You will install, query, pin, and add repositories for software using apt on Debian/Ubuntu and dnf on RHEL/Fedora. By the end you can keep servers patched, audit what is installed, and add third-party repos safely.

Learning Objectives

  • Install, remove, and search packages on both package managers.
  • Add a third-party repository with a verified signing key.
  • Pin a package version and audit installed software.
  • Time: ~2 hours · Difficulty: Beginner · Prereqs: a Debian-family and/or RHEL-family server.

Architecture Overview

Environment Setup

You will need: a server with apt or dnf and internet access.

Before you begin: know which family you are on (cat /etc/os-release).

Step-by-Step Execution

01
Install and search (Debian family)

apt resolves dependencies automatically; searching helps find the right package name.

sudo apt update && apt search nginx && sudo apt install -y nginx
[ROOT REQUIRED] Updates metadata and installs nginx.
02
Equivalent on RHEL family
sudo dnf install -y nginx && dnf info nginx
03
Add a third-party repo with a verified key

Verifying the signing key is what makes adding an external repo safe rather than risky.

curl -fsSL https://example.com/key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/example.gpg
04
Audit what is installed
$ apt list --installed 2>/dev/null | wc -l
734
$ # review with: apt list --installed | grep -i nginx

Progress So Far

Testing & Validation

nginx -v && systemctl is-enabled nginx

You should see the installed version and that the service is enabled. If so, package management is working end to end.

Troubleshooting
  • NO_PUBKEY error: import the repo's signing key into a keyring before updating.
  • Held/broken packages: run sudo apt --fix-broken install.
  • Wrong version installed: pin with apt preferences or dnf versionlock.

Extension Ideas

  • Automate patching with unattended-upgrades.
  • Build a local mirror or caching proxy (apt-cacher-ng) for many hosts.
  • Compare native packages with Snap/Flatpak trade-offs.

Key Results

  • Installed and verified software on both apt and dnf systems.
  • Added a third-party repo with a verified GPG key, no insecure trust.
  • Audited 700+ installed packages for review.
  • Established version pinning to prevent unwanted upgrades.