How to Install Software in Linux (APT, YUM, Snap Guide)

How to Install Software in Linux (APT, YUM, Snap Guide)
by: OS GuruPosted on:

APT (Advanced Package Tool) – In-Depth Points

1. Repository Structure and Sources.list

  • APT relies on /etc/apt/sources.list and files in /etc/apt/sources.list.d/. Each line specifies a repository URL, distribution codename (e.g. focal, jammy, bookworm) and components like main universe contrib, non-free.
  • main contains free, officially supported software. universe is community-maintained free software. contrib is free software depending on non-free elements. non-free contains proprietary software.
  • Linux Performance Optimization Tips

2. Advanced APT Commands

  • sudo apt full-upgrade (or apt dist-upgrade) intelligently handles dependencies that change, adding or removing packages as needed. Use this for major distribution upgrades.
  • apt list --installed shows all installed packages. Add | grep keyword to filter: apt list --installed | grep python.
  • apt list --upgradable lists packages with available updates without performing the upgrade.
  • apt show <package-name> displays detailed information: version, size, dependencies, description, and which repository it comes from.
  • apt policy <package-name> shows which versions are available (installed, candidate, and from each repository) with priority pins. Useful for troubleshooting version conflicts.
  • apt depends <package-name> lists all dependencies (both required and recommended). Apt rdepends <package-name> shows reverse dependencies—which installed packages rely on a given package.
  • apt autoremove --purge removes orphaned packages and their configuration files in one command.

3. Downloading Without Installing

  • apt download <package-name> downloads the .deb file to the current directory without installing it. Useful for offline installation or manual inspection.
  • apt-get source <package-name> downloads the original source code (if source repos are enabled in sources.list).

4. Holding and Unholding Packages

  • To prevent a specific package from being upgraded, use sudo apt-mark hold <package-name>. For example, hold a kernel version: sudo apt-mark hold linux-image-5.15.0-91-generic.
  • To remove the hold: sudo apt-mark unhold <package-name>.
  • apt-mark showhold lists all packages currently on hold.

5. Fixing Broken Dependencies

  • If an installation is interrupted, run sudo apt --fix-broken install. This attempts to repair missing or conflicting dependencies.
  • If you manually deleted a required library, sudo apt install --reinstall <package-name> reinstalls the package and restores missing files.

6. Caching and Cleaning

  • APT stores downloaded .deb files in /var/cache/apt/archives/. Over time, this can consume gigabytes. Run sudo apt clean to delete all cached packages.
  • sudo apt autoclean removes only obsolete cached packages (versions no longer in any repository).

7. Installing Specific Versions

  • Use apt list -a <package-name> to see all available versions. Then install a specific version with sudo apt install <package-name>=<version-number>.
  • Example: sudo apt install firefox=111.0+build2-0ubuntu0.20.04.1

YUM / DNF – In-Depth Points

1. Repository Management

  • Repository definitions are stored as .repo files in /etc/yum.repos.d/. Each file contains URLs for baseurl (primary) or mirrorlist (dynamic mirrors), GPG keys, and enabled/disabled status.
  • Enable a disabled repository temporarily: sudo yum install --enablerepo=epel <package-name>. Permanently enable by editing the .repo file and setting enabled=1.
  • Add a third-party repository (e.g., EPEL for extra packages): sudo yum install epel-release. For others like RPM Fusion (for multimedia codecs), download the .rpm release package manually.
  • List all enabled repos: yum repolist. List all (including disabled): yum repolist all.

2. Advanced DNF Commands (modern systems)

  • dnf history shows a timeline of all transactions with IDs. dnf history info <id> gives details. dnf history undo <id> reverts a previous transaction.
  • dnf check verifies the integrity of the RPM database and detects missing or corrupted files.
  • dnf repoquery is a powerful query tool. Examples:
  • dnf repoquery --requires <package> lists dependencies.
  • dnf repoquery --whatprovides */libssl.so.3 finds which package provides a specific file.
  • dnf repoquery --duplicated finds packages with multiple installed versions.
  • dnf autoremove removes packages installed as dependencies that are no longer needed.

3. Group Installations

  • YUM/DNF supports package groups—collections of related packages. List groups: yum group list (add hidden to see all: yum group list hidden).
  • Install a group: sudo yum group install "Development Tools" (includes gcc, make, git, etc.).
  • Install a group without prompting: sudo yum group install -y "Server with GUI".
  • Remove a group: sudo yum group remove "KDE Plasma Workspaces".

4. Working with Local RPM Files

  • sudo yum localinstall <file.rpm> --nogpgcheck skips GPG verification (use only with trusted files).
  • To list contents of an RPM without installing: rpm -qlp <file.rpm>.
  • To extract a single file from an RPM: rpm2cpio <file.rpm> | cpio -idmv ./path/to/file.

5. Version Locking (Excluding Packages)

  • Prevent updates to specific packages by adding exclude=package-name* to /etc/yum.conf or /etc/dnf/dnf.conf. Multiple excludes separated by spaces.
  • Example: exclude=kernel* nvidia-*. This prevents kernel or NVIDIA driver updates.
  • For temporary exclusion on command line: sudo yum update --exclude=kernel*.

6. Cleaning and Cache Management

  • sudo yum clean all removes cached packages, metadata, and database files. Next yum check-update will be slower but forces fresh data.
  • sudo yum clean dbcache removes only the SQLite cache. sudo yum clean expire-cache marks repo metadata as expired.
  • Cache location: /var/cache/yum/ (or /var/cache/dnf/). You can safely delete contents manually if disk space is critical.

Snap – In-Depth Points

1. Snap Architecture and Confinement Levels

  • Snaps run in a sandbox using AppArmor, Seccomp, and cgroups. Three confinement levels exist:
  • Strict (default): Full isolation. The snap can only access files and devices via explicit interfaces (e.g., home, network, pulseaudio, camera).
  • Classic: No confinement; has full system access. Used for tools like helm or go. Requires --classic flag during installation.

2. Installing Classic Snaps

  • Some snaps (e.g., code, go, dotnet-sdk) require classic confinement. Install with: sudo snap install <snap-name> --classic.
  • Classic snaps must be installed from a trusted publisher because they bypass security restrictions.

3. Channels, Tracks, and Versions

  • Channels follow the format: track/risk-level. Examples: latest/stable, latest/beta, 1.21/candidate.
  • Tracks allow staying on a major version series. For Node.js: sudo snap install node --channel=18/stable installs the latest 18.x release.
  • Switch an installed snap to a different channel: sudo snap switch --channel=16/stable core. Then sudo snap refresh to apply.
  • List available channels for a snap: snap info <snap-name> (shows all tracks and risk levels).

4. Managing Interfaces and Permissions

  • List connected interfaces for a snap: snap connections <snap-name>.
  • Connect a required but disconnected interface: sudo snap connect <snap-name>:<plug-name>. Example for Firefox accessing system themes: sudo snap connect firefox:system-themes.
  • Disconnect an interface: sudo snap disconnect <snap-name>:<plug-name>.
  • Common interfaces: home (access user home), removable-media (USB drives), audio-playback, camera, opengl (GPU acceleration), system-observe (read system logs).
  • View which interfaces are auto-connected vs. manual: snap interfaces <snap-name>.

5. Snap Refresh (Update) Control

  • By default, Snap checks for updates 4 times per day and auto-updates in the background. To disable auto-refresh: sudo snap set system refresh.timer=00:00-23:59/never (not recommended for security).
  • Set a maintenance window (e.g., only between 3 AM and 5 AM): sudo snap set system refresh.timer=3:00-5:00.
  • Hold a snap at its current version (e.g., postpone for 30 days): sudo snap refresh --hold=30d <snap-name>.
  • To manually trigger an update: sudo snap refresh <snap-name>.
  • See pending refresh changes: snap refresh --time.

6. Working with Snap Aliases

  • Some snaps provide alternative command names (aliases). Example: kubectl snap provides kubectl as an alias, but also kubectl. suffix. List aliases: snap aliases <snap-name>.
  • Enable a disabled alias: sudo snap alias <snap-name>.<command> <alias-name>.
  • Disable an alias: sudo snap unalias <alias-name>.

7. Snap Services and Daemons

  • Snaps can include background services (like Nextcloud or Plex). Manage them using snap services <snap-name> to list.
  • Start/stop/restart a snap service: sudo snap start <snap-name>.<service-name>, sudo snap stop, sudo snap restart.
  • View service logs: sudo snap logs <snap-name>.<service-name>.

8. Enabling and Disabling Snaps (Without Removal)

  • Temporarily disable a snap (prevent its commands and services from running): sudo snap disable <snap-name>.
  • Re-enable: sudo snap enable <snap-name>. Disabled snaps retain all data and configuration.

Cross-Platform Best Practices and Troubleshooting Points

1. When to Use Each Method

  • APT/YUM: For system-critical software (kernel, drivers, init systems), CLI utilities, servers (nginx, ssh), and development libraries (libssl-dev). They integrate with system updates and have minimal overhead.
  • Snap: For GUI applications (Spotify, Slack, VLC), containerized tools (Docker via Snap), software needing isolation (Nextcloud), or when you need automatic background updates.
  • Avoid mixing: Never install the same software via both APT and Snap. If you need both, rename the Snap command (e.g., sudo snap alias firefox firefox-snap) to prevent conflicts.

2. Finding Which Package Manager Owns a File

  • APT: dpkg -S /path/to/file (e.g., dpkg -S /usr/bin/python3).
  • YUM/DNF: rpm -qf /path/to/file or yum whatprovides */filename.
  • Snap: Files are in /snap/<snap-name>/—check if the path contains /snap/.

3. Disk Space Considerations

  • APT/YUM packages share system libraries, so 100 apps might use only 2 GB.
  • Each Snap bundles its own libraries. A single Snap can be 200–500 MB, and 20 Snaps could exceed 5 GB. Regularly run snap list --all to see old revisions (kept for revert) and remove them with sudo snap remove --revision <revision-number> <snap-name>.

4. Networking and Proxy Settings

  • APT respects http_proxy environment variables. For permanent proxy: Create /etc/apt/apt.conf.d/95proxies with Acquire::http::Proxy "http://proxy:8080";.
  • YUM/DNF: Set proxy=http://proxy:8080 in /etc/yum.conf or /etc/dnf/dnf.conf.
  • Snap: Uses system proxy from $HTTP_PROXY or $HTTPS_PROXY. Also configurable via sudo snap set system proxy.http="http://proxy:8080".

5. GPG Key Management

  • APT: Add GPG keys manually: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEY-ID> (deprecated on newer versions). Modern method: wget -O- https://example.com/key.asc | sudo tee /usr/share/keyrings/example-archive-keyring.gpg.
  • YUM: Import keys automatically when installing a repository RPM. Manual import: sudo rpm --import https://example.com/RPM-GPG-KEY.
  • Snap: GPG is handled automatically by the Snap store’s signature chain. You rarely manage keys manually.

6. Unattended and Scripted Installations

  • APT: sudo DEBIAN_FRONTEND=noninteractive apt install -y <package> suppresses all prompts (including configuration file conflicts).
  • YUM/DNF: sudo yum install -y <package> is sufficient (fewer interactive prompts than APT).
  • Snap: sudo snap install <snap-name> --dangerous bypasses signature verification (not recommended). For normal use, --unaliased prevents aliases from being set during automated installs.

7. Security Considerations

  • APT and YUM: Packages run with full system privileges. Only install from trusted, official repositories. PPAs and third-party RPM repos can contain malicious code.
  • Snap: Strict confinement limits damage. However, malicious snaps could still access your home directory if the home interface is auto-connected (most GUI snaps do). Review permissions with snap connections <snap> before installing.
  • Always verify GPG signatures for manual downloads. APT will refuse unauthenticated packages unless you use --allow-unauthenticated (never do this).

Conclusion

Mastering APT, YUM/DNF, and Snap equips you with the essential skills to manage software on virtually any Linux distribution. Each tool serves a distinct purpose: APT and YUM are the traditional, lightweight, and deeply integrated package managers ideal for system-critical components, server software, and development libraries—they respect the distribution’s stability philosophy and handle dependencies with surgical precision. Snap, on the other hand, shines when you need the latest versions, sandboxed security, or cross-distribution compatibility, especially for end-user GUI applications and containerized tools.

The key to a healthy Linux system lies in knowing when to use each method. For core OS functions, always prefer the native package manager (APT or YUM). Reserve Snap for software that isn’t available in official repositories, or when you specifically benefit from automatic updates and isolation. Avoid mixing package managers for the same application—choose one and stick with it to prevent file conflicts and duplicated system resources.

Beyond just installation commands, remember the supporting practices: regularly update your package indices (apt update, yum check-update), clean caches periodically to free disk space, and use autoremove or history undo to keep your system tidy. When something goes wrong, APT’s --fix-broken, YUM’s check and distro-sync, and Snap’s revert are your best friends. Finally, always consider security—trust only official repositories or well-known Snap publishers, and review permissions for confined snaps.