CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

Linux Package Managers

Linux Beginner
debt(d5/e3/b3/t5)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches it' (d5). The detection_hints list hadolint, dive, and trivy — all specialist tools that catch Docker-specific package manager misuse (uncleaned caches, missing apt-get update, etc.). These are not default linters bundled with standard editors, and the issues are silent at runtime until image size or staleness becomes apparent.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix is a single appended command pattern (apt-get clean && rm -rf /var/lib/apt/lists/*) added to Dockerfile RUN instructions. While it's nearly a one-liner per occurrence, common_mistakes span several distinct patterns (apt update missing, no clean, apk --no-cache, --virtual for build deps), so fixing all misuses requires touching multiple RUN commands across Dockerfiles — slightly above e1 but contained within one component.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3). The applies_to context is cli/Docker, meaning the burden is scoped to Dockerfile authoring. It doesn't permeate application code or architecture broadly, but every Dockerfile in a project must follow the correct patterns, creating a persistent but bounded maintenance tax on the team.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception field explicitly states that apt and apt-get are considered interchangeable by many developers, when they are not equivalent in scripting contexts. Additionally, common_mistakes show that cache-cleaning patterns and the need to run apt-get update before install are non-obvious gotchas that most developers encounter and learn — documented gotchas rather than catastrophic or architecture-breaking traps.

About DEBT scoring → scored by claude-sonnet-4-6 · 2026-05-10 · reviewed by human

Also Known As

apt yum dnf apk apt-get

TL;DR

apt (Debian/Ubuntu), yum/dnf (RHEL/CentOS/Fedora), apk (Alpine) — tools for installing, updating, and managing system software packages and their dependencies.

Explanation

Package managers resolve dependencies, verify signatures, and maintain package state. apt (Advanced Package Tool): apt install/remove/update/upgrade/autoremove, apt-cache search/show. dnf (replacing yum): dnf install/remove/update, dnf search. apk (Alpine — used in Docker): apk add/del/update/upgrade. Key differences: Alpine's apk is designed for minimal containers (no pkg-cache by default), apt uses .deb packages, dnf/yum uses .rpm. For PHP: ubuntu/debian use apt for PHP packages (ondrej/php PPA for multiple versions), Alpine uses apk. Security: always verify package signatures, use apt-key or dnf GPG checks.

Common Misconception

apt-get and apt are interchangeable — apt-get is the older low-level tool; apt is the modern user-friendly frontend with progress bars and better defaults; use apt in scripts for consistency.

Why It Matters

Docker images based on Alpine are 3-5x smaller than Ubuntu/Debian images — choosing the right base image and package manager significantly affects container size and security surface.

Common Mistakes

  • Not running apt update before apt install — installs outdated packages with stale package lists.
  • No apt-get clean in Dockerfiles — package cache adds 50-100MB to image layers.
  • apk --no-cache not used in Dockerfile — Alpine caches packages by default, bloating the image.
  • Installing build tools without --virtual in apk — leaves build deps in production image.

Code Examples

✗ Vulnerable 
# Bloated Dockerfile — cache not cleaned:
FROM ubuntu:22.04
RUN apt-get install -y php8.3-fpm
# Layer includes full apt cache: +100MB

# Alpine without --no-cache:
FROM alpine:3.19
RUN apk add php83-fpm
# Package cache retained: +30MB
✓ Fixed 
# Clean apt cache in same layer:
FROM ubuntu:22.04
RUN apt-get update && apt-get install -y php8.3-fpm \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Alpine with --no-cache — no package cache:
FROM alpine:3.19
RUN apk add --no-cache php83-fpm

# Install + clean in one RUN to minimise layer size:
RUN apk add --no-cache --virtual .build-deps \
        gcc musl-dev \
    && docker-php-ext-install pdo_mysql \
    && apk del .build-deps  # Remove build tools from final image
Added 16 Mar 2026
Edited 22 Mar 2026
Views 44

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 1 ping S 1 ping M 1 ping T 4 pings W 2 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Amazonbot 7 Scrapy 7 Ahrefs 4 Perplexity 3 SEMrush 3 Unknown AI 2 ChatGPT 2 Google 1 Claude 1 Meta AI 1 Majestic 1 Sogou 1
Also referenced
Containerisation (Docker for PHP) 66 Docker Multi-Stage Builds 54 Linux File Permissions 52 Linux User & Group Management 41
How they use it
crawler 31 crawler_json 2
Related categories
devops 2.2k linux 925
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Low
⚡ Quick Fix
Add apt-get clean && rm -rf /var/lib/apt/lists/* to every apt-get install command in Dockerfiles — it removes the package cache, keeping Docker images small
📦 Applies To
any cli
🔗 Prerequisites
🔍 Detection Hints
Docker image with apt cache not cleaned; no apt-get update before install; mixing PHP extension install approaches
Auto-detectable: ✓ Yes hadolint dive trivy
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Low ✗ Manual fix Fix: Medium Context: File
CWE-829
✓ schema.org compliant