Debian Cheatsheet

I began this page many years ago when I was switching from Redhat-based distros to Debian.

Updating and installing packages

apt install packagename
installs a new package.
apt remove packagename
removes a package, but may sometimes leave some config files
apt purge packagename
removes a package and is more likely to remove config files as well
apt update
Run this after changing /etc/apt/sources.list or /etc/apt/preferences, and periodically (daily or at least weekly) to pick up pointers to new package. Does not actually install any packages, just updates the list of package versions.
apt upgrade, apt safe-upgrade
Get all software updates available for this distro, but not if it involves installing new packages or removing existing ones.
apt dist-upgrade, apt full-upgrade
Get all software updates available for this distro, including installing new packages or removing old ones.
apt autoclean
Run this periodically to clean out .deb archives from packages which are no longer installed on the system. You can regain lots of disk space that way. If you're really desperate for disk space, apt-get clean is more radical, and will remove .deb files even for packages currently installed. But most of the time you probably don't need the .debs any more, so it might be worth it if you're strapped for megabytes.

Querying packages not yet installed

apt-cache search string
Searches for string in the list of known packages: like using rpmfind.
dpkg -l package-name-pattern
List packages matching pattern: rpm -q pattern or rpm -qa | grep pattern.
apt-file search filename
Search for a package (need not be installed) containing files including the string. apt-file is a package of its own, which you may have to apt-get install first, then run apt-file update. If apt-file search filename shows you too much, try apt-file search filename | grep -w filename (which shows you only the files that contain filename as a whole word) or variants like apt-file search filename | grep /bin/ only files located in directories like /bin or /usr/bin, useful if you're looking for a particular executable).
apt-cache showpkg pkgs...
Show information about packages.
apt-cache dumpavail
Prints out an available list.
apt-cache show pkgs...
Displays package records, even uninstalled ones, similar to dpkg --print-avail. Like rpm -q packagename.
apt-cache depends <package>
Show what <package> depends on.
apt-cache rdepends <package>
Show what other packages depend on <package>.
grep-excuses <package>
Show why package, in unstable, isn't in testing yet.
apt-cache pkgnames
Fast listing of every package in the system.

Querying currently installed packages

dpkg -S file
Which installed package owns the file? Like rpm -qf file.
dpkg -L package
List files in the package. Like rpm -ql package.
apt-cache policy pkg
Show which repository pkg came from, if you have multiple ones in sources.list.
apt-cache show <package> | grep ^Source
Find the source package which produces this binary package. If it returns nothing, then the source package name is the same as the binary package name.

Some other useful commands

apt-get autoremove
Clean out packages that were installed as a dependency of a package that's no longer installed.
apt-get clean
Remove .deb files from old packages that are no longer installed.
deborphan and apt-get remove `deborphan`
Find libraries no longer needed by any installed apps.
apt-get dselect-upgrade
Clean out even more orphan packages.
apt-mark hold packagename
apt-mark unhold packagename
Hold a package that would otherwise be removed. For instance, to keep an older kernel in place when newer ones break.
apt-mark showhold
dpkg -l | grep "^hi"
List held packages

Investigating Upgrade Problems

A useful place to check when a package is broken: the Debian Package Tracker which can tell you if there are known ongoing issues in a package.

When a specific package is preventing upgrades — perhaps it's suggesting that you apt --fix-broken install but you can't because a package that needs to be removed is broken and won't let you remove it — try this:

dpkg --purge --force-all broken-package-name
apt --fix-broken install

More generally: for installed packages, apt why packagename or apt why-not packagename can be helpful (aptitude also has these commands, and might show more detail). But when a full-upgrade looks like it will cause problems, like a long "The following packages will be REMOVED:" list, aptitude full-upgrade will give a lot more detail than apt, and give you possible resolutions.

But sometimes no resolution is possible besides removing a bunch of packages. When that happens, try looking at https://tracker.debian.org/pkg/packagename to see if there's anything under news or testing migrations. It can also be useful to look at release.debian.org/transitions/ and see whether any of the Ongoing transitions relate to the problem you're seeing.

Downgrading after a broken upgrade

When an upgrade breaks a package, if it's a simple standalone package, try searching for the package on snapshot.debian.org and then follow the steps in RollbackUpdate. For example:

After one sid upgrade, emacs-common-1:28.1+1-1 didn't install because of a segfault in postinstall. Searching for emacs-common on snapshot.debian.org gave me emacs-common 1:27.1+1-3.1 with a time of 2021-03-28 03:00:02, so I added the following line to /etc/apt/sources.list:

deb  [trusted=yes] https://snapshot.debian.org/archive/debian/20210328T030002Z/ sid main
(The [trusted=yes] may not be needed.)

You can't just apt update that: it will complain

Release file for https://snapshot.debian.org/archive/debian/20210328T030002Z/dists/sid/InRelease is expired (invalid since 503d 15h 39min 30s). Updates for this repository will not be applied.
so instead, do:
sudo apt -o Acquire::Check-Valid-Until=false update
as suggested on the home page of snapshot.debian.org. Then you can try installing your package:
sudo apt install emacs-gtk=1:27.1+1-3.1
If it complains that there are unmet dependencies, you may need to install the dependency as well. For emacs, I went through several iterations and ended up with:
sudo apt install emacs-gtk=1:27.1+1-3.1 emacs-common=1:27.1+1-3.1 emacs-bin-common=1:27.1+1-3.1

But you may find more dependencies later. I found that apt was still unhappy, and by running various apt commands I eventually elicited the error message from apt autoremove:

You might want to run 'apt --fix-broken install' to correct these. The following packages have unmet dependencies: emacs-bin-common : Depends: emacs-common (= 1:28.1+1-1) but 1:27.1+1-3.1 is installed emacs-gtk : Depends: emacs-bin-common (= 1:27.1+1-3.1) but 1:28.1+1-1 is installed E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
which I fixed with an
apt install emacs-bin-common=1:27.1+1-3.1
after which apt seemed happy.


The APT HOWTO has instructions on "pinning" and other details of maintaining a mixed debian system (e.g. stable but using some packages from unstable). It also shows how to pin a package so it will not be upgraded (for instance, if you've made local changes).

deborphan and debfoster are great for finding orphaned and unneeded packages which can be removed.

You can pull from a different repository by editing /etc/apt/sources.list to replace "stable" with "unstable" (or whatever) then doing apt-get update. That gets old, though, so here's a better way: pinning. Here's a sample unstable preferences file.

How to build a package

apt install build-essential fakeroot devscripts
apt build-dep packagename
apt source packagename
cd [dirname]
debuild -b -uc -us

Boot time services

(obsolete, replaced by systemd)
update-rc.d svc defaults
Enable service at boot time. chkconfig svc on
update-rc.d svc stop 0 1 2 3 4 5 6
Disable scv at boot time. This puts "K" links in all relevant runlevels, so theoretically apt-get will know to keep the service disabled, and won't re-enable it. At least in theory. In practice there's something wrong with the command and I haven't figured out how to make it work. Adding "." at the end doesn't work either.
update-rc.d -f svc remove
Disable service at boot time. chkconfig svc off This is simpler than the preceeding line, but less permanent; services will come back on an apt-get install or dist-upgrade.
-f means force removal of the /etc/rc.? scripts while leaving the basic script in /etc/init.d (so you can run the service by hand if you choose). --purge means remove the script from init.d.

If you want to remove a service so that it never starts unless asked, and never comes back in a dist-upgrade ... I still don't know. Apparently the only way is to go to each directory named /etc/rc?.d in turn, and then rename Snnservicename to Knnservicename (which you can't easily do as a script or alias because of the nns being variable). It's unbelievable that debian has no easier way to do this. Oh, well.
update-rc.d svc start 20 2 3 4 5 . stop 20 0 1 6
Enable service at boot time in the given runlevels, like chkconfig svc --levels 2345 on
For listing active services, I wrote a shell script: lsconfig
What services are currently enabled? chkconfig --list

Quick tips:

apt history: what's been recently installed?

Several different ways to see your apt history:

awk '!/^Start|^Commandl|^End|^Upgrade:|^Error:/ { gsub( /\([^()]*\)/ ,"" );gsub(/ ,/," ");sub(/^Install:/,""); print}' /var/log/apt/history.log
grep " install " /var/log/dpkg.log

You can also sort /var/cache/apt/archives by create date: ls -ltc /var/cache/apt/archives | less you can get a list of packages in reverse order of when they were downloaded. There's also /var/log/apt/term.log; I'm not sure how it relates to dpkg.log.

To see packages removed recently, try

grep remove /var/log/dpkg.log

mandb -c does what makewhatis used to do in other distros and other Unices -- builds the whatis/apropos databases. It's part of the man-db package.


Printing changes all the time and varies among distros and versions. When I learn something new and relevant about printing, I usually blog about it, so see my blog articles tagged 'printing'.

Linux Links
Shallow Sky home