in pre-released update packages and you can selectively upgrade them by enabling proposed archive.
Packages in -proposed can be moved to -updates once they are approved by someone from sru-verification, and have passed the minimum aging period of 7 days.

Modify the software sources manually by adding the proposed archive to your apt sources:

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

If you are using a port arch such as armhf/arm64/ppc64el/s390x you need to add it with the following instead:

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://ports.ubuntu.com/ubuntu-ports $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

Selective Upgrading from Proposed Archive

After enabling the -proposed archive, you can configure apt to allow selective installs of packages from it instead of upgrading all.

  
cat <<EOF >/etc/apt/preferences.d/proposed-updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF

With this preference file in place, Update Manager, Synaptic, Aptitude and Apt won't ask for upgrades from the -proposed repositories.

You can use apt-get to install a package from -proposed by using one of the following:

  
sudo apt-get install packagename/$(lsb_release -cs)-proposed  
	

  
sudo apt-get -t $(lsb_release -cs)-proposed install packagename
	

  
$ apt search linux-generic | grep -i proposed
$ sudo apt install linux-generic-hwe-20.04/focal-proposed

Example

openssl

• Enable -proposed

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
	

• List -prososed packages

$ sudo apt upgrade -s | grep proposed
$ sudo apt update
$ sudo apt list | grep proposed | grep openssl
openssl/focal-proposed 1.1.1f-1ubuntu2.4 amd64 [upgradable from: 1.1.1f-1ubuntu2.3]
	

• selective installs of packages from it instead of upgrading all of your packages to the -proposed versions:

$ sudo apt install openssl/focal-proposed
Selected version '1.1.1f-1ubuntu2.4' (Ubuntu:20.04/focal-proposed [amd64]) for 'openssl'
$ sudo apt list | grep proposed | grep openssl
openssl/focal-proposed,now 1.1.1f-1ubuntu2.4 amd64 [installed,automatic]
	

linux-generic

Stable Release Updates

Package Management

Package Meta-Information

The Debian package is not only an archive of files intended for installation.
It is part of a larger whole and describes its relationship with other Debian packages (requisites, dependencies, conflicts, suggestions).
It also provides scripts that enable the execution of commands at different stages in the package's lifecycle (installation, upgrade, removal). These data are used by the package management tools, they are, within the package, what is called its “meta-information”.

Dependencies: the Depends Field

The dependencies are defined in the Depends field in the package header.
It is a list of conditions to be met for the package to work correctly.
This information is used by tools such as apt in order to install the required libraries, tools, drivers, etc. in appropriate versions fulfilling the dependencies of the package to be installed.

The dependencies system has another use with “meta-packages”.
“meta-packages” are empty packages that only describe dependencies.
“meta-packages” are real packages (including real .deb files), whose only purpose is to express dependencies.

A consistent group of programs are preselected by the meta-package maintainer; install the meta-package will automatically install all of these programs using the meta-package's dependencies.