apt-get is the command-line tool for handling packages, and
may be considered the user's "back-end" to other tools using the
APT library. Several "front-end" interfaces exist, such as
aptitude(8), synaptic(8) and wajig(1).
Unless the -h, or --help option is given, one of the
commands below must be present.
update is used to resynchronize the package index files
from their sources. The indexes of available packages are fetched from the
location(s) specified in /etc/apt/sources.list. For example, when using a
Debian archive, this command retrieves and scans the Packages.gz files, so
that information about new and updated packages is available. An update should
always be performed before an upgrade or dist-upgrade. Please be aware that
the overall progress meter will be incorrect as the size of the package files
cannot be known in advance.
upgrade is used to install the newest versions of all
packages currently installed on the system from the sources enumerated in
/etc/apt/sources.list. Packages currently installed with new versions
available are retrieved and upgraded; under no circumstances are currently
installed packages removed, or packages not already installed retrieved and
installed. New versions of currently installed packages that cannot be
upgraded without changing the install status of another package will be left
at their current version. An update must be performed first so that
apt-get knows that new versions of packages are available.
dist-upgrade in addition to performing the function of
upgrade, also intelligently handles changing dependencies with new versions of
has a "smart" conflict resolution system,
and it will attempt to upgrade the most important packages at the expense of
less important ones if necessary. The dist-upgrade command may therefore
remove some packages. The /etc/apt/sources.list file contains a list of
locations from which to retrieve desired package files. See also
for a mechanism for overriding the general settings
for individual packages.
dselect-upgrade is used in conjunction with the
traditional Debian packaging front-end, dselect(1)
follows the changes made by dselect(1)
to the Status field of available
packages, and performs the actions necessary to realize that state (for
instance, the removal of old and the installation of new packages).
install is followed by one or more packages desired for
installation or upgrading. Each package is a package name, not a fully
qualified filename (for instance, in a Debian system, apt-utils would be the
argument provided, not apt-utils_2.6.1_amd64.deb). All packages required by
the package(s) specified for installation will also be retrieved and
installed. The /etc/apt/sources.list file is used to locate the desired
packages. If a hyphen is appended to the package name (with no intervening
space), the identified package will be removed if it is installed. Similarly a
plus sign can be used to designate a package to install. These latter features
may be used to override decisions made by apt-get's conflict resolution
A specific version of a package can be selected for installation
by following the package name with an equals and the version of the package
to select. This will cause that version to be located and selected for
install. Alternatively a specific distribution can be selected by following
the package name with a slash and the version of the distribution or the
Archive name (stable, testing, unstable).
Both of the version selection mechanisms can downgrade packages
and must be used with care.
This is also the target to use if you want to upgrade one or more
already-installed packages without upgrading every package you have on your
system. Unlike the "upgrade" target, which installs the newest
version of all currently installed packages, "install" will
install the newest version of only the package(s) specified. Simply provide
the name of the package(s) you wish to upgrade, and if a newer version is
available, it (and its dependencies, as described above) will be downloaded
Finally, the apt_preferences(5) mechanism allows you to
create an alternative installation policy for individual packages.
If no package matches the given expression and the expression
contains one of '.', '?' or '*' then it is assumed to be a POSIX regular
expression, and it is applied to all package names in the database. Any
matches are then installed (or removed). Note that matching is done by
substring so 'lo.*' matches 'how-lo' and 'lowest'. If this is undesired,
anchor the regular expression with a '^' or '$' character, or create a more
specific regular expression.
Fallback to regular expressions is deprecated in APT 2.0, has been
removed in apt(8), except for anchored expressions, and will be
removed from apt-get(8) in a future version. Use
reinstall is an alias for install --reinstall.
remove is identical to install except that packages are
removed instead of installed. Note that removing a package leaves its
configuration files on the system. If a plus sign is appended to the package
name (with no intervening space), the identified package will be installed
instead of removed.
purge is identical to remove except that packages are
removed and purged (any configuration files are deleted too).
source causes apt-get
to fetch source packages.
APT will examine the available packages to decide which source package to
fetch. It will then find and download into the current directory the newest
available version of that source package while respecting the default release,
set with the option APT::Default-Release, the -t
option or per package
with the pkg/release syntax, if possible.
The arguments are interpreted as binary and source package names.
See the --only-source option if you want to change that.
Source packages are tracked separately from binary packages via
deb-src lines in the sources.list(5) file. This means that you will
need to add such a line for each repository you want to get sources from;
otherwise you will probably get either the wrong (too old/too new) source
versions or none at all.
If the --compile option is specified then the package will
be compiled to a binary .deb using dpkg-buildpackage for the
architecture as defined by the --host-architecture option. If
--download-only is specified then the source package will not be
A specific source version can be retrieved by postfixing the
source name with an equals and then the version to fetch, similar to the
mechanism used for the package files. This enables exact matching of the
source package name and version, implicitly enabling the
Note that source packages are not installed and tracked in the
dpkg database like binary packages; they are simply downloaded to the
current directory, like source tarballs.
build-dep causes apt-get to install/remove packages in an
attempt to satisfy the build dependencies for a source package. By default the
dependencies are satisfied to build the package natively. If desired a
host-architecture can be specified with the --host-architecture
The arguments are interpreted as binary or source package names.
See the --only-source option if you want to change that.
satisfy causes apt-get to satisfy the given dependency
strings. The dependency strings may have build profiles and architecture
restriction list as in build dependencies. They may optionally be prefixed
with "Conflicts: " to unsatisfy the dependency string. Multiple
strings of the same type can be specified.
Example: apt-get satisfy "foo" "Conflicts:
bar" "baz (>> 1.0) | bar (= 2.0), moo"
The legacy operator '</>' is not supported, use
check is a diagnostic tool; it updates the package cache
and checks for broken dependencies.
download will download the given binary package into the
current directory. The authenticity of the package data is ensured as
clean clears out the local repository of retrieved
package files. It removes everything but the lock file from
/var/cache/apt/archives/ and /var/cache/apt/archives/partial/.
autoclean (and the auto-clean alias since 1.1)
Like clean, autoclean clears out the local repository of
retrieved package files. The difference is that it only removes package files
that can no longer be downloaded, and are largely useless. This allows a cache
to be maintained over a long period without it growing out of control. The
configuration option APT::Clean-Installed will prevent installed packages from
being erased if it is set to off.
autoremove (and the auto-remove alias since 1.1)
autoremove is used to remove packages that were
automatically installed to satisfy dependencies for other packages and are now
no longer needed.
Like autoremove, but autopurge also removes configuration
files. This is a shortcut for autoremove --purge.
changelog tries to download the changelog of a package
and displays it through sensible-pager. By default it displays the
changelog for the version that is installed. However, you can specify the same
options as for the install command.
Displays by default a deb822 formatted listing of
information about all data files (aka index targets) apt-get update
would download. Supports a --format option to modify the output format
as well as accepts lines of the default output to filter the records by. The
command is mainly used as an interface for external tools working with APT to
get information as well as filenames for downloaded files so they can use them
as well instead of downloading them again on their own. Detailed documentation
is omitted here and can instead be found in the file
/usr/share/doc/apt/acquire-additional-files.md.gz shipped by the apt-doc
All command line options may be set using the configuration file,
the descriptions indicate the configuration option to set. For boolean
options you can override the config file by using something like
-f-,--no-f, -f=no or several other variations.
Do not consider recommended packages as a dependency for
installing. Configuration Item: APT::Install-Recommends.
Consider suggested packages as a dependency for
installing. Configuration Item: APT::Install-Suggests.
Download only; package files are only retrieved, not
unpacked or installed. Configuration Item: APT::Get::Download-Only.
Fix; attempt to correct a system with broken dependencies
in place. This option, when used with install/remove, can omit any packages to
permit APT to deduce a likely solution. If packages are specified, these have
to completely correct the problem. The option is sometimes necessary when
running APT for the first time; APT itself does not allow broken package
dependencies to exist on a system. It is possible that a system's dependency
structure can be so corrupt as to require manual intervention (which usually
means using dpkg --remove to eliminate some of the offending packages).
Use of this option together with -m may produce an error in some
situations. Configuration Item: APT::Get::Fix-Broken.
-m, --ignore-missing, --fix-missing
Ignore missing packages; if packages cannot be retrieved
or fail the integrity check after retrieval (corrupted package files), hold
back those packages and handle the result. Use of this option together with
-f may produce an error in some situations. If a package is selected
for installation (particularly if it is mentioned on the command line) and it
could not be downloaded then it will be silently held back. Configuration
Disables downloading of packages. This is best used with
--ignore-missing to force APT to use only the .debs it has already
downloaded. Configuration Item: APT::Get::Download.
Quiet; produces output suitable for logging, omitting
progress indicators. More q's will produce more quiet up to a maximum of 2.
You can also use -q=# to set the quiet level, overriding the
configuration file. Note that quiet level 2 implies -y; you should
never use -qq without a no-action modifier such as -d, --print-uris or -s as
APT may decide to do something you did not expect. Configuration Item:
-s, --simulate, --just-print,
--dry-run, --recon, --no-act
No action; perform a simulation of events that would
occur based on the current system state but do not actually change the system.
Locking will be disabled (Debug::NoLocking
) so the system state could
change while apt-get
is running. Simulations can also be executed by
non-root users which might not have read access to all apt configuration
distorting the simulation. A notice expressing this warning is also shown by
default for non-root users (APT::Get::Show-User-Simulation-Note
Configuration Item: APT::Get::Simulate.
Simulated runs print out a series of lines, each representing a
dpkg operation: configure (Conf), remove (Remv) or unpack (Inst).
Square brackets indicate broken packages, and empty square brackets indicate
breaks that are of no consequence (rare).
-y, --yes, --assume-yes
Automatic yes to prompts; assume "yes" as
answer to all prompts and run non-interactively. If an undesirable situation,
such as changing a held package, trying to install an unauthenticated package
or removing an essential package occurs then apt-get will abort. Configuration
Automatic "no" to all prompts. Configuration
Do not show a list of all packages that are to be
upgraded. Configuration Item: APT::Get::Show-Upgraded.
Show full versions for upgraded and installed packages.
Configuration Item: APT::Get::Show-Versions.
This option controls the architecture packages are built
for by apt-get source --compile and how cross-builddependencies are
satisfied. By default is it not set which means that the host architecture is
the same as the build architecture (which is defined by APT::Architecture).
Configuration Item: APT::Get::Host-Architecture.
This option controls the activated build profiles for
which a source package is built by apt-get source --compile and how
build dependencies are satisfied. By default no build profile is active. More
than one build profile can be activated at a time by concatenating them with a
comma. Configuration Item: APT::Build-Profiles.
-b, --compile, --build
Compile source packages after downloading them.
Configuration Item: APT::Get::Compile.
Ignore package holds; this causes apt-get to
ignore a hold placed on a package. This may be useful in conjunction with
dist-upgrade to override a large number of undesired holds. Configuration
Allow installing new packages when used in conjunction
with upgrade. This is useful if the update of an installed package requires
new dependencies to be installed. Instead of holding the package back upgrade
will upgrade the package and install the new dependencies. Note that upgrade
with this option will never remove packages, only allow adding new ones.
Configuration Item: APT::Get::Upgrade-Allow-New.
Do not upgrade packages; when used in conjunction with
install, no-upgrade will prevent packages on the command line from being
upgraded if they are already installed. Configuration Item:
Do not install new packages; when used in conjunction
with install, only-upgrade will install upgrades for already installed
packages only and ignore requests to install new packages. Configuration Item:
This is a dangerous option that will cause apt to
continue without prompting if it is doing downgrades. It should not be used
except in very special situations. Using it can potentially destroy your
system! Configuration Item: APT::Get::allow-downgrades. Introduced in APT
Force yes; this is a dangerous option that will cause apt
to continue without prompting if it is removing essentials. It should not be
used except in very special situations. Using it can potentially destroy your
system! Configuration Item: APT::Get::allow-remove-essential. Introduced in
Force yes; this is a dangerous option that will cause apt
to continue without prompting if it is changing held packages. It should not
be used except in very special situations. Using it can potentially destroy
your system! Configuration Item: APT::Get::allow-change-held-packages.
Introduced in APT 1.1.
Force yes; this is a dangerous option that will cause apt
to continue without prompting if it is doing something potentially harmful. It
should not be used except in very special situations. Using force-yes can
potentially destroy your system! Configuration Item: APT::Get::force-yes. This
is deprecated and replaced by --allow-unauthenticated ,
--allow-downgrades , --allow-remove-essential ,
--allow-change-held-packages in 1.1.
Instead of fetching the files to install their URIs are
printed. Each URI will have the path, the destination file name, the size and
the expected MD5 hash. Note that the file name to write to will not always
match the file name on the remote site! This also works with the source and
update commands. When used with the update command the MD5 and size are not
included, and it is up to the user to decompress any compressed files.
Configuration Item: APT::Get::Print-URIs.
Use purge instead of remove for anything that would be
removed. An asterisk ("*") will be displayed next to packages which
are scheduled to be purged. remove --purge is equivalent to the
purge command. Configuration Item: APT::Get::Purge.
Re-install packages that are already installed and at the
newest version. Configuration Item: APT::Get::ReInstall.
This option is on by default; use --no-list-cleanup to
turn it off. When it is on, apt-get will automatically manage the
contents of /var/lib/apt/lists to ensure that obsolete files are erased. The
only reason to turn it off is if you frequently change your sources list.
Configuration Item: APT::Get::List-Cleanup.
-t, --target-release, --default-release
This option controls the default input to the policy
engine; it creates a default pin at priority 990 using the specified release
string. This overrides the general settings in /etc/apt/preferences.
Specifically pinned packages are not affected by the value of this option. In
short, this option lets you have simple control over which distribution
packages will be retrieved from. Some common examples might be -t
, -t unstable
or -t sid
. Configuration Item:
APT::Default-Release; see also the apt_preferences(5)
Only perform operations that are 'trivial'. Logically
this can be considered related to --assume-yes; where
--assume-yes will answer yes to any prompt, --trivial-only will
answer no. Configuration Item: APT::Get::Trivial-Only.
After successful installation, mark all freshly installed
packages as automatically installed, which will cause each of the packages to
be removed when no more manually installed packages depend on this package.
This is equally to running apt-mark auto for all installed packages.
Configuration Item: APT::Get::Mark-Auto.
If any packages are to be removed apt-get immediately
aborts without prompting. Configuration Item: APT::Get::Remove.
If the command is either install or remove, then this
option acts like running the autoremove command, removing unused dependency
packages. Configuration Item: APT::Get::AutomaticRemove.
Only has meaning for the source and build-dep commands.
Indicates that the given source names are not to be mapped through the binary
table. This means that if this option is specified, these commands will only
accept source package names as arguments, rather than accepting binary package
names and looking up the corresponding source package. Configuration Item:
--diff-only, --dsc-only, --tar-only
Download only the diff, dsc, or tar file of a source
archive. Configuration Item: APT::Get::Diff-Only, APT::Get::Dsc-Only, and
Only process architecture-dependent build-dependencies.
Configuration Item: APT::Get::Arch-Only.
Only process architecture-independent build-dependencies.
Configuration Item: APT::Get::Indep-Only.
Ignore if packages can't be authenticated and don't
prompt about it. This can be useful while working with local repositories, but
is a huge security risk if data authenticity isn't ensured in another way by
the user itself. The usage of the Trusted
entries should usually be preferred over this global
override. Configuration Item: APT::Get::AllowUnauthenticated.
Allow the update command to acquire unverifiable data
from configured sources. APT will otherwise fail at the update command for
repositories without valid cryptographically signatures. See also
for details on the concept and the implications.
Configuration Item: Acquire::AllowInsecureRepositories.
Allow the update command to continue downloading data
from a repository which changed its information of the release contained in
the repository indicating e.g a new major release. APT will fail at the update
command for such repositories until the change is confirmed to ensure the user
is prepared for the change. See also apt-secure(8)
for details on the
concept and configuration.
Specialist options (--allow-releaseinfo-change-field) exist
to allow changes only for certain fields like origin, label, codename,
suite, version and defaultpin. See also apt_preferences(5).
Configuration Item: Acquire::AllowReleaseInfoChange.
Show user friendly progress information in the terminal
window when packages are installed, upgraded or removed. For a machine
parsable version of this data see README.progress-reporting in the apt doc
directory. Configuration Items: Dpkg::Progress and Dpkg::Progress-Fancy.
Adds the given file as a source for metadata. Can be
repeated to add multiple files. See --with-source
for further details.
Fail the update command if any error occured, even a
Show a short usage summary.
Show the program version.
Configuration File; Specify a configuration file to use.
The program will read the default configuration file and then this
configuration file. If configuration settings need to be set before the
default configuration files are parsed specify a file with the
environment variable. See apt.conf(5)
Set a Configuration Option; This will set an arbitrary
configuration option. The syntax is -o Foo::Bar=bar. -o and
--option can be used multiple times to set different options.