Acquire {
Retries "0";
Http {
Proxy "http://user:pass@proxy:port/";
}
};
Apparently APT will also honour the http_proxy EnvironmentVariable (or ftp_proxy for ftp URIs), which is used by some network-related applications.
See the relevant notes about limiting download speeds on the DebianNotes page
use apt-get --reinstall install <package>
Starting with version 0.6, which is now in Debian unstable (sid/etch) and Ubuntu, APT has the capability to verify package signatures. This is done by verifying that the Release file is signed by a trusted key. The signed release file then contains the MD5 checksums of the packages which you can verify against what you just downloaded. This protects against two attacks:
To have APT automatically verify downloads you need to import a suitable key. For Debian:
gpg --keyserver keyring.debian.org --recv 4F368D5D
gpg --export 4F368D5D | apt-key add -
Note: if you just trusted that command and imported that key, you probably don't need apt-secure anyway... You can get Debian's key from 
http://www.debian.org/releases/, and there is a Debian administration article on the subject.
For Ubuntu, you can do the following:
apt-key add /usr/share/keyrings/ubuntu-archive-keyring.gpg
After you've got the key, run apt-get update once and you should be away.
See
If you want to run Stable, but want to have the ability to install packages or source from Testing or Unstable when there is no Stable equivalent, you can pin the releases to certain priorities. Normally, the highest version of an available package wins, but we will override that.
Package: * Pin: release a=stable Pin-Priority: 700 Package: * Pin: release a=testing Pin-Priority: 650 Package: * Pin: release a=unstable Pin-Priority: 600
Note the descending values. Since Stable has the highest pin-priority, it will be installed preferentially over Testing or Unstable. Now, uncomment stable and unstable in the AptSourcesList file at the same time. See Apt-Pinning for Beginners for more information.
You can then specifically request packages from the Testing or Unstable repository by using one of the following forms:
apt-get install package -t distrib apt-get install package/distrib apt-get install package=version
(If you see advice to set the APT::Default-Release preference in apt.conf(5), ignore it. See Using APT with more than 2 sources for details.)
SysAdmins responsible for more than a few servers will often need to roll out customized Packages or security patches to many systems. A custom APT source makes the job much easier.
All you really need is the apt-ftparchive(1) utility. First, put all the Debs in a directory reachable via a WebServer. Say the directory is /usr/local/httpd/packages and is reachable over HTTP as http://example.com/packages/. Then change directory to /usr/local/httpd/packages and run
apt-ftparchive packages . > Packages
That's it. Now add
deb http://example.com/packages ./
to the AptSourcesLists on your machines and run apt-get update on them and you'll be able to apt-get install foo to install your custom package foo.
#!/bin/sh
VERSTR='+0.local.'
case $1 in
*${VERSTR}[0-9]*)
REV=${1##*${VERSTR}}
echo ${1%${VERSTR}*}${VERSTR}$((++REV));;
*-*)
echo ${1}${VERSTR}1;;
*)
echo ${1}-0${VERSTR}1;;
esac
$ bump-version 1.0 1.0-0+0.local.1 $ bump-version 1.0-1 1.0-1+0.local.1
Or alternatively, use pinning.
Taken from Re: custom sec updates.
For a slightly more comprehensive guide to building a custom repository see http://familiasanchez.net/sanchezr/?page=debrepository
apt-get --print-uris upgrade | awk '{ print "wget -O", $2, $1 }' > /tmp/wget-script
Instead of the upgrade action, you can also use install foo or something else. The result will be a file of the form
wget -O e2fslibs_1.38-1_i386.deb 'http://ftp.nz.debian.org/debian/pool/main/e/e2fsprogs/e2fslibs_1.38-1_i386.deb' wget -O e2fsprogs_1.38-1_i386.deb 'http://ftp.nz.debian.org/debian/pool/main/e/e2fsprogs/e2fsprogs_1.38-1_i386.deb' wget -O findutils_4.2.22-2_i386.deb 'http://ftp.nz.debian.org/debian/pool/main/f/findutils/findutils_4.2.22-2_i386.deb' wget -O grep_2.5.1.ds1-5_i386.deb 'http://ftp.nz.debian.org/debian/pool/main/g/grep/grep_2.5.1.ds1-5_i386.deb'
This is a ready-made Shell script you can copy to a FloppyDisk, KeyDrive or the like. Take it to a machine with an internet connection and execute it to download the Debs to the current directory. Then transport these files back to the unconnected machine.
Once you have mounted the media on the unconnected machine, you can install the Packages either:
In theory you can do:
aptitude install package_name=version_num
but this doesn't always work. Instead download the .deb file manually from your mirror (look in debian/pool) and then type the following
dpkg --install package_name_version_num.deb
where package_name and version_num are replaced by the package name you are working with and the version number.
6 pages link to AptNotes:
