A Short Introduction To Apt-Pinning - Page 2

3 Apt-Pinning

Now let's define that we prefer stable packages over testing packages and testing packages over unstable packages, and that packages from testing and unstable get installed only if there's no such package from stable:

vi /etc/apt/preferences
Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=testing
Pin-Priority: 650

Package: *
Pin: release a=unstable
Pin-Priority: 600

In the Pin: release line you can use any of the attributes that you saw in the release line in the apt-cache policy output. For example, for Lenny that line was:

release v=5.0,o=Debian,a=stable,l=Debian,c=main

which means we could use Pin: release o=Debian, for example. But because testing and unstable also have o=Debian in the release line, we should use an attribute that distinguishes one release from the other - therefore I use a=stable|testing|unstable in /etc/apt/preferences.

If apt-cache policy showed something like this (this is from a server where I don't use testing and unstable, but a third-party repository) where the o= attribute differs...

server1:~# apt-cache policy
 Package files:
  100 /var/lib/dpkg/status
      release a=now
  500 http://volatile.debian.org lenny/volatile/main Packages
      release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
      origin volatile.debian.org
  650 http://download.openvz.org lenny/openvz Packages
      release o=debian.systs.org lenny archive,a=stable,l=debian.systs.org lenny archive,c=openvz
      origin download.openvz.org
  700 http://security.debian.org lenny/updates/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
      origin security.debian.org
  700 http://ftp2.de.debian.org lenny/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian,c=main
      origin ftp2.de.debian.org
 Pinned packages:
 server1:~#

... we could use

Package: *
 Pin: release o=Debian
 Pin-Priority: 700
Package: *
 Pin: release o=debian.systs.org lenny archive
 Pin-Priority: 650

in /etc/apt/preferences, for example.

Update the package database:

apt-get update

Let's check priorities again:

apt-cache policy
server1:~# apt-cache policy
 Package files:
  100 /var/lib/dpkg/status
      release a=now
  700 http://volatile.debian.org lenny/volatile/main Packages
      release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
      origin volatile.debian.org
  600 http://ftp2.de.debian.org sid/main Packages
      release o=Debian,a=unstable,l=Debian,c=main
      origin ftp2.de.debian.org
  650 http://security.debian.org squeeze/updates/main Packages
      release v=None,o=Debian,a=testing,l=Debian-Security,c=main
      origin security.debian.org
  650 http://ftp2.de.debian.org squeeze/main Packages
      release o=Debian,a=testing,l=Debian,c=main
      origin ftp2.de.debian.org
  700 http://security.debian.org lenny/updates/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
      origin security.debian.org
  700 http://ftp2.de.debian.org lenny/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian,c=main
      origin ftp2.de.debian.org
 Pinned packages:
 server1:~#
apt-cache policy phpmyadmin
server1:~# apt-cache policy phpmyadmin
 phpmyadmin:
   Installed: (none)
   Candidate: 4:2.11.8.1-5
   Version table:
      4:3.1.3-1 0
         600 http://ftp2.de.debian.org sid/main Packages
      4:3.1.2-2 0
         650 http://ftp2.de.debian.org squeeze/main Packages
      4:2.11.8.1-5 0
         700 http://ftp2.de.debian.org lenny/main Packages
 server1:~#

As you see, now the phpmyadmin package from stable would get installed.

 

4 Holding A Package

Let's assume you've installed the phpmyadmin package from stable, and you want to tell apt to keep the current package under all circumstances. This is how you tell apt to never ever install another phpmyadmin package again:

vi /etc/apt/preferences
Package: phpmyadmin
Pin: version 4:2.11.8.1*
Pin-Priority: 1001

(This works with or without the stable, testing, and unstable stanzas from the previous chapter. So even if stable, testing, and unstable have the same priority, phpmyadmin is set to hold.)

As you see, I've added a stanza for the package phpmyadmin with the priority 1001. In the Pin: version line I use an asterisk (*). If you know the exact version of the package that you want to hold, you can of course specify it without an asterisk (Pin: version 4:2.11.8.1-5).

Run

apt-get update

again and check the policies:

apt-cache policy
server1:~# apt-cache policy
 Package files:
  100 /var/lib/dpkg/status
      release a=now
  700 http://volatile.debian.org lenny/volatile/main Packages
      release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
      origin volatile.debian.org
  600 http://ftp2.de.debian.org sid/main Packages
      release o=Debian,a=unstable,l=Debian,c=main
      origin ftp2.de.debian.org
  650 http://security.debian.org squeeze/updates/main Packages
      release v=None,o=Debian,a=testing,l=Debian-Security,c=main
      origin security.debian.org
  650 http://ftp2.de.debian.org squeeze/main Packages
      release o=Debian,a=testing,l=Debian,c=main
      origin ftp2.de.debian.org
  700 http://security.debian.org lenny/updates/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
      origin security.debian.org
  700 http://ftp2.de.debian.org lenny/main Packages
      release v=5.0,o=Debian,a=stable,l=Debian,c=main
      origin ftp2.de.debian.org
 Pinned packages:
      phpmyadmin -> 4:2.11.8.1-5
 server1:~#
apt-cache policy phpmyadmin
server1:~# apt-cache policy phpmyadmin
 phpmyadmin:
   Installed: 4:2.11.8.1-5
   Candidate: 4:2.11.8.1-5
   Package pin: 4:2.11.8.1-5
   Version table:
      4:3.1.3-1 1001
         600 http://ftp2.de.debian.org sid/main Packages
      4:3.1.2-2 1001
         650 http://ftp2.de.debian.org squeeze/main Packages
  *** 4:2.11.8.1-5 1001
         700 http://ftp2.de.debian.org lenny/main Packages
         100 /var/lib/dpkg/status
 server1:~#

As you see, the Installed: and Candidate: lines both show the same version, so no other phpmyadmin package would get installed.

 

5 Installing Packages From A Specific Release/Overriding Priorities

(This chapter assumes you did not set phpmyadmin to hold, as was shown in chapter 4. If you did, this chapter will not work.)

Let's assume you prefer stable over testing and testing over unstable, but just not for the phpmyadmin package because the version from unstable has a feature that you absolutely need. So this is how you override your previously set up priorities and install phpmyadmin from unstable.

There are two ways of doing this, with a slight difference:

apt-get install phpmyadmin/unstable

This would install phpmyadmin from unstable, but apt would try to satisfy all phpmyadmin dependencies with packages from stable.

apt-get -t unstable install phpmyadmin

This would install phpmyadmin from unstable, and all phpmyadmin dependencies would also be installed from unstable.

 

6 Links

Share this page:

Suggested articles

2 Comment(s)

Add comment

Comments

By: Rz
Reply  

Excellent tutorial, very clear. Thanks.

By: Jim
Reply  

Hi,

One pitfall is described in the apt_preferences manpage:

"Sometimes the installed version of a package is more recent than the version belonging to the target release, but not as recent as a version belonging to some other distribution. Such a package will indeed be upgraded when apt-get install some-package or apt-get upgrade is executed, because at least one of the available versions has a higher priority than the installed version"

In other words, assume you used your priorities:

stable = 700
testing = 650
unstable = 600

Now assume you installed "foo" from unstable once, but then unstable got updated again, so the following package versions exist:

foo = 1.0 (stable)
foo = 1.1 (testing)
foo = 1.2 (installed version)
foo = 1.3 (unstable)

Now, if you do an "apt-get upgrade", you will end up installing foo from unstable, because version 1.3 has priority 600 while the installed version only has the default (unchangable) priority 100.  I never want "apt-get upgrade" to automatically go to an unstable version like this, even if I manually installed the unstable version once.  To avoid this, I like to set my priorities to something like

stable = 200
testing = 80
unstable = 50

This means: Upgrade any installed package (prio 100) to the "stable" version automatically, but never upgrade to "testing" or "unstable" unless I specify it manually.