Linux Survival Basics
Check the Installed and Candidate Package Version
A package has an update available, and you need to see the installed version, candidate version, and repository source.
Command
apt policy nginxWhat changed
Nothing changes. apt prints installed and candidate versions plus repository priority lines.
Danger
safe
When to use it
Use when a package version looks wrong, a security pocket matters, or a host is pinned to an older package.
When not to use it
Do not use it as proof the service is running; package state and service state are separate.
Undo or recovery
No undo needed because the command is read-only.
Expected output
Installed and candidate package versions with version table entries.
demo script
Disposable terminal steps
apt policy nginxapt policy openssl
simulated output
What it looks like
::fixture-ready::
$ apt policy nginx
nginx:
Installed: 1.24.0-2ubuntu7.3
Candidate: 1.24.0-2ubuntu7.4
Version table:
1.24.0-2ubuntu7.4 500
500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
*** 1.24.0-2ubuntu7.3 100
100 /var/lib/dpkg/status
::exit-code::0
$ apt policy openssl
openssl:
Installed: 3.0.13-0ubuntu3.5
Candidate: 3.0.13-0ubuntu3.6
Version table:
3.0.13-0ubuntu3.6 500
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
*** 3.0.13-0ubuntu3.5 100
100 /var/lib/dpkg/status
::exit-code::0
YouTube Short
Find apt's candidate.
When a package update looks suspicious, apt policy shows installed version, candidate version, and the repository apt would choose.
LinkedIn hook
apt policy explains where the next version would come from.
Question: Do you check apt policy before blaming a repository or mirror?
experiments
A/B tests to run
Metric: average_view_duration
A: Where would apt get nginx?
B: Installed vs candidate version.