Translation(s): English - Italiano

If Apt is configured to use packages from multiple places (through package repositories (sources) or the command line), you can use apt_preferences and apt.conf to decide which place has priority.

Contents

  1. Introduction
  2. Viewing priorities
  3. Changing priorities
  4. Using pinning
    1. Force installation of a package from a repository
    2. Always prefer packages from a repository (and allow apt to upgrade them)
    3. Prevent installation from a repository
    4. pinning on other features
  5. See also
  6. apt.conf
  7. Avoid setting APT::Default-Release

Introduction

Debian Reference - Debian package management - 2.7.3. Tweaking candidate version
man 5 apt_preferences
man 5 apt.conf
man 8 apt-config

When multiple Apt repositories are enabled, APT may be able to install a package from more than one place. To know which one should be preferred, Apt assigns priorities to packages.

Priorities are integers: higher means more preferred:

  • If two packages (with the same name, in different repositories) have different priorities, the version with the higher priority wins;
  • if they have the same priority, the package with a higher version number (most recent) wins.

The default priority is 500

Apt allows you to assign different priorities for only some packages in a repository, or the same priority to all packages in a repository. Assigning a priority is often called pinning .

Pinning can be used to:

  • Prefer a DebianBackports package over a DebianStable one: by default the Debian backports repository has a lower priority (100) than stable (500). This means packages in backports will only be installed or upgraded when they are explicitly requested (or if the package only exists in backports).

  • Only allow some packages from a repository to be installed, and ignore the rest even if they are more recent: you may want to use some packages from experimental/unstable/third-party repositories to get extra/more recent software, without upgrading other packages provided by those repositories.

  • Force a package downgrade (not recommended)

<!> With a few exceptions (DebianBackports), it is not recommended to mix repositories/releases: see DontBreakDebian. For example, you should not enable DebianUnstable repositories on a DebianStable system.

<!> When using pinning, you must ensure that the packages you install are compatible with the rest of your system: this is usually not guaranteed by Debian.

<!> If you must add repositories for different releases on stable, assign the non-stable repositories a priority lower than 100 to prevent automatic upgrades.

Viewing priorities

To view the priority of a specific package, use apt-cache policy mypackage: 

$ apt-cache policy claws-mail
claws-mail:
 Installed : (none)
 Candidate : 3.14.1-3+b1
 Version table :
 3.17.1-1~bpo9+1 100
 100 https://deb.debian.org/debian stretch-backports/main amd64 Packages
 3.14.1-3+b1 500
 500 https://deb.debian.org/debian stretch/main amd64 Package

In the example above, the package that would be installed (Candidate) would be the older version from stretch (3.14.1): the stretch-backports repository has a newer version (3.17.1) but it has a lower priority (100 vs 500).

To view the global priority for each Apt source (repository): 

$ apt-cache policy
Package files:
 # The default https://wiki.debian.org/DebianStable repository with a priority of 500
 500 https://deb.debian.org/debian stable/main amd64 Packages
 o=Debian,n=stable,l=Debian,c=main,b=amd64
 origin deb.debian.org

 # The repository for Debian https://wiki.debian.org/PointReleases (security and grave bug fixes ~every 2 months)
 500 https://deb.debian.org/debian stable-updates/main amd64 Packages
 release o=Debian,a=oldstable-updates,n=stable-updates,l=Debian,c=main,b=amd64
 origin deb.debian.org

 # The https://wiki.debian.org/DebianSecurity repository with short response time for security fixes
 500 http://security.debian.org stable/updates/main amd64 Packages
 release v=9,o=Debian,a=oldstable,n=stable,l=Debian-Security,c=main,b=amd64
 origin security.debian.org

 # The https://wiki.debian.org/DebianBackports repository, comes with a default priority of 100
 100 https://deb.debian.org/debian stable-backports/main amd64 Packages
 release o=Debian Backports,a=stable-backports,n=stable-backports,l=Debian Backports,c=main,b=amd64
 origin deb.debian.org

 # The priority of locally installed packages
 100 /var/lib/dpkg/status
 release a=now

Changing priorities

Create a file under the /etc/apt/preferences.d/ folder. You can name it as you want, but a descriptive name is recommended. For example, if you want to change the priority for a specific package in a specific source, use the package's name; instead, if you want to change the whole source priority, use the source's name. 

touch /etc/apt/preferences.d/sourceToChangePriority

Now edit the file with: 

Package: *
Pin: release o=Debian
Pin-Priority: 1000
  • Package could be a specific package or all packages; also, you can use regex.

  • Pin is the source identifier, you can get it executing apt-cache policy.

  • Pin-Priority is the source priority.

Now update repositories: 

apt update

Finally verify priority change with: 

apt-cache policy

Using pinning

Force installation of a package from a repository

To tell Apt to install a package from stretch-backports, even if the package in backports has a low priority: 

# apt install -t stretch-backports claws-mail

This is a one-time action: future upgrades added to stretch-backports will still have a low priority and so will not be automatically upgraded when running an apt upgrade.

Always prefer packages from a repository (and allow apt to upgrade them)

To always prefer packages from stretch-backports, and allow apt to upgrade them automatically, set a higher priority for the desired package/repository combination. To do this, create a file /etc/apt/preferences.d/99debian-backports with: 

Package: claws-mail
Pin: release a=stretch-backports
Pin-Priority: 900

Now installing the claws-mail package will install the version from stretch-backports. Running an apt upgrade will automatically pick up newer versions from stable-backports. Running apt-cache policy you would see: 

Pinned packages:
 claws-mail -> 3.17.1-1~bpo9+1 with priority 900

Prevent installation from a repository

To prevent installation of newer packages from a repository (DontBreakDebian), create a file /etc/apt/preferences.d/99my-custom-repository which pins based on the URL of the repository: 

# Never prefer packages from the my-custom-repo repository
Package: *
Pin: origin my.custom.repo.url
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: origin my.custom.repo.url
Pin-Priority: 500

or to pin based on the repository name: 

# Never prefer packages from the my-custom-repo repository
Package: *
Pin: release o=my-custom-repo-name
Pin-Priority: 1

# Allow upgrading only my-specific-software from my-custom-repo
Package: my-specific-software
Pin: release o=my-custom-repo-name
Pin-Priority: 500

You can use any file name scheme in /etc/apt/preferences.d/: the last file in alphabetical order takes precedence.

The * after Package: is not a wildcard, but a special case that means "everything". Wildcards are NOT fully supported: only trailing wildcards are accepted in versions (2.6* will match both 2.6 and 2.6.18).

pinning on other features

In addition to origin, you can pin packages based on other variables. apt-cache policy shows other variables that can be used as the Pin: key: 

 1 https://deb.debian.org/debian stretch-backports/non-free i386 Packages
 release o=Debian Backports,a=stretch-backports,n=stretch-backports,l=Debian Backports,c=non-free,b=i386
 origin deb.debian.org

  • release: the DebianRelease full name, codename (n) or release number (v)

  • a, archive: archive (base directory in the repository)

  • c,component: main/contrib/non-free

  • origin: domain name of the repository (ToDo verify)

  • l,label: ToDo

  • b,architecture: processor architecture

  • version: package version

These variables are provided by Release files in Debian repositories.

See also

apt.conf

Apt accepts configuration files (without extension) in /etc/apt/apt.conf.d/. These are processed by Apt in numeric/alphabetical order. /etc/apt/apt.conf is also valid but deprecated.

These files contain directives used by all tools in the Apt suite, you can get a list of all current values with apt-config dump

  • Dpkg::Pre-Install-Pkgs {"mycommand";};: executes mycommand before package installation/unpacking by Dpkg.

  • Dpkg::Pre-Invoke {"mycommand";};: executes mycommand before apt calls dpkg

  • Dpkg::Post-Invoke {"mycommand";};: executes mycommand after apt calls dpkg

  • Acquire::http::Proxy "http://proxy:8080";: sets the proxy for HTTP downloads

  • Acquire::https::Proxy "https://proxy:8443";: sets the proxy for HTTPS downloads

  • Acquire::http::Timeout "2";: sets the timeout for HTTP downloads

  • Acquire::https::Timeout "2";: sets the timeout for HTTPS downloads

  • Acquire::ftp::Timeout "2";: sets the timeout for FTP downloads

If you really have to use FTP, this sets the FTP proxy: 

 Acquire::ftp
 {
 Proxy "ftp://proxy:2121/";
 ProxyLogin
 {
 "USER $(SITE_USER)@$(SITE)";
 "PASS $(SITE_PASS)";
 }
 }

Avoid setting APT::Default-Release

You should avoid setting APT::Default-Release "stable"; or APT::Default-Release "bookworm"; because this prevents APT from installing security updates via apt upgrade. Instead of increasing the priority of the current release, you should set a lower priority for other repositories through pinning (as described above).

It is, slightly, better to use a regular expression matching the security repository (this is supported since DebianBullseye): 

APT::Default-Release "/^bookworm(|-security|-updates)$/";

Information about why setting this variable is a bad idea can be found in:

CategoryPackageManagement | CategorySoftware | CategorySystemAdministration

AltStyle によって変換されたページ (->オリジナル) /