About Me
Avatar
Part time CTF Player learn every day!!
🌠 I Love Hoshimachi Suisei!! 🌠
🌠 I Love Hoshimachi Suisei!! 🌠

Master Linux Package Managers: apt, pacman, and dnf

linux apt pacman dnf package-manager troubleshooting beginner guide
Published on 16 Aug 2025

Hello and welcome back — SuiiKawaii here. Today we are demystifying Linux package managers in a practical, do-first way. If you can install, update, roll back, and troubleshoot packages confidently, you can keep any Linux box healthy — whether it is a home lab or a production server.

Pkg

What you will learn in this guide

  • Daily workflows for apt, pacman, and dnf
  • Where configuration, repositories, keys, cache, and logs live
  • Safe cleanup routines that do not brick your system
  • Fast rollbacks and recovery when upgrades go wrong

If you’re on a security track, pair this with Mastering Linux for Cybersecurity.

Table of Contents

Why Package Managers Matter

Package managers (PMs) keep your system consistent: they resolve dependencies, verify signatures, upgrade safely, and maintain history. Learn one deeply, then map the muscle memory to others.

Run commands that modify the system with sudo. Avoid mixing different PM ecosystems (e.g., using pip with sudo to overwrite distro Python packages). Prefer pipx for CLI Python tools to avoid polluting system packages.

Quick Comparison

Feature apt (Debian/Ubuntu) pacman (Arch) dnf (Fedora/RHEL)
Daily install sudo apt install pkg sudo pacman -S pkg sudo dnf install pkg
Upgrade all sudo apt update && sudo apt upgrade sudo pacman -Syu sudo dnf upgrade --refresh
Search apt search term pacman -Ss term dnf search term
Info apt show pkg pacman -Si pkg / -Qi dnf info pkg
Remove sudo apt remove pkg / purge sudo pacman -R pkg / -Rns sudo dnf remove pkg
List installed apt list --installed pacman -Q / -Qs dnf list installed
Config file /etc/apt/apt.conf* /etc/pacman.conf /etc/dnf/dnf.conf
Repos /etc/apt/sources.list{,.d} /etc/pacman.d/mirrorlist /etc/yum.repos.d/*.repo
GPG keys /etc/apt/trusted.gpg.d/, /usr/share/keyrings/ pacman-key DB at /etc/pacman.d/gnupg RPM keys in /etc/pki/rpm-gpg/
Cache dir /var/cache/apt/archives /var/cache/pacman/pkg /var/cache/dnf
Logs/history /var/log/apt/ (history.log, term.log) /var/log/pacman.log /var/log/dnf.log, dnf history

Reference video:

apt (Debian/Ubuntu)

Daily operations

# search & info
apt search <term>
apt show <pkg>            # detailed info
apt policy <pkg>          # show available versions / pinning

# install / remove
sudo apt install <pkg>
sudo apt remove <pkg>     # keep config files
sudo apt purge <pkg>      # remove with config

# update / upgrade
sudo apt update
sudo apt upgrade          # safe upgrade
sudo apt full-upgrade     # may remove/replace packages (formerly dist-upgrade)

# list things
apt list --installed
apt list --upgradable

Sources & configuration

  • Repos: /etc/apt/sources.list and /etc/apt/sources.list.d/*.list
  • Main config: /etc/apt/apt.conf (and .d/ includes)
  • Pinning: /etc/apt/preferences.d/*.pref

Add a PPA or repository:

# Ubuntu PPA helper (adds repo + key):
sudo add-apt-repository ppa:<owner>/<ppa>
sudo apt update

# Generic (signed-by best practice)
echo "deb [signed-by=/usr/share/keyrings/vendor.gpg] https://repo.example.org stable main" \
 | sudo tee /etc/apt/sources.list.d/vendor.list

curl -fsSL https://repo.example.org/key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/vendor.gpg
sudo apt update

Note: apt-key is deprecated; prefer signed-by= with a dedicated keyring.

GPG, cache, and logs

  • Keys: /etc/apt/trusted.gpg.d/, /usr/share/keyrings/
  • Cache: /var/cache/apt/archives
  • Logs: /var/log/apt/history.log, /var/log/apt/term.log

Fixes you will actually use

# finish interrupted dpkg configuration
sudo dpkg --configure -a

# fix broken deps
sudo apt --fix-broken install

# release locks (only if no apt/dpkg is running!)
sudo lsof /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock
# if stale: sudo rm -f <lockfile> && sudo dpkg --configure -a

pacman (Arch)

Daily operations

# refresh DB + upgrade everything (Arch discourages partial upgrades)
sudo pacman -Syu

# search & info
pacman -Ss <term>
pacman -Si <pkg>      # repo info
pacman -Qi <pkg>      # local install info
pacman -Qs <term>     # search installed

# install / remove
sudo pacman -S <pkg>
sudo pacman -R <pkg>          # remove keeping deps if still required
sudo pacman -Rns <pkg>        # remove with deps not needed + configs

# query files / ownership
pacman -Ql <pkg>              # list files in package
pacman -Qo /path/to/file      # which package owns this file?

# local file install
sudo pacman -U ./pkgfile.pkg.tar.zst

Configuration, mirrors, keys

  • Config: /etc/pacman.conf Example additions:

    Color
ParallelDownloads = 5
  • Mirrors: /etc/pacman.d/mirrorlist (order matters). Tools like reflector can auto-rank mirrors.

  • Keys: pacman uses its own keyring:

    sudo pacman -Sy archlinux-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux

Cache, logs, hooks

  • Cache: /var/cache/pacman/pkg
  • Logs: /var/log/pacman.log
  • Hooks: /usr/share/libalpm/hooks/ (pkg-provided) and /etc/pacman.d/hooks/ (local)

AUR helpers (e.g., yay, paru) are community tools; learn pure pacman first and read PKGBUILDs before installing.

dnf (Fedora/RHEL)

Daily operations

# refresh metadata + upgrade all
sudo dnf upgrade --refresh

# search & info
dnf search <term>
dnf info <pkg>
dnf list installed
dnf check-update

# install / remove
sudo dnf install <pkg>
sudo dnf remove <pkg>

# history
dnf history
sudo dnf history undo <ID>   # rollback a transaction (when possible)

Repos, modules, configuration

  • Repos: /etc/yum.repos.d/*.repo

  • Config: /etc/dnf/dnf.conf Example:

    [main]
fastestmirror=1
max_parallel_downloads=10
installonly_limit=3

  • Modularity (Fedora/RHEL streams):

    dnf module list
sudo dnf module enable nodejs:20
sudo dnf module install nodejs:20/common

Keys, cache, logs

  • Keys: /etc/pki/rpm-gpg/ (import via sudo rpm --import ...)
  • Cache: /var/cache/dnf
  • Logs & history: /var/log/dnf.log and dnf history for transactions

Useful checks

sudo dnf check
sudo dnf repoquery --duplicated
sudo dnf distro-sync

Rollback & Safety Patterns

When updates go sideways, these are quick exits that save time:

apt

# prevent a package from upgrading temporarily
echo "<pkg> hold" | sudo dpkg --set-selections
apt-mark showhold
# unhold later:
echo "<pkg> install" | sudo dpkg --set-selections

# install a specific version (see apt policy first)
sudo apt install <pkg>=<version>

pacman

# downgrade using a cached package (if still in cache)
ls -t /var/cache/pacman/pkg/<pkg>-*.pkg.tar.zst | head
sudo pacman -U /var/cache/pacman/pkg/<pkg>-<ver>-x86_64.pkg.tar.zst

dnf

# list history and rollback a transaction
dnf history
sudo dnf history undo <ID>

Keep reasonable caches (see Safe Cleanups) so you actually have old packages to roll back to.

Hands-on Example: Install Nmap Across apt, pacman, and dnf

The same task on three ecosystems. We’ll install Nmap, verify it works, confirm what got logged, and then cleanly roll back.

Debian/Ubuntu (apt)

# install
sudo apt update
sudo apt install -y nmap

# verify
nmap --version
dpkg -L nmap | head     # files installed by the package

# see what happened (logs)
grep -i nmap /var/log/apt/history.log || true
grep -i nmap /var/log/apt/term.log || true

# remove (keep config) / purge (remove config)
sudo apt remove -y nmap
# sudo apt purge -y nmap

Arch (pacman)

# install (Arch discourages partial upgrades, so do -Syu)
sudo pacman -Syu --needed nmap

# verify
nmap --version
pacman -Ql nmap | head   # files in package

# logs & history
grep -i nmap /var/log/pacman.log || true

# remove (with configs and unneeded deps)
sudo pacman -Rns nmap

Fedora/RHEL (dnf)

# install
sudo dnf install -y nmap

# verify
nmap --version
rpm -ql nmap | head       # files in RPM

# history / logs
dnf history | head
sudo grep -i nmap /var/log/dnf.log || true

# remove
sudo dnf remove -y nmap

Tip: if you’re comparing behavior, also check cache directories: – apt → /var/cache/apt/archives – pacman → /var/cache/pacman/pkg – dnf → /var/cache/dnf

Safe Cleanups

Manager Clean cache Remove orphans Notes
apt sudo apt clean (all) / sudo apt autoclean (old) sudo apt autoremove clean can free multiple GB on long-lived systems. Review the list before confirming.
pacman sudo pacman -Sc (safe) / sudo pacman -Scc (aggressive) pacman -Qtdq lists; sudo pacman -Rns $(pacman -Qtdq) -Scc deletes all cached packages including current ones; only for space emergencies.
dnf sudo dnf clean packages / sudo dnf clean all sudo dnf autoremove Consider setting installonly_limit=2 in /etc/dnf/dnf.conf to cap old kernels.
Before removing “orphans”, scan the list. Some tools are intentionally optional and still useful.

Common Errors & Fixes

apt

  • NO_PUBKEY or signature errors Use per-repo keyring and signed-by= (avoid deprecated apt-key):

    curl -fsSL https://repo.example.org/key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/vendor.gpg
# ensure your .list uses: [signed-by=/usr/share/keyrings/vendor.gpg]
sudo apt update

  • Interrupted dpkg / broken deps

    sudo dpkg --configure -a
sudo apt --fix-broken install

  • Lock files present (no apt running) Check and remove stale locks cautiously:

    sudo lsof /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock
sudo rm -f /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock
sudo dpkg --configure -a

pacman

  • database is locked

    sudo rm -f /var/lib/pacman/db.lck

  • Keyring / PGP signature failures

    sudo pacman -Sy archlinux-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux
# ensure system clock is sane
timedatectl status

  • Failed to synchronize databases / bad mirrors Update mirrorlist (example with reflector):

    sudo pacman -S reflector
sudo reflector -c <YourCountry> -a 12 -p https --sort rate --save /etc/pacman.d/mirrorlist
sudo pacman -Syyu

  • Partial upgrades Avoid -Sy followed by -S <pkg> later. Always use -Syu together.

dnf

  • GPG check failed Import or validate the repo key and ensure gpgcheck=1 to keep safety:

    sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-40-x86_64
sudo dnf clean metadata && sudo dnf makecache

  • Metadata/cache issues

    sudo dnf clean metadata
sudo dnf makecache

  • RPM database problems

    sudo rpm --rebuilddb
sudo dnf distro-sync

  • DNF is locked If no transaction is running, remove the stale PID:

    sudo rm -f /var/run/dnf.pid /var/run/yum.pid

Package Manager Health Check

This read-only script inspects common pitfalls: stale locks, keyrings, repo files, cache size, and basic network/DNS reachability. It doesn’t install or remove anything.

Save as pm-health.sh, make it executable (chmod +x pm-health.sh), then run: ./pm-health.sh.

#!/usr/bin/env bash
set -Eeuo pipefail

bold() { printf "\033[1m%s\033[0m\n" "$*"; }
ok()   { printf "[OK] %s\n" "$*"; }
warn() { printf "[WARN] %s\n" "$*" >&2; }
err()  { printf "[ERR] %s\n" "$*" >&2; }

pm=""; os=""
command -v apt    >/dev/null 2>&1 && pm="apt"
command -v pacman >/dev/null 2>&1 && pm="pacman"
command -v dnf    >/dev/null 2>&1 && pm="dnf"
os="$(uname -s)"

bold "Package Manager Health Check"
echo "Detected PM: ${pm:-none} | OS: $os"
echo "------------------------------------------"

# 1) Network & DNS
bold "1) Network & DNS"
if getent hosts example.com >/dev/null 2>&1; then
  ok "DNS resolution works (example.com)"
else
  warn "DNS resolution failed (example.com)"
fi
if curl -I -s --max-time 5 https://github.com >/dev/null 2>&1; then
  ok "HTTPS reachability OK (github.com)"
else
  warn "HTTPS check failed (github.com)"
fi
echo

# 2) Locks
bold "2) Locks"
case "$pm" in
  apt)
    for f in /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock; do
      if [ -e "$f" ]; then
        if fuser "$f" >/dev/null 2>&1; then warn "Lock in use: $f"; else warn "Stale lock found: $f"; fi
      fi
    done
    ;;
  pacman)
    f=/var/lib/pacman/db.lck
    [ -e "$f" ] && warn "Lock present: $f" || ok "No pacman lock"
    ;;
  dnf)
    for f in /var/run/dnf.pid /var/run/yum.pid; do
      [ -e "$f" ] && warn "Lock present: $f" || true
    done
    [ ! -e /var/run/dnf.pid ] && [ ! -e /var/run/yum.pid ] && ok "No dnf/yum lock"
    ;;
  *)
    warn "Unknown PM; skipping lock checks"
    ;;
esac
echo

# 3) Repos & Keys
bold "3) Repos & Keys"
case "$pm" in
  apt)
    repos=$(ls -1 /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null | wc -l || echo 0)
    keys=$(ls -1 /etc/apt/trusted.gpg.d 2>/dev/null | wc -l || echo 0)
    k2=$(ls -1 /usr/share/keyrings 2>/dev/null | wc -l || echo 0)
    ok "Repo files: $repos | Keyrings: trusted.gpg.d=$keys, /usr/share/keyrings=$k2"
    ;;
  pacman)
    [ -s /etc/pacman.conf ] && ok "pacman.conf present"
    [ -s /etc/pacman.d/mirrorlist ] && ok "mirrorlist present"
    if sudo -n pacman-key --list-keys >/dev/null 2>&1; then
      ok "keyring readable"
    else
      warn "keyring may need init: pacman-key --init && --populate archlinux"
    fi
    ;;
  dnf)
    repos=$(ls -1 /etc/yum.repos.d/*.repo 2>/dev/null | wc -l || echo 0)
    ok "Repo files: $repos"
    if rpm -qa gpg-pubkey >/dev/null 2>&1; then
      ok "RPM GPG keys installed ($(rpm -qa gpg-pubkey | wc -l))"
    else
      warn "No RPM GPG keys detected"
    fi
    ;;
esac
echo

# 4) Cache Size
bold "4) Cache Size"
case "$pm" in
  apt)    dir=/var/cache/apt/archives ;;
  pacman) dir=/var/cache/pacman/pkg ;;
  dnf)    dir=/var/cache/dnf ;;
  *)      dir="" ;;
esac
if [ -n "${dir}" ] && [ -d "${dir}" ]; then
  sz=$(du -sh "${dir}" 2>/dev/null | awk '{print $1}')
  ok "Cache ${dir}: ${sz}"
else
  warn "Cache directory not found"
fi
echo

# 5) Sanity Checks (non-invasive)
bold "5) Sanity Checks"
case "$pm" in
  apt)
    if sudo -n true 2>/dev/null; then
      if sudo apt-get -s upgrade >/dev/null 2>&1; then ok "apt dependency graph OK (dry-run)"; else warn "apt dry-run upgrade reported issues"; fi
    else
      warn "Run with sudo for full apt checks"
    fi
    ;;
  pacman)
    if pacman -Sl >/dev/null 2>&1; then ok "pacman sync DB readable"; else warn "pacman sync DB issue (try: sudo pacman -Syy)"; fi
    ;;
  dnf)
    if sudo -n dnf check >/dev/null 2>&1; then ok "dnf check OK"; else warn "dnf check reported issues"; fi
    ;;
esac

echo
bold "Done."

Bonus: Cross-Distro Helper

Drop this in your shell profile (e.g., ~/.bashrc) to normalize basic operations across apt/pacman/dnf:

pm() {
  local action="$1"; shift || true
  if command -v apt >/dev/null 2>&1; then
    case "$action" in
      install) sudo apt update && sudo apt install -y "$@";;
      remove)  sudo apt remove -y "$@";;
      purge)   sudo apt purge -y "$@";;
      search)  apt search "$@";;
      upgrade) sudo apt update && sudo apt upgrade -y;;
      clean)   sudo apt autoremove -y && sudo apt clean;;
      *) echo "apt wrapper: install|remove|purge|search|upgrade|clean";;
    esac
  elif command -v pacman >/dev/null 2>&1; then
    case "$action" in
      install) sudo pacman -Syu --needed "$@";;
      remove)  sudo pacman -Rns "$@";;
      search)  pacman -Ss "$@";;
      upgrade) sudo pacman -Syu;;
      clean)   sudo pacman -Sc;;
      *) echo "pacman wrapper: install|remove|search|upgrade|clean";;
    esac
  elif command -v dnf >/dev/null 2>&1; then
    case "$action" in
      install) sudo dnf install -y "$@";;
      remove)  sudo dnf remove -y "$@";;
      search)  dnf search "$@";;
      upgrade) sudo dnf upgrade --refresh -y;;
      clean)   sudo dnf autoremove -y && sudo dnf clean packages;;
      *) echo "dnf wrapper: install|remove|search|upgrade|clean";;
    esac
  else
    echo "No supported package manager found."
    return 1
  fi
}

Usage:

pm install nmap
pm search wireshark
pm clean

Mini Cheatsheet

# apt
sudo apt update && sudo apt upgrade
sudo apt install <pkg> && sudo apt remove <pkg> && sudo apt purge <pkg>
apt search <term> && apt show <pkg>
sudo apt autoremove && sudo apt clean

# pacman
sudo pacman -Syu
sudo pacman -S <pkg> && sudo pacman -Rns <pkg>
pacman -Ss <term> && pacman -Si <pkg> && pacman -Qi <pkg>
sudo pacman -Sc

# dnf
sudo dnf upgrade --refresh
sudo dnf install <pkg> && sudo dnf remove <pkg>
dnf search <term> && dnf info <pkg> && dnf list installed
sudo dnf autoremove && sudo dnf clean packages

Further Reading

Videos

Official docs & references

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨

Cinema

related posts

all tags

GOT-overwrite aboutme aead ai alphanumeric-shellcode apt argc0 argon2 aslr assembly asymmetric atoi automation backbox bandit base64 bash beginner behemoth binary binary-exploitation binary-to-ascii blackarch blind blind-sqli blogging blue-team bruteforce buffer-overflow buffer-overwrite c caesar canary capabilities checksec command-injection commonmark cookie cron crypto cryptography ctf cutter cyberchef cybersecurity defenders detection dev directory-traversal dnf docs drifter ecc education elf env envp exploitation finale forensics format-string formulaone frequency frequency-analysis gcc gdb getchar gfm ghidra github-pages governance gpg guide hashing hkdf http jekyll jmpbuf kali kasiski kdf kernel keylength kramdown krypton lab ld_preload leviathan lfi lfsr linux linux-syscall llmops log-poisoning ltrace manpage markdown maze memcpy mitigations mitmproxy mlops narnia natas networking newline-injection nonce nop-sled nx object-injection obsidian openssl osint overflow overthewire package-manager pacman parrot path path-hijacking pathname php pie pkc pki pointer-trick pqc priv-esc privilege-escalation provable-security pwn pwntools pyshark python race-condition radare2 rag randomness recon red-team redirect relro requests ret2env ret2libc reverse-engineering reversing ricing roadmap rop rot13 rsa scapy security seed seo serialization session setjmp-longjmp setuid shell shellcode smoke soc sockets sprintf sql-injection srop stack-canary stack-overflow strace strcmp strcpy streamcipher strings strncpy strtoul substitution suid suisei symlink symmetric terminal test threat-intel time-based tls troubleshooting tshark type-juggling ubuntu udp utumno vigenere virtualbox virtualization vmware vortex walkthrough web windows wireshark writing wsl x86
dash theme for Jekyll by bitbrain made with