Differences between revisions 51 and 77 (spanning 26 versions)
Revision 51 as of 2019-08-23 20:34:29
Size: 7337
Editor: nodiscc
Comment:
Revision 77 as of 2022-02-26 01:52:30
Size: 9224
Editor: ?CarloWood
Comment: Fixed link
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
'''WIP:''' refactoring of AptConf, AptPreferences and other apt configuration pages

 . [[nodiscc]]

-------------------------		 #language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[it/AptConfiguration|Italiano]] -~
----
Line 9: Line 7:
 * SourcesLists - lists of software repositories (sources)
 * AptKeys - keys for secure authentication of packages 		 * SourcesList - lists of software repositories (sources)
 * SecureApt - keys for secure authentication of packages
Line 12: Line 10:
 * Runtime options/command-line flags of PackageManagementTools
Line 20: Line 19:
''[[DebianMan:apt_preferences.5|man 5 apt_preferences]]'' {{{#!wiki debian
[[https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tweaking_candidate_version|Debian Reference - Debian package management - 2.7.3. Tweaking candidate version|]]<<BR>>
[[DebianMan:apt_preferences.5|man 5 apt_preferences]]<<BR>>
[[DebianMan:apt.conf.5|man 5 apt.conf]]<<BR>>
[[DebianMan:apt-config.8|man 8 apt-config]]<<BR>>
}}}
Line 53: Line 59:
In the example above, the package that would be installed ({{{Candidate}}}) would be the older, {{{3.14}}} version from {{{stretch/main}}}. {{{stretch-backports/main}}} has a newer version {{{3.17}}}, but a lower priority ({{{100}}} vs {{{500}}} for stretch) In the example above, the package that would be installed ({{{Candidate}}}) would be the older, {{{3.14}}} version from `stretch/main`. {{{stretch-backports/main}}} has a newer version {{{3.17}}}, but a lower priority ({{{100}}} vs {{{500}}} for stretch)
Line 60: Line 66:
 # The default DebianStable repository with a priority of 500  # The default https://wiki.debian.org/DebianStable repository with a priority of 500
Line 65: Line 71:
 # The repository for Debian PointReleases (security and grave bug fixes ~every 2 months)  # The repository for Debian https://wiki.debian.org/PointReleases (security and grave bug fixes ~every 2 months)
Line 70: Line 76:
 # The DebianSecurity repository with short response time for security fixes  # The https://wiki.debian.org/DebianSecurity repository with short response time for security fixes
Line 75: Line 81:
 # The DebianBackports repository, comes with a default priority of 100  # The https://wiki.debian.org/DebianBackports repository, comes with a default priority of 100
Line 85: Line 91:
----

=== Force installation of a newer package ===

To tell Apt to install a package from {{{stretch-backports}}}, even if the package has a higher priority in {{{stretch}}}:
=== Force installation of a package from a repository ===

To tell Apt to install a package from {{{stretch-backports}}}, even if the package has a low priority:
Line 95: Line 100:
Note that the package will not be automatically upgraded when running an AptUpgrade.

'''To allow upgrades of this package''' from {{{stretch-backports}}}, set a higher priority) for this package coming from the {{{stretch-backports}}} release. Edit the file {{{/etc/apt/preferences.d/99debian-backports}}} (create it):		 Note that the package will not be automatically upgraded when running an Apt Upgrade.


=== Always prefer packages from a repository ===

'''To always prefer packages''' from {{{stretch-backports}}} (and hence allow Apt Upgrades), set a higher priority for this package coming from the {{{stretch-backports}}} release. Edit the file {{{/etc/apt/preferences.d/99debian-backports}}} (create it):
Line 105: Line 113:
Now installing the {{{claws-mail}}} package will install the newer version. Running an AptUpgrade will automatically pick up newer versions from {{{stable-backports}}}. Running {{{apt-cache policy}}} again you would see: Now installing the {{{claws-mail}}} package will install the version from ` stretch-backports`. Running an Apt Upgrade will automatically pick up newer versions from {{{stable-backports}}}. Running {{{apt-cache policy}}} again you would see:
Line 112: Line 120:
----
Line 117: Line 123:
To '''prevent installation of newer packages from a third-party repository''' (DontBreakDebian), even if it has equal priority, edit the file {{{/etc/apt/preferences.d/99my-custom-repository}}}: To '''prevent installation of newer packages from a third-party repository''' (DontBreakDebian), even if it has equal priority, edit the file {{{/etc/apt/preferences.d/99my-custom-repository}}} by origin url:
Line 122: Line 128:
Pin: origin o=my-custom-repo Pin: origin my.custom.repo.url
Line 127: Line 133:
Pin: origin o=my-custom-repo Pin: origin my.custom.repo.url
Line 131: Line 137:
or by repository name:

{{{
# Never prefer packages from the my-custom-repo repository
Package: *
Pin: release o=my-custom-repo-name
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: release o=my-custom-repo-name
Pin-Priority: 500
}}}
Line 134: Line 154:

----		 The `*` after `Package:` is not a wildcard, but a special case that means "everything". Wildcards are '''NOT''' supported. However, trailing wildcards are accepted in versions (`2.6*` will match both `2.6` and `2.6.18`).


=== Other pinning notes ===

In addition to `origin`, you can pin packages based on other variables. `apt-cache policy` shows other variables that can be used as the `Pin:` key:

{{{
   1 https://deb.debian.org/debian stretch-backports/non-free i386 Packages
     release o=Debian Backports,a=stretch-backports,n=stretch-backports,l=Debian Backports,c=non-free,b=i386
     origin deb.debian.org
}}}

 * `release`: the DebianRelease full name, codename (`n`) or release number (`v`)
 * `a`, `archive`: archive (base directory in the repository)
 * `c`,`component`: `main/contrib/non-free`
 * `origin`: domain name of the repository (ToDo verify)
 * `l`,`label`: ToDo
 * `b`,`architecture`: processor [[SupportedArchitectures|architecture]]
 * `version`: package version

These variables are provided by `Release` files in [[DebianRepository|Debian repositories]].

See also:

 * [[https://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-pin| APT HOWTO (Obsolete Documentation) Managing packages]]
 * Carlo Wood's [[http://carlowood.github.io/howto/debian.html#errata|Debian Cheat Sheet]] (2007)
 * John H. Robinson's [[https://web.archive.org/web/20021010033255/http://jaqque.sbih.org/kplug/apt-pinning.html|Apt-Pinning for beginners]] (2002)
Line 139: Line 185:
''[[DebianMan:apt.conf.5|man 5 apt.conf]]''
Line 143: Line 189:
These files can contain various directives: These files contain directives used by all tools in the Apt suite, you can get a list of all current values with `apt-config dump`
Line 148: Line 194:
 * {{{Pre-Install-Pkgs}}}: ??? '''TODO''' /* package filename in /var/cache/apt/archives/ is passed as stdin */
 * {{{APT::Default-Release "testing";}}}: sets the default Debian release used by Apt ('''TODO''' use case?)
 * {{{APT::Cache-Limit 10000000;}}}: '''??? TODO'''
 * {{{Apt::Get::Purge;}}}: '''??? TODO'''
Line 174: Line 216:

== Command line options ==

PackageManagementTools such as {{{apt}}}, {{{aptitude}}}, {{{apt-get}}}... allow you to set specific configuration options for a single run. See their respective ManPages.

Translation(s): English - Italiano

Apt is configured by several resources, including:

  • SourcesList - lists of software repositories (sources)

  • SecureApt - keys for secure authentication of packages

  • apt_preferences and apt.conf described below

  • Runtime options/command-line flags of PackageManagementTools

Contents

  1. apt_preferences (APT pinning)
    1. Force installation of a package from a repository
    2. Always prefer packages from a repository
    3. Prevent/selective installation from third-party a repository
    4. Other pinning notes
  2. apt.conf

apt_preferences (APT pinning)

Debian Reference - Debian package management - 2.7.3. Tweaking candidate version
man 5 apt_preferences
man 5 apt.conf
man 8 apt-config

When multiple Apt repositories are enabled, a package can exist in several of them. To know which one should be installed, Apt assigns priorities to packages. The default is 500.

  • If the packages have the same priority, the package with a higher version number (most recent) wins.
  • If packages have different priorities, the one with the higher priority wins.

Pinning allows changing priorities for only some packages/repositories, so that you can:

  • Prefer a DebianBackports package over a DebianStable one: by default Debian backports repositories have a lower priority than stable (100). They won't be installed or upgraded unless explicitly configured to (or the package only exists in backports).

  • Only allow some packages from a third-party repository, and ignore the other even if more recent: you may want to add experimental/unstable/third-party repositories with extra/more recent software, but only allow some of these packages to be installed.

  • Force a package downgrade (not recommended)

<!> With a few exceptions (DebianBackports) it is not recommended to mix repositories/releases unless they were specially prepared . See DontBreakDebian.. Don't enable DebianUnstable repositories on DebianStable. When pinning, you must ensure compatibility of packages by yourself since Debian does not guarantee it.

To view the priority of a specific package, use apt-cache policy mypackage: 

$ apt-cache policy claws-mail
claws-mail:
  Installed : (none)
  Candidate : 3.14.1-3+b1
 Version table :
     3.17.1-1~bpo9+1 100
        100 https://deb.debian.org/debian stretch-backports/main amd64 Packages
     3.14.1-3+b1 500
        500 https://deb.debian.org/debian stretch/main amd64 Package

In the example above, the package that would be installed (Candidate) would be the older, 3.14 version from stretch/main. stretch-backports/main has a newer version 3.17, but a lower priority (100 vs 500 for stretch)

To view the global priority for each Apt source (repository): 

$ apt-cache policy 
Package files: 
 # The default https://wiki.debian.org/DebianStable repository with a priority of 500
 500 https://deb.debian.org/debian stable/main amd64 Packages
     o=Debian,n=stable,l=Debian,c=main,b=amd64
     origin deb.debian.org

 # The repository for Debian https://wiki.debian.org/PointReleases (security and grave bug fixes ~every 2 months)
 500 https://deb.debian.org/debian stable-updates/main amd64 Packages
     release o=Debian,a=oldstable-updates,n=stable-updates,l=Debian,c=main,b=amd64
     origin deb.debian.org

 # The https://wiki.debian.org/DebianSecurity repository with short response time for security fixes
 500 http://security.debian.org stable/updates/main amd64 Packages
     release v=9,o=Debian,a=oldstable,n=stable,l=Debian-Security,c=main,b=amd64
     origin security.debian.org

 # The https://wiki.debian.org/DebianBackports repository, comes with a default priority of 100
 100 https://deb.debian.org/debian stable-backports/main amd64 Packages
     release o=Debian Backports,a=stable-backports,n=stable-backports,l=Debian Backports,c=main,b=amd64
     origin deb.debian.org

 # The priority of locally installed packages
 100 /var/lib/dpkg/status 
     release a=now

Force installation of a package from a repository

To tell Apt to install a package from stretch-backports, even if the package has a low priority: 

apt install -t stretch-backports claws-mail

Note that the package will not be automatically upgraded when running an Apt Upgrade.

Always prefer packages from a repository

To always prefer packages from stretch-backports (and hence allow Apt Upgrades), set a higher priority for this package coming from the stretch-backports release. Edit the file /etc/apt/preferences.d/99debian-backports (create it): 

Package: claws-mail
Pin: release a=stretch-backports
Pin-Priority: 900

Now installing the claws-mail package will install the version from  stretch-backports. Running an Apt Upgrade will automatically pick up newer versions from stable-backports. Running apt-cache policy again you would see: 

Pinned packages:
     claws-mail -> 3.17.1-1~bpo9+1 with priority 900

Prevent/selective installation from third-party a repository

To prevent installation of newer packages from a third-party repository (DontBreakDebian), even if it has equal priority, edit the file /etc/apt/preferences.d/99my-custom-repository by origin url: 

# Never prefer packages from the my-custom-repo repository
Package: *
Pin: origin my.custom.repo.url
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: origin my.custom.repo.url
Pin-Priority: 500

or by repository name: 

# Never prefer packages from the my-custom-repo repository
Package: *
Pin: release o=my-custom-repo-name
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: release o=my-custom-repo-name
Pin-Priority: 500

File naming in /etc/apt/preferences.d/ is free but the last in alphabetical order takes precedence.

The * after Package: is not a wildcard, but a special case that means "everything". Wildcards are NOT supported. However, trailing wildcards are accepted in versions (2.6* will match both 2.6 and 2.6.18).

Other pinning notes

In addition to origin, you can pin packages based on other variables. apt-cache policy shows other variables that can be used as the Pin: key: 

   1 https://deb.debian.org/debian stretch-backports/non-free i386 Packages
     release o=Debian Backports,a=stretch-backports,n=stretch-backports,l=Debian Backports,c=non-free,b=i386
     origin deb.debian.org

  • release: the DebianRelease full name, codename (n) or release number (v)

  • a, archive: archive (base directory in the repository)

  • c,component: main/contrib/non-free

  • origin: domain name of the repository (ToDo verify)

  • l,label: ToDo

  • b,architecture: processor architecture

  • version: package version

These variables are provided by Release files in Debian repositories.

See also:

apt.conf

Apt accepts configuration files (without extension) in /etc/apt/apt.conf.d/. These are processed by Apt in numeric/alphabetical order. /etc/apt/apt.conf is also valid but deprecated.

These files contain directives used by all tools in the Apt suite, you can get a list of all current values with apt-config dump

  • Dpkg::Pre-Install-Pkgs {"mycommand";};: executes mycommand before package installation/unpacking by Dpkg.

  • Dpkg::Pre-Invoke {"mycommand";};: executes mycommand before apt calls dpkg

  • Dpkg::Post-Invoke {"mycommand";};: executes mycommand after apt calls dpkg

  • Acquire::http::Proxy "http://proxy:8080";: sets the proxy for HTTP downloads

  • Acquire::https::Proxy "https://proxy:8443";: sets the proxy for HTTPS downloads

  • Acquire::http::Timeout "2";: sets the timeout for HTTP downloads

  • Acquire::https::Timeout "2";: sets the timeout for HTTPS downloads

  • Acquire::ftp::Timeout "2";: sets the timeout for FTP downloads

If you really have to use FTP, this sets the FTP proxy: 

 Acquire::ftp
 {
   Proxy "ftp://proxy:2121/";
   ProxyLogin
   {
      "USER $(SITE_USER)@$(SITE)";
      "PASS $(SITE_PASS)";
   }
 }

CategoryPackageManagement | CategorySoftware | CategorySystemAdministration