- Working with the Alpine Package Keeper ( apk )
- Normal Usage
- Repositories, Releases and Mirrors
- Searching for Packages
- Installing Packages
- Upgrading Packages
- Querying Package Information
- Removing Packages
- Advanced Usage
- Swapping Repositories
- Alpine Package Keeper
- Packages and Repositories
- Repository pinning
- Commandline repository options
- Update the Package list
- Add a Package
- Add a local Package
- Remove a Package
- Upgrade a Running System
- Packages in general
- Upgrading «diskless» and «data» disk mode installs
- Search for Packages
- Information on Packages
- apk info
- Listing installed packages
- apk policy
- Additional apk Commands
- Local Cache
- Enabling Local Cache with current releases
- Cache maintenance
- Removing older packages
- Download missing packages
- Delete and download in one step
- Automatically Cleaning Cache on Reboot
- Special Caching Configurations
- Enabling Local Cache on HDD installs
- Local Cache on tmpfs volumes
- Manually Enabling Local Cache (required for releases prior to v2.3)
- Advanced APK Usage
- Holding a specific package back
- Table of comparison with other Linux/Unix-like OSes for packages
- «apk-tools is old»
- ERROR: UNTRUSTED signature
Working with the Alpine Package Keeper ( apk )
apk is the Alpine Package Keeper — the distribution’s package manager. It is used to manage the packages (software and otherwise) of the system. It is the primary method for installing additional software, and is available in the apk-tools package.
Repositories, Releases and Mirrors
apk fetches information about available packages, as well as the packages themselves from various mirrors, which contain various repositories. Sometimes, those terms are used interchangeably. Here is a summary of relevant definitions:
A website that hosts repositories.
A collection of snapshots of various repositories.
A category of packages, tied together by some attribute.
Currently, three repositories exist:
Officially supported packages that are reasonable to expect to be in a basic system.
Packages from testing that have been tested.
New, broken, or outdated packages that need testing. Only available on edge .
Two types of releases exist:
Released every 6 months. Support entails security patches for the given feature versions. Each stable release has its own main and community repositories. The main repository is supported for 2 years. The community repository is only supported for 6 months of its respective release. A release is considered EOL (End Of Life) when support of its main repo expires.
A rolling release branch. It includes newest packages built from the master branch of the aports repository. It’s less stable than release branches, but is stable enough for daily use and is useful for development or if you need up to date software. It has its own main and community repos, just like stable releases. It also has the testing repository, which increases the number of available packages significantly.
|It is technically possible to mix different branches, that is to say to enable the testing repository while using main and community from stable. However, this approach is discouraged and will cause breakages.|
Repositories are configurable in the /etc/apk/repositories file. Each line corresponds to a repository. The format is as follows:
|In this case, http:// is the protocol, dl-cdn.alpinelinux.org/alpine is the path, edge is the release and main is the repository.|
|In this case, @testing is the tag. More on this in Installing Packages.|
|In this case, the repository is a personal one, available on the filesystem of the machine.|
|This example uses the http:// protocol. ftp:// and https:// protocols are also supported.|
|This file should already have been been partially populated when you installed alpine.|
Searching for Packages
In order to know what package to install, one must be able to find packages. Alpine has a specialized web interface dedicated to looking through various available packages. However, apk also provides a built-in searching mechanism. You invoke it by using the apk search subcommand. You can potentially search for anything in the package index, which, among other things, includes provided binaries and libraries). Further, globbing is supported. As such, here are a few examples of searching:
|You can search for partial library names.|
|You can also search for binary names.|
|You can exclude partial matches using -e .|
|You can specify that what you’re searching for is a library using the so: prefix (or the cmd: prefix for commands, and pc: prefix for pkg-config files) — it will work with -e (in fact, the prefix is required for this use-case if -e is used).|
Once you know what package you want to install, you must know how to do that. Apk’s add command is more strict than the search command — wildcards are not available, for instance. However, the cmd: , so: and pc: prefixes are still available.
While the so: prefix is still available for apk add , it is recommended that you avoid using it. This is because the provided library SONAME version can increase (for example, libmpack.so.0 may get updated, and become libmpack.so.1 ), in which case this will not update libmpack next time you run apk upgrade , and will instead fail. This is because so:libmpack.so.0 directly refers to that specific version of the library, and is typically used by packages, rather than users directly.
While the cmd: and pc: prefix is still available for apk add , you should know that it does not guarantee getting you the exact package you are looking for. Multiple packages can contain the same executable command or pkg-config definition, but only one will be selected — not necessarily the one you want.
Here are a few examples of adding packages:
|You must specify the exact package name.|
|You may add multiple packages at once.|
|This should be equivalent to the previous example, but specifies the command you are interested in.|
|It is possible, but discouraged, to specify specific desired libraries.|
|Finally, it is possible to specify pkg-config dependencies.|
|If apk add finds multiple matching packages (for example multiple cmd: matches), it will select the one with the highest version number.|
Updating the system using apk is very simple. One need only run apk upgrade . Technically, this is two steps: apk update , followed by apk upgrade proper. The first step will download an updated package index from the repositories, while the second step will update all packages in World, as well as their dependencies.
apk will avoid overwriting files you may have changed. These will usually be in the /etc directory. Whenever apk wants to install a file, but realizes a potentially edited one is already present, it will write its file to that filename with .apk-new appended. You may handle these by hand, but a utility called update-conf exists. Simply invoking it normally with present you with the difference between the two files, and offer various choices for dealing with the conflicts.
|apk update is only ran once your cache is invalidated, which by default happens every 4 hours.|
Querying Package Information
In some cases, it may be useful to inspect packages or files to see various details. For this use, the info subcommand exists. It may be used on any package, installed or not, though the information on the latter will be more limited. It may also be used with specific flags on files. By default, info will list the package description, webpage and installed size. For more details (such as a list of flags the subcommand supports), you can use the apk info -h output’s «Info options» section or see the manual page.
Often, it is desirable to remove a package. This can be done using the del subcommand, with a base syntax that is identical to the add subcommand.
|If you added a package using the cmd: , so: or pc: virtual, you must specify the same virtual to remove them. NOTE: Removing a package will automatically remove all of its dependencies that are otherwise not used.|
The del subcommand also supports the -r flag, which will remove all packages that depend on the package being removed as well, rather than error out due to the package being needed.
Many package managers have specific features to «clean up». A common one is apt , which has an autoremove subcommand. Apk does this by default when removing packages.
It is also possible to clear out the apk cache, assuming it is enabled. You can do this using apk cache clean .
The packages you want to have explicitly installed are listed in the «world file», available in /etc/apk/world . It is safe to edit it by hand. If you’ve edited it by hand, you may run apk add with no arguments to bring the package selection to a consistent state.
|Virtuals like cmd: , so: and pc: will appear as such in your world file — this is why using so: is discouraged — the soname might get bumped!|
While cmd: , so: and pc: packages are automatically created virtuals, you can create your own as well. These allow for quick removal of purpose-specific packages. See the following examples for details:
|This will add the packages «a», «b» and «c» as the dependencies of a virtual package «abc».|
|This will remove «abc» and all of its components («a», «b» and «c»), unless they are required elsewhere.|
|This is equivalent to the first example.|
When alpine has a new release, the repository path will change. Assuming you are going forward in time (e.g from 3.12 to 3.13 ), you can simply edit /etc/apk/repositories and run apk upgrade —available .
Downgrading packages/versions is currently not supported. While it is technically possible, you are on your own.
Copyright © 2019 Alpine Linux Development Team. All rights reserved.
Alpine Package Keeper
Because Alpine Linux is designed to run from RAM, package management involves two phases:
- Installing / Upgrading / Deleting packages on a running system.
- Restoring a system to a previously configured state (e.g. after reboot), including all previously installed packages and locally modified configuration files. (RAM-Based Installs Only)
apk is the tool used to install, upgrade, or delete software on a running system.
lbu is the tool used to capture the data necessary to restore a system to a previously configured state.
This page documents the apk tool — See the Alpine Local Backup page for the lbu tool.
The apk tool supports the following operations:
|add||Add new packages or upgrade packages to the running system|
|del||Delete packages from the running system|
|fix||Attempt to repair or upgrade an installed package|
|update||Update the index of available packages|
|info||Prints information about installed or available packages|
|search||Search for packages or descriptions with wildcard patterns|
|upgrade||Upgrade the currently installed packages|
|cache||Maintenance operations for locally cached package repository|
|version||Compare version differences between installed and available packages|
|index||create a repository index from a list of packages|
|fetch||download (but not install) packages|
|audit||List changes to the file system from pristine package install state|
|verify||Verify a package signature|
|dot||Create a graphviz graph description for a given package|
|policy||Display the repository that updates a given package, plus repositories that also offer the package|
|stats||Display statistics, including number of packages installed and available, number of directories and files, etc.|
|manifest||Display checksums for files contained in a given package|
Packages and Repositories
Software packages for Alpine Linux are digitally signed tar.gz archives containing programs, configuration files, and dependency metadata. They have the extension .apk , and are often called «a-packs».
The packages are stored in one or more repositories. A repository is simply a directory with a collection of *.apk files. The directory must include a special index file, named APKINDEX.tar.gz to be considered a repository.
The apk utility can install packages from multiple repositories. The list of repositories to check is stored in /etc/apk/repositories , one repository per line. If you booted from a USB stick ( /media/sda1 ) or CD-ROM ( /media/cdrom ), your repository file probably looks something like this:
Contents of /etc/apk/repositories
In addition to local repositories, the apk utility uses busybox wget to fetch packages using http:, https: or ftp: protocols. The following is a valid repository file:
Contents of /etc/apk/repositories
You can specify additional «tagged» repositories in /etc/apk/repositories :
Contents of /etc/apk/repositories
After which you can «pin» dependencies to these tags using:
apk add stableapp newapp@edge bleedingapp@testing
Apk will now by default only use the untagged repositories, but adding a tag to specific package:
1. will prefer the repository with that tag for the named package, even if a later version of the package is available in another repository
2. allows pulling in dependencies for the tagged package from the tagged repository (though it prefers to use untagged repositories to satisfy dependencies if possible)
Commandline repository options
By default, the apk utility will use the system repositories for all operations. This behavior can be overridden by the following options:
|—repositories-file REPOFILE||Override the system repositories by specifying a repositories file.|
|-X|—repository REPO||Specify a supplemental repository that will be used in addition to the system repositories. This option can be provided multiple times.|
Update the Package list
Remote repositories change as packages are added and upgraded. To get the latest list of available packages, use the update command. The command downloads the APKINDEX.tar.gz from each repository and stores it in the local cache, typically /var/cache/apk/ , /var/lib/apk/ or /etc/apk/cache/ .
Adding the —update-cache , or for short -U switch to another apk command, as in apk —update-cache upgrade or apk -U add . , the command has the same effect as first running apk update before the other apk command.
Add a Package
Use add to install packages from a repository. Any necessary dependencies are also installed. If you have multiple repositories, the add command installs the newest package.
apk add openssh apk add openssh openntp vim
If you only have the main repository enabled in your configuration, apk will not include packages from the other repositories. To install a package from the edge/testing repository without changing your repository configuration file, use the command below. This will tell apk to use that particular repository.
Add a local Package
To install a locally available apk package, for example if this device has no internet access but you can upload apk packages directly to it, use the —allow-untrusted flag:
apk add —allow-untrusted /path/to/file.apk
Note that multiple packages can be given. When installing a local package, all dependencies should also be specified. For example:
apk add —allow-untrusted /var/tig-2.2-r0.apk /var/git-2.11.1-20.apk
Remove a Package
Use del to remove a package (and dependencies that are no longer needed.)
apk del openssh apk del openssh openntp vim
Upgrade a Running System
Packages in general
To get the latest security upgrades and bugfixes available for the installed packages of a running system, first update the list of available packages and then upgrade the installed packages:
apk update apk upgrade
Or, combining the same into one single command:
Here is an example, showing the procedure on a system that has several additional repositories pinned:
To upgrade only specific packages, use the upgrade command and specify them:
apk update apk upgrade busybox
To enable unattended, automatic upgrades of packages, see the apk-autoupdate package.
To upgrade to a newer release, refer to the corresponding release notes and Upgrading_Alpine.
Upgrading «diskless» and «data» disk mode installs
If booting a «diskless» system from a read-only device, or iso image on writable media, it’s not possible to update the boot files (kernel, modules, firmware, . ) that reside on that device.
It becomes possible to update the boot files, though, if using a boot device that is writable and has been prepared with setup-bootable .
However, even then, the kernel, with its modules and firmware files, can still not be updated directly through regular packages updates. Instead, there is the update-kernel script that can generate initfs images and install them together with upgraded kernels.
Upgrading can be done as follows.
apk add mkinitfs
This package is required for the generation of the initial filesystem used during boot.
- Additional initfs features that are missing in the default configuration, like the btrfs filesystem support (at the time of writing, to allow loading .apkovl configs and package cache during boot), may be enabled in /etc/mkinitfs/mkinitfs.conf .
- Available initfs features may be listed with ls /etc/mkinitfs/features.d
ls /etc/mkinitfs/features.d apk add nano nano /etc/mkinitfs/mkinitfs.conf lbu commit
Finally update the kernel and its boot environment.
- An update-kernel run needs at least 8 GB free ram memory to avoid a broken modloop-image.
- See update-kernel —help for options to manually add additional module or firmware packages.
Search for Packages
The search command searches the repository Index files for installable packages.
The return format is Package—Version. Omit Version for apk add Package
- To list all packages available, along with their descriptions:
To list all packages are part of the ACF system:
apk search -v ‘acf*’
To list all packages that list NTP as part of their description, use the -d or —description option:
apk search -v —description ‘NTP’
Information on Packages
The info command provides information on the contents of packages, their dependencies, and which files belong to a package.
For a given package, each element can be chosen (for example, -w to show just the webpage information), or all information displayed with the -a command.
apk info -a zlib
As shown in the example you can determine
- The description of the package (-d or —description)
- The webpage where the application is hosted (-w or —webpage)
- The size the package will require once installed (in bytes) (-s or —size)
- What packages are required to use this one (depends) (-R or —depends)
- What packages require this one to be installed (required by) (-r or —rdepends)
- The contents of the package, that is, which files it installs (-L or —contents)
- Any triggers this package sets. (-t or —triggers) Listed here are directories that are watched; if a change happens to the directory, then the trigger script is run at the end of the apk add/delete. For example, doing a depmod once after installing all packages that add kernel modules.
apk info —who-owns /sbin/lbu
Listing installed packages
To list all installed packages, use:
To list all installed packages in alphabetical order, with a description of each, do:
The apk tool does not have a subcommand to list manually-installed packages that do not have reverse dependencies. To get this information on a traditional system that is not using lbu, try this script. Note that this approach will also list core packages like alpine-base that should not be removed.
To display the repository a package was installed from and will be updated from, plus any tagged or enabled repositories where it is also offered, if any, for this architecture — its policy:
Additional apk Commands
To have the packages available during boot, apk can keep a cache of installed packages on a local disk.
Added packages can then be automatically (re-)installed from local media into RAM when booting, without requiring, and even before there is a network connection.
The cache can be stored on any writable media, or at the same location as the .apkovl file from the local backup utility lbu .
Enabling Local Cache with current releases
Execute the script
and it will assist in enabling a local cache.
The script creates a symlink named /etc/apk/cache that points to the cache directory.
Removing older packages
When newer packages are added to the cache over time, the older versions of the packages default to remain in the cache directory.
The older versions of packages can be removed with the clean command.
apk cache clean
Or to see what is deleted include the verbose switch:
apk -v cache clean
Download missing packages
If you accidentally delete packages from the cache directory, you can make sure they are there with the download command,
apk cache download
Delete and download in one step
You can combine the two steps into one with the sync command — this cleans out old packages and downloads missing packages.
apk cache -v sync
Automatically Cleaning Cache on Reboot
To automatically attempt to validate your cache on reboot, you can add the above command to a /etc/local.d/*.stop file:
Contents of /etc/local.d/cache.stop
Special Caching Configurations
Enabling Local Cache on HDD installs
Note that HDD ‘sys’ installs don’t need an apk cache to maintain their state, it allows to serve packages over the network, though, e.g. to get installed by other local machines.
Manually create a cache dir and then symlink it to /etc/apk/cache:
mkdir -p /var/cache/apk ln -s /var/cache/apk /etc/apk/cache
Local Cache on tmpfs volumes
In some circumstances it might be useful to have the cache reside on tmpfs, for example if you only wish for it to last as long as the system is up.
NOTE: apk is coded to ignore tmpfs caches, and this is correct behaviour in most instances. Using tmpfs as a package cache can consume large amounts of system memory if you install a lot of packages, possibly resulting in a crashed system. You can limit this by restricting the size of your cache to a small number (128M in the example below).
To do it, you need to create an image inside which your cache can live. We do this by creating an image file, formatting it with ext2, and mounting it at /etc/apk/cache.
- apk add e2fsprogs
- dd if=/dev/zero of=/apkcache.img bs=1M count=128
- mkfs.ext2 -F /apkcache.img
- mkdir -p /etc/apk/cache
- mount -t ext2 /apkcache.img /etc/apk/cache
- apk update
As usual, if you want to download currently installed packages into the cache, use apk cache sync.
Manually Enabling Local Cache (required for releases prior to v2.3)
- Create a cache directory on the storage device where you keep the lbu backups (typically, /dev/sda1 .)
mount -o remount,rw /media/sda1
and then don’t forget to run
mount -o remount,ro /media/sda1
when you are done with the following commands
- Create a symlink to this directory from /etc/apk/cache .
ln -s /media/sda1/cache /etc/apk/cache
Run an lbu commit to save the change ( /etc/apk/cache is in /etc and is automatically backed up.)
mount -o remount,ro /media/sda1
now that you are done with saving the changes
Now whenever you run an apk command that pulls a new package from a remote repository, the package is stored on your local media. On startup, Alpine Linux will check the local cache for new packages, and will install them if available.
Advanced APK Usage
Holding a specific package back
In certain cases, you may want to upgrade a system, but keep a specific package at a back level. It is possible to add «sticky» or versioned dependencies. For instance, to hold the asterisk package to the 1.6.2 level or lower:
apk add asterisk=188.8.131.52-r0
apk add ‘asterisk 1.6.1’
will ensure that 1.6.1 is the minimum version used.
You can also use «fuzzy» version matching to pin the version to a major/minor release. For example:
apk add ‘asterisk=
will match any version of asterisk that starts with 1.6 (such as 184.108.40.206-r0 or 220.127.116.11-r9) Alpine source commit message
If you desire deterministic, repeatable package installation (such as with containerized environments) via package pinning, it is important to understand your package repo’s version retention rules. For example, most Alpine package repos contain an «edge» branch, which may drop package versions that are not deemed fit to make it into a stable branch. This means that pinning to a version on the edge branch may stop working after the package version is revoked from the repo. Always pin to a package version that is intended for your current Alpine Linux version.
Table of comparison with other Linux/Unix-like OSes for packages
|Debian||.deb||apt, aptitude, dpkg|
«apk-tools is old»
apk update, apk upgrade or apk add may report the following:
This may happen if you are running Alpine Linux stable version with a certain edge/main, edge/community or testing package(s) also installed. One resolution is to consider upgrading apk-tools . If edge is already tagged in your repositories, then try:
ERROR: UNTRUSTED signature
This happens when the release version changes. You need to update you apk keys.