Install a software package using APT (Advanced Package Tool):
apt-get install base-config
apt-setup

Set APT sources (repositories) manually:
jed /etc/apt/sources.list # use vi /etc/apt/sources.list if jed (or other editor) hasn't been installed yet. vi should always be present on Debian Linux
You can also use edit the sources file with
apt edit-sources # Edit APT sources file using the default editor or the one set in export EDITOR=jed ; export VISUAL=jed ; # (or another editor. Remember to install it before to set it as a system default)

---

deb http://deb.debian.org/debian/ CHANNEL main
deb-src http://deb.debian.org/debian/ CHANNEL main

deb http://security.debian.org/debian-security CHANNEL-security main
deb-src http://security.debian.org/debian-security CHANNEL-security main

deb http://deb.debian.org/debian/ CHANNEL-updates main
deb-src http://deb.debian.org/debian/ CHANNEL-updates main

---

CHANNEL can be tipically stable, testing, unstable, oldstable, or a specific release name (for example: stretch, buster, bullseye).

In a server environment is recommended a stable channel. You may specify the name of the release (for example, bullseye, so that it doesn't upgrade automatically the distribution when the stable release changes, giving you the time to update and adapt your code to be compatible to the latest stable release).

In a desktop environment is recommended a testing channel so to have a rolling release distribution with latest versions of the software. Unstable gives you even more bleeding edge technology, but testing becomes eventually the new stable release, so that you can keep up with the stable releases. Also "unstable" is more prone to bugs and incompatibilities, which is not very recommended in production environments.

Update the list of packages:
After adding a new apt-get source, or before installing new packages, enter this command
apt-get update
apt update
apt update ; apt list --upgradable ; # check for upgradable packages and list them if found
apt update 2>/dev/null | grep packages # check for upgradable packages and show the count of them if found (error output is redirected to /dev/null to remove the message: WARNING: apt does not have a stable CLI interface. Use with caution in scripts.)
apt update 2>/dev/null | tail --lines=1 # check for upgradable packages and show the count of them if found (error output is redirected to /dev/null to remove the message: WARNING: apt does not have a stable CLI interface. Use with caution in scripts.)

Should a "Segmentation fault" error occur when updating the list of packages, you can fix it with these commands:
rm -r /var/lib/apt/lists/*
rm /var/cache/apt/*.bin # will delete pkgcache.bin and srcpkgcache.bin

Show upgradable packages without upgrading them (after an update)
apt-get -u upgrade --assume-no
apt list --upgradable

Upgrade installed packages:
apt-get upgrade # upgrade already installed packages but don't remove anything or install anything new
apt upgrade

Upgrade a distribution:
This is just a basic procedure to upgrade a Debian release. Check https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html for mode detailed information.
apt-get update
apt-get upgrade
aptitude search '~i(!~ODebian)' # List third-party packages that may be lost after a dist-upgrade
dpkg --audit # List Half-Installed or Failed-Config packages
apt-get autoremove # remove packages installed as dependency of already uninstalled packages
jed /etc/apt/sources.list # Set APT sources (repositories) for the new Debian release
apt-get update
apt-get upgrade
apt-get dist-upgrade # upgrade everything removing/adding packages as required to resolve dependencies
apt-get autoremove
reboot

Make sure the system is up to date after a fresh installation:
dpkg --audit
apt-get update
apt-get upgrade
apt-get dist-upgrade
dpkg --audit

If the system is installed on a VMWare machine, you'd better install VMware Tools or Open VM Tools. The package for VMware Tools can be downloaded from VMWare website, while its open counterpart (Open VM Tools) can be installed via apt-get:
apt-get install open-vm-tools

Prevent a package to be upgraded:
apt-get install wajig
wajig hold PACKAGE # the specified package will no longer be upgraded (for example with an apt-get upgrade)
wajig unhold PACKAGE # the package will be upgraded again
wajig hold mysql-server-5.0 # a common problem with Kernel 2.4 is that latest releases of MySQL server 5 are not compatible with such kernel version, interfering with the upgrade process

Search for a package:
apt-cache search TEXT # search for a package containing the specified text or keyword in its name or description

List installed packages:
dpkg --get-selections # List all installed packages in alphabetical order
dpkg -l # List all installed packages in alphabetical order with version and description (also: dpkg --list or dpkg-query -l )
dpkg --get-selections | wc --lines # Count installed packages
dpkg --listfiles PACKAGE # List all files "owned" by PACKAGE
grep " status installed " /var/log/dpkg.log # Show last installed packages
grep " status half-installed " /var/log/dpkg.log # Show last half-installed packages
grep " status.*installed " /var/log/dpkg.log # Show last installed and half-installed packages
cat /var/log/apt/history.log # Show last apt commands (installed and upgraded packages)
aptitude search '~i(!~ODebian)' # List third-party packages only

Check if a package is installed:
dpkg -s PACKAGE
dpkg-query -l PACKAGE
dpkg-query -W -f='${Status} ${Version}\n' PACKAGE # If the package is installed, show status and version 
dpkg-query -l "TEXT*" # Show all installed packages starting with TEXT
dpkg-query -l "*TEXT" # Show all installed packages ending with TEXT
dpkg-query -l "*TEXT*" # Show all installed packages containing TEXT
cat /var/log/dpkg.log | grep "status installed PACKAGE" # Search for a specific package among the last installed ones

Install a package:
apt-get install PACKAGE # get and install a PACKAGE from a repository specified in /etc/apt/sources.list
dpkg -i PACKAGE.deb # manually install a package available locally (already downloaded)
apt-get install --reinstall PACKAGE # reinstall a PACKAGE

Show information about a package and all its dependencies
apt-cache show PACKAGE
aptitude show PACKAGE # similar to apt-cache show PACKAGE but shows extra information
apt-cache showpkg PACKAGE # show dependencies and reverse dependencies

Verify if all packages are correctly installed and configured:
dpkg --audit # List Half-Installed or Failed-Config packages. If everything is fine, it doesn't return anything.

Check for broken dependencies:
apt-get check

Uninstall a package:
apt-get remove PACKAGE
aptitude purge PACKAGE # remove PACKAGE and its configuration files

Show a random non installed package:
apt-cache search ~g | while read ; do echo "$RANDOM $REPLY" ; done | sort -n | head -1 | cut -d' ' -f2-

Store/Restore Packages:
dpkg --get-selections > installedpackages.txt # Store the list of installed packages into the file installedpackages.txt
dpkg --set-selections < installedpackages.txt # Restore the list of installed packages from the file installedpackages.txt
apt-get install `cat installedpackages.txt` # Restore the list of installed packages from the file installedpackages.txt

Clean up packages:
apt-get autoremove # remove packages installed as dependency of already uninstalled packages
apt-get clean # delete all downloaded packages (that is, all files stored in /var/cache/apt/archives/ and /var/cache/apt/archives/partial/ , except for lock files). If you want to reinstall one of such packages, apt-get will have to download them again.
apt-get autoclean # only delete packages which is no longer possible to download (obsolete).


If you get the following message while attempting a system upgrade:

Waiting for cache lock: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process PID (NAME)

(where PID and NAME are the actual PID and name of the process which is owning the lock file.)

You can unlock the upgrade process by killing such process:

kill -9 PID

If the lock file is still preventing the upgrade, you can remove it:

rm /var/lib/dpkg/lock-frontend


If you get one of the following error messages:

E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

dpkg: status database area is locked by another process

or anyway if something goes wrong when upgrading packages, you may fix it this way:

rm /var/lib/apt/lists/lock
rm /var/lib/dpkg/lock
rm /var/cache/apt/archives/lock
dpkg --configure -a # to fix interrupted configure (may take a while)
apt-get -f install # to fix broken dependencies

If you still get error messages there are probably running processes working with installation files, you either have to find and kill them all or reboot before than attempting to recover the upgrade process again.

After upgrading the Linux Kernel, it's better to perform an update-grub and then reboot the system.

Starting from Debian 12 (Bookworm), non-free firmware packages (like the ones provided by graphic cards manufacturers) have been moved to their own archive component, called "non-free-firmware". So that, should you have non-free firmware packages installed on your system, you'll have to add non-free-firmware to your sources.list in order to continue receiving their updates.

Debian 3.1 (Sarge), Kernel 2.6: workaround for
E: This installation run will require temporarily removing the essential package e2fsprogs due to a Conflicts/Pre-Depends loop. This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option.
apt-get remove e2fsprogs
apt-get install e2fsprogs sysvinit initscripts
upgrade glibc when requested.
# note that this is a workaround, it should be fixed with apt-get dist-upgrade

Note: when the Debian stable changes, if you don't upgrade your system accordingly, you'll have to modify the /etc/apt/sources.list file to specify you are using an old version of Debian (that is, you are no longer using the "current stable" version of Debian). For example, if you are using Sarge, and Debian Etch is released as stable, and you are not upgrading to Etch, you have to change all references to stable as sarge in your source.list file.
Which means, you have to change "deb http://debian.example.com/debian stable main contrib non-free" as "deb http://debian.example.com/debian sarge main contrib non-free".
If you don't make this change, when you'll try to install new packages, you'll receive the following message:
The following packages will be REMOVED:
  base-config initrd-tools kernel-image-2.4.27-2-386
This is an example, the kernel image can be different in your case, however you'll not be able to install the package and it may damage your system. In fact, if you procede, you will be warned by this message:
You are running a kernel (version 2.4.27-2-386) and attempting to remove the same version.
This is a potentially disastrous action. Not only will /boot/vmlinuz-2.4.27-2-386 be removed, making it impossible to boot it, (you will have to take action to change your boot loader to boot a new kernel), it will also remove all modules under the directory /lib/modules/2.4.27-2-386.
Just having a copy of the kernel image is not enough, you will have to replace the modules too.
I repeat, this is very dangerous. If at all in doubt, answer no. If you know exactly what you are doing, and are prepared to hose your system, then answer Yes.

If you get an error like
'Template parse error near `Description-sr@latin.UTF-8', in stanza #X of /PATH/FILE.templates
then edit the specified file removing the lines containing the given text (and, if present, the following line with the description) from /PATH/FILE.templates

If you get an error with locales, like
locale: Cannot set LC_CTYPE to default locale
you might be able to fix it with
apt-get install locales

If you get a message ending with the following request after a power outage:

Give root password for maintenance
(or type Control-D to continue):

enter the root password
then check the file system of the faulty device (read the whole message to identify the faulty driver, generally is /dev/hda0 on a single hard drive system or /dev/md0 on a RAID system):
fsck -f FAULTY_DEVICE
reply yes (y) to all questions. Note that if it asks to connect to lost+found more than once some of your files might be seriously damaged. However you can also use fsck -f -y FAULTY_DEVICE to reply automatically "yes" to all questions.
then
reboot

If you can't perform a simple operation that always used to work (for example, copying a file) make sure the disk is not full (check with df).

Set keyboard layout # Enter this command to localize the keyboard for your country
apt-get install console-common

Set system default editor used for apt edit-sources and crontab -e (parameters in the following commands are case sensitive). If not set the system will use its default editor, tipically "vi". Remember to install the editor first, before to set it as a system default.
export EDITOR=jed
export VISUAL=jed

You can also use the apt command instead of apt-get for most common tasks:
apt install # apt-get install
apt remove # apt-get remove
apt purge # apt-get purge
apt update # apt-get update
apt upgrade # apt-get upgrade
apt autoremove # apt-get autoremove
apt full-upgrade # apt-get dist-upgrade
apt search # apt-cache search
apt show # apt-cache show

-----

Install a software package from the source (compile a package source):
To compile packages you need to install a C compiler and other tools:
apt-get install build-essential
If a script uses OpenSSL to handle encryption, you may also need to install OpenSSL headers:
apt-get install libssl-dev

Packages in form of source code are generally stored into .tar.gz (.tgz) or .tar.bz2 (.tbz) files.

You may need to download them from the Internet:
wget http://www.example.com/source/package.tgz

Once you have the package (from the Internet, a CD, or otherwise) in your work directory, you'll have to decompress it:

tar -xjvf package.tbz # extract all files from a TAR+BZIP2 compressed archive
or
tar -xzvf package.tgz # extract all files from a TAR+GZIP compressed archive

it should decompress inside a new directory. Move inside this new directory:
cd PACKAGE_SOURCE_DIRECTORY_NAME

and execute these commands:
./configure
make
make install # sudo make install , if you're not logged as root

The executable file should be created inside /usr/local/bin ,  and you should be able to invoke it typing its name in the console and then hitting ENTER.

To uninstall a package, you have to move inside the directory containing the source (if you kept it):
cd PACKAGE_SOURCE_DIRECTORY_NAME
and uninstall it:
make uninstall # sudo make uninstall , if you're not logged as root
If you haven't kept the source, you'll have to locate all files (try locate PACKAGE_NAME) and delete them manually.