Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

A Short Introduction To Apt-Pinning


This article is a short overview of how to use apt-pinning on Debian and Debian-based distributions (like Ubuntu). Apt-Pinning allows you to use multiple releases (e.g. stable, testing, and unstable) on your system and to specify when to install a package from which release. That way you can run a system based mostly on the stable release, but also install some newer packages from testing or unstable (or third-party repositories).

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I’m using a Debian Lenny (stable) system here. I will explain apt-pinning on the basis of the package phpmyadmin which is available in three different versions in the stable, testing, and unstable repositories (at the time of this writing) – see http://packages.debian.org/search?keywords=phpmyadmin&searchon=names&suite=all&section=all:

  • lenny (stable): version 4:2.11.8.1-5
  • squeeze (testing): version 4:3.1.2-2
  • sid (unstable): version 4:3.1.3-1

 

2 My sources.list

I add the testing and unstable repositories to my /etc/apt/sources.list so that it looks as follows:

vi /etc/apt/sources.list

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

## Lenny / Stable
deb http://ftp2.de.debian.org/debian/ lenny main
deb-src http://ftp2.de.debian.org/debian/ lenny main

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

## Squeeze / Testing
deb http://ftp2.de.debian.org/debian/ squeeze main
deb-src http://ftp2.de.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main

## Sid / Unstable
deb http://ftp2.de.debian.org/debian/ sid main
deb-src http://ftp2.de.debian.org/debian/ sid main

Open /etc/apt/apt.conf

vi /etc/apt/apt.conf

… and put the following line into it:

APT::Cache-Limit "100000000";

(Otherwise you might get an error like this one when running apt-get update:

E: Dynamic MMap ran out of room

)

Then run

apt-get update

to update the package database.

With the current version, apt would always try to install the newest version of a package which usually comes from unstable or testing – this could lead to a messed-up system. With apt-pinning, we can define priorities so that a package gets installed from unstable or testing only if there’s no such package from stable.

We can check apt priorities as follows:

apt-cache policy

server1:~# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://volatile.debian.org lenny/volatile/main Packages
release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
origin volatile.debian.org
500 http://ftp2.de.debian.org sid/main Packages
release o=Debian,a=unstable,l=Debian,c=main
origin ftp2.de.debian.org
500 http://security.debian.org squeeze/updates/main Packages
release v=None,o=Debian,a=testing,l=Debian-Security,c=main
origin security.debian.org
500 http://ftp2.de.debian.org squeeze/main Packages
release o=Debian,a=testing,l=Debian,c=main
origin ftp2.de.debian.org
500 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
500 http://ftp2.de.debian.org lenny/main Packages
release v=5.0,o=Debian,a=stable,l=Debian,c=main
origin ftp2.de.debian.org
Pinned packages:
server1:~#

As you see, stable, testing, and unstable all have the same priority (500) which means that the newest version of a package would be installed. In the case of our phpmyadmin package this is version 4:3.1.3-1 which is from unstable:

apt-cache policy phpmyadmin

The Candidate: line shows the version that would be installed:

server1:~# apt-cache policy phpmyadmin
phpmyadmin:
Installed: (none)
Candidate: 4:3.1.3-1
Version table:
4:3.1.3-1 0
500 http://ftp2.de.debian.org sid/main Packages
4:3.1.2-2 0
500 http://ftp2.de.debian.org squeeze/main Packages
4:2.11.8.1-5 0
500 http://ftp2.de.debian.org lenny/main Packages
server1:~#

This is how priorities are defined (see

man 5 apt_preferences

):

P > 1000
    causes a version to be installed even if this constitutes a downgrade of the package

990 < P <=1000
    causes a version to be installed even if it does not come from the target release, unless the installed version is more recent

500 < P <=990
    causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent

100 < P <=500
    causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent

0 < P <=100
    causes a version to be installed only if there is no installed version of the package

P < 0
    prevents the version from being installed

3 Apt-Pinning

Now let’s define that we prefer stable packages over testing packages and testing packages over unstable packages, and that packages from testing and unstable get installed only if there’s no such package from stable:

vi /etc/apt/preferences

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

In the Pin: release line you can use any of the attributes that you saw in the release line in the apt-cache policy output. For example, for Lenny that line was:

v=5.0,o=Debian,a=stable,l=Debian,c=main

which means we could use Pin: release o=Debian, for example. But because testing and unstable also have o=Debian in the release line, we should use an attribute that distinguishes one release from the other – therefore I use a=stable|testing|unstable in /etc/apt/preferences.

If apt-cache policy showed something like this (this is from a server where I don’t use testing and unstable, but a third-party repository) where the o= attribute differs…

server1:~# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://volatile.debian.org lenny/volatile/main Packages
release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
origin volatile.debian.org
650 http://download.openvz.org lenny/openvz Packages
release o=debian.systs.org lenny archive,a=stable,l=debian.systs.org lenny archive,c=openvz
origin download.openvz.org
700 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
700 http://ftp2.de.debian.org lenny/main Packages
release v=5.0,o=Debian,a=stable,l=Debian,c=main
origin ftp2.de.debian.org
Pinned packages:
server1:~#

… we could use

Package: *
Pin: release o=Debian
Pin-Priority: 700

Package: *
Pin: release o=debian.systs.org lenny archive
Pin-Priority: 650

in /etc/apt/preferences, for example.

Update the package database:

apt-get update

Let’s check priorities again:

apt-cache policy

server1:~# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
700 http://volatile.debian.org lenny/volatile/main Packages
release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
origin volatile.debian.org
600 http://ftp2.de.debian.org sid/main Packages
release o=Debian,a=unstable,l=Debian,c=main
origin ftp2.de.debian.org
650 http://security.debian.org squeeze/updates/main Packages
release v=None,o=Debian,a=testing,l=Debian-Security,c=main
origin security.debian.org
650 http://ftp2.de.debian.org squeeze/main Packages
release o=Debian,a=testing,l=Debian,c=main
origin ftp2.de.debian.org
700 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
700 http://ftp2.de.debian.org lenny/main Packages
release v=5.0,o=Debian,a=stable,l=Debian,c=main
origin ftp2.de.debian.org
Pinned packages:
server1:~#

apt-cache policy phpmyadmin

server1:~# apt-cache policy phpmyadmin
phpmyadmin:
Installed: (none)
Candidate: 4:2.11.8.1-5
Version table:
4:3.1.3-1 0
600 http://ftp2.de.debian.org sid/main Packages
4:3.1.2-2 0
650 http://ftp2.de.debian.org squeeze/main Packages
4:2.11.8.1-5 0
700 http://ftp2.de.debian.org lenny/main Packages
server1:~#

As you see, now the phpmyadmin package from stable would get installed.

 

4 Holding A Package

Let’s assume you’ve installed the phpmyadmin package from stable, and you want to tell apt to keep the current package under all circumstances. This is how you tell apt to never ever install another phpmyadmin package again:

vi /etc/apt/preferences

Package: phpmyadmin
Pin: version 4:2.11.8.1*
Pin-Priority: 1001

(This works with or without the stable, testing, and unstable stanzas from the previous chapter. So even if stable, testing, and unstable have the same priority, phpmyadmin is set to hold.)

As you see, I’ve added a stanza for the package phpmyadmin with the priority 1001. In the Pin: version line I use an asterisk (*). If you know the exact version of the package that you want to hold, you can of course specify it without an asterisk (Pin: version 4:2.11.8.1-5).

Run

apt-get update

again and check the policies:

apt-cache policy

server1:~# apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
700 http://volatile.debian.org lenny/volatile/main Packages
release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
origin volatile.debian.org
600 http://ftp2.de.debian.org sid/main Packages
release o=Debian,a=unstable,l=Debian,c=main
origin ftp2.de.debian.org
650 http://security.debian.org squeeze/updates/main Packages
release v=None,o=Debian,a=testing,l=Debian-Security,c=main
origin security.debian.org
650 http://ftp2.de.debian.org squeeze/main Packages
release o=Debian,a=testing,l=Debian,c=main
origin ftp2.de.debian.org
700 http://security.debian.org lenny/updates/main Packages
release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
origin security.debian.org
700 http://ftp2.de.debian.org lenny/main Packages
release v=5.0,o=Debian,a=stable,l=Debian,c=main
origin ftp2.de.debian.org
Pinned packages:
phpmyadmin -> 4:2.11.8.1-5
server1:~#

apt-cache policy phpmyadmin

server1:~# apt-cache policy phpmyadmin
phpmyadmin:
Installed: 4:2.11.8.1-5
Candidate: 4:2.11.8.1-5
Package pin: 4:2.11.8.1-5
Version table:
4:3.1.3-1 1001
600 http://ftp2.de.debian.org sid/main Packages
4:3.1.2-2 1001
650 http://ftp2.de.debian.org squeeze/main Packages
*** 4:2.11.8.1-5 1001
700 http://ftp2.de.debian.org lenny/main Packages
100 /var/lib/dpkg/status
server1:~#

As you see, the Installed: and Candidate: lines both show the same version, so no other phpmyadmin package would get installed.

 

5 Installing Packages From A Specific Release/Overriding Priorities

(This chapter assumes you did not set phpmyadmin to hold, as was shown in chapter 4. If you did, this chapter will not work.)

Let’s assume you prefer stable over testing and testing over unstable, but just not for the phpmyadmin package because the version from unstable has a feature that you absolutely need. So this is how you override your previously set up priorities and install phpmyadmin from unstable.

There are two ways of doing this, with a slight difference:

apt-get install phpmyadmin/unstable

This would install phpmyadmin from unstable, but apt would try to satisfy all phpmyadmin dependencies with packages from stable.

apt-get -t unstable install phpmyadmin

This would install phpmyadmin from unstable, and all phpmyadmin dependencies would also be installed from unstable.

 

  • APT-HOWTO: http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html
  • Debian: http://www.debian.org/

Comments

comments