Ubuntu OS (Operating System) is a distribution of Linux OS and is a derivative of Debian OS which is another distribution of Linux OS
A lot of people use Ubuntu for their Linux Servers and even as their Desktop machine OS. I personally use Ubuntu a lot when working with Linux VMs, for playing around with things. It's free, and it has the most basic things. It's also the one distribution that I have used a lot of. While many hard core linux nerds might talk about other light weight and fast Linux distributions and fancy ones too, like Arch Linux etc, I personally like Ubuntu
In Ubuntu, a popular way to install software is by using apt (previously apt-get). apt is a package manager for Debian and it's derivatives like Ubuntu. apt is short for Advanced Package Tool (APT)
apt has CLI (Command Line Interface) interface - basically it's a command line tool, not some fancy GUI (Graphical User Interface) program with windows, buttons etc
When you do apt install -y python3, it installs Python v3.x.y for you
When you do apt update it updates the local repository index from the repository sources that are configured in the system. Usually these are present in /etc/apt/sources.list file and also inside a directory /etc/apt/sources.list.d/. For example, I'm using a Linux VM which has Ubuntu 26.04 LTS. I can see that there's a source list file in /etc/apt/sources.list.d/ - /etc/apt/sources.list.d/ubuntu.sources, which reads like this
$ cat /etc/apt/sources.list.d/ubuntu.sources
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
## Ubuntu distribution repository
##
## The following settings can be adjusted to configure which packages to use from Ubuntu.
## Mirror your choices (except for URIs and Suites) in the security section below to
## ensure timely security updates.
##
## Types: Append deb-src to enable the fetching of source package.
## URIs: A URL to the repository (you may add multiple URLs)
## Suites: The following additional suites can be configured
## <name>-updates - Major bug fix updates produced after the final release of the
## distribution.
## <name>-backports - software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
## Components: Aside from main, the following components can be added to the list
## restricted - Software that may not be under a free license, or protected by patents.
## universe - Community maintained packages. Software in this repository receives maintenance
## from volunteers in the Ubuntu community, or a 10 year security maintenance
## commitment from Canonical when an Ubuntu Pro subscription is attached.
## multiverse - Community maintained of restricted. Software from this repository is
## ENTIRELY UNSUPPORTED by the Ubuntu team, and may not be under a free
## licence. Please satisfy yourself as to your rights to use the software.
## Also, please note that software in multiverse WILL NOT receive any
## review or updates from the Ubuntu security team.
##
## See the sources.list(5) manual page for further settings.
Types: deb
URIs: http://archive.ubuntu.com/ubuntu/
Suites: resolute resolute-updates resolute-backports
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
## Ubuntu security updates. Aside from URIs and Suites,
## this should mirror your choices in the previous section.
Types: deb
URIs: http://security.ubuntu.com/ubuntu/
Suites: resolute-security
Components: main universe restricted multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
So, how does apt install python3 really work? It works by looking at the packages available in the local repository index - which is obtained from official sources and any other extra third party sources - that the user trusted and added to the list of sources. For example, I have added ClickHouse package repository as a source, like this -
$ cat /etc/apt/sources.list.d/clickhouse.list
deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb lts main
For the above to work, I did the following in order
# Get necessary packages
$ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg
# Get ClickHouse Keyring - for the channel you want. For example, the below is for LTS channel, there's another channel named as Stable channel
$ curl -fsSL 'https://packages.clickhouse.com/rpm/lts/repodata/repomd.xml.key' | sudo gpg --dearmor -o /usr/share/keyrings/clickhouse-keyring.gpg
# Finally create a sources list file with the keyring and the ClickHouse package repository URL
$ echo "deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb lts main" | sudo tee /etc/apt/sources.list.d/clickhouse.list
So, after checking the local repository index, it gets the package information from there. You can find this information yourself too and do the search yourself too. For example, like this -
$ apt search python3
$ apt info python3
Once it has the information from the local repository index about the package, it uses that information to download the package and install it. When I say package - it's the software - packaged software, which can be installed with any extra things that's provided with the package - say install scripts etc
In the case of Debian Linux Distributions like Ubuntu, the packages are called Debian Packages
Now, how do you see what's a Debian Package you ask? Well, you can just download the package file and see it yourself
$ apt download python3
You will see something like python3_3.14.3-0ubuntu2_amd64.deb downloaded in your local machine in the directory that you ran the above command in. Once it's downloaded, you can inspect this file in various ways. One way is to use dpkg and related tools like dpkg-deb etc. Another way is to use ar tool. The Debian package that you have downloaded is file with .deb extension - to indicate that it's a Debian package file. .deb Debian package files are basically ar archives. ar is an archive utility similar to tar, zip, gzip etc
To see the contents of the .deb archive file which is an ar archive file, do something like this -
$ ar tv python3_3.14.3-0ubuntu2_amd64.deb
Note: Before using
ar, you will needar. You will need to installarusing something likesudo apt install binutils.binutilspackage hasaras part of it
Output will look like this -
$ ar tv python3_3.14.3-0ubuntu2_amd64.deb
rw-r--r-- 0/0 4 Mar 21 09:46 2026 debian-binary
rw-r--r-- 0/0 1770 Mar 21 09:46 2026 control.tar.zst
rw-r--r-- 0/0 20976 Mar 21 09:46 2026 data.tar.zst
You can see that .deb files are not magic and that they are just compressed (or archived) files, using ar tool
You can also extract the .deb files using ar, like this
ar xv python3_3.14.3-0ubuntu2_amd64.deb
The output will look like this
$ ar xv python3_3.14.3-0ubuntu2_amd64.deb
x - debian-binary
x - control.tar.zst
x - data.tar.zst
Now, you can check these files
Note: Before using
zstdas part oftar, you will needzstd. You will need to installzstdusing something likesudo apt install zstd.
You can use tar and internally zstd to see the contents of these .zst files
$ tar tf control.tar.zst
The output will look like this
$ tar tf control.tar.zst
./
./control
./md5sums
./postinst
./postrm
./preinst
./prerm
And
$ tar tf data.tar.zst
The output will look something like this
$ tar tf data.tar.zst
./
./usr/
./usr/bin/
./usr/lib/
./usr/lib/valgrind/
./usr/lib/valgrind/python3.supp
./usr/share/
./usr/share/doc/
./usr/share/doc/python3/
./usr/share/doc/python3/copyright
./usr/share/doc/python3/python-policy.txt.gz
./usr/share/doc/python3.14/
./usr/share/doc-base/
./usr/share/doc-base/python3.python-policy
./usr/share/lintian/
./usr/share/lintian/overrides/
./usr/share/lintian/overrides/python3
./usr/share/man/
./usr/share/man/man1/
./usr/share/pixmaps/
./usr/share/python3/
./usr/share/python3/python.mk
./usr/share/python3/runtime.d/
./usr/share/python3/runtime.d/public_modules.rtinstall
./usr/share/python3/runtime.d/public_modules.rtremove
./usr/bin/pdb3
./usr/bin/pydoc3
./usr/bin/pygettext3
./usr/share/doc/python3/README.Debian
./usr/share/doc/python3/changelog.Debian.gz
./usr/share/doc/python3.14/python-policy.txt.gz
./usr/share/man/man1/pdb3.1.gz
./usr/share/man/man1/pydoc3.1.gz
./usr/share/man/man1/pygettext3.1.gz
./usr/share/pixmaps/python3.xpm
Note: You can also use
tar tvf data.tar.zst
To extract the files, just use this
$ tar xvf data.tar.zst
You will notice that the debian-binary is just a plain text file -
$ file debian-binary
$ cat debian-binary
The output will look something like this
$ file debian-binary
debian-binary: ASCII text
$ cat debian-binary
2.0
The data.tar.zst is the set of files that will get "installed" - that is, get put into the right places, like /usr, /usr/bin/, /usr/share/
The control.tar.zst is the set of files which contains package metadata, post install script (postinst), pre install script (preinst), etc.
I ended up learning all this when I was checking how to find the different configurations that I can provide during installation of ClickHouse Server package (clickhouse-server), since I wanted to install it in a machine automatically with no human intervention but when I ran apt install -y clickhouse-server, it installed ClickHouse Server but also started setting it up and asked default user's password for the default ClickHouse DB user - and this was an interactive input. So, on digging I found that it's part of post install script and it can be bypassed by using an environment variable. An AI told this to me (ChatGPT!). But then, I wanted to know what all such environment variables are there that I can set and use to control the installation, and that's when I learned all this Debian Package stuff :)