Linux packages and system updates

Topic: Servers linux

Install, upgrade, and remove packages on Debian/Ubuntu (apt) and RHEL/Fedora (dnf/yum). Run updates safely: check changelogs, take backups, and verify services after reboot. Use this to keep servers patched without breaking running workloads.

Intent: How-to

Quick answer

  • Debian/Ubuntu: apt update && apt upgrade -y; RHEL/Fedora: dnf update -y. Always run update (refresh index) before upgrade.
  • Before major upgrades: back up /etc and critical data, read release notes, schedule a maintenance window; avoid unattended-upgrades for kernel on critical boxes without testing.
  • Verify after upgrade: services start (systemctl), app responds; roll back by restoring backup or booting previous kernel if needed.

Prerequisites

Steps

  1. Refresh package index

    Run apt update (Debian/Ubuntu) or dnf check-update (RHEL/Fedora); fix any repo or key errors before upgrading.

  2. Upgrade packages

    apt upgrade -y or dnf update -y; use apt full-upgrade or dnf upgrade only when you accept possible package removals or major changes.

  3. Install and remove packages

    apt install pkg / dnf install pkg; apt remove pkg / dnf remove pkg; use autoremove to drop unused dependencies.

  4. Verify and plan reboots

    If kernel or critical libs were updated, plan a reboot; verify services with systemctl and a quick app check; keep a backup of /etc and known-good kernel.

Summary

You will update and install packages using apt (Debian/Ubuntu) or dnf (RHEL/Fedora), and verify the system and services after upgrades. Use this to keep servers current and to add or remove software safely.

Prerequisites

  • Root or sudo on the server.
  • Network access to package mirrors.

Steps

Step 1: Refresh package index

# Debian/Ubuntu
sudo apt update

# RHEL/Fedora/Rocky
sudo dnf check-update

Resolve any 404s, expired keys, or repo errors before proceeding. Use apt-cache policy pkg or dnf list pkg to see available versions.

Step 2: Upgrade packages

# Debian/Ubuntu (safe upgrade, no new deps that change other packages)
sudo apt upgrade -y

# Or full upgrade (may remove/install packages to satisfy deps)
# sudo apt full-upgrade -y

# RHEL/Fedora
sudo dnf update -y

Review the list of packages to be changed; if a new kernel or libc is included, plan a reboot.

Step 3: Install and remove packages

# Install
sudo apt install nginx
sudo dnf install nginx

# Remove
sudo apt remove nginx
sudo dnf remove nginx

# Clean unused deps
sudo apt autoremove -y
sudo dnf autoremove -y

Pin a package (hold) with apt hold pkg or exclude in dnf if you must avoid an upgrade for one package.

Step 4: Verify and plan reboots

  • After upgrade: systemctl list-units --state=failed; restart critical services; hit the app or health endpoint.
  • If kernel updated: reboot in a maintenance window; confirm default kernel in grub if you need to roll back.

Verification

  • apt list --upgradable or dnf list updates is empty (or only intentionally held); all critical services are running; one manual check that the app works.

Troubleshooting

Held packages / dependency conflicts — Resolve with apt install —fix-broken or dnf resolve; remove obsolete repos or pins; for one package, consider holding or excluding instead of forcing.

Repo GPG or 404 errors — Update key: apt-key or /etc/apt/trusted.gpg.d; fix base URL and suite in /etc/apt/sources.list or .repo files; run update again.

Service fails after upgrade — Check journalctl -u unit; config or binary path may have changed; restore config from backup or adjust unit file; consider holding the package until you can test.

Next steps

Continue to