[ About | Licence | Contacts ]
Written by Oleksandr Gavenko (AKA gavenkoa), compiled on 2020-11-21 from rev ebbf146d86c1+.


Debian releases


experimental → unstable (sid) → testing → stable

Which package from witch release:

 $ aptitude search ~S~i~Astable
 $ aptitude search ~S~i~Atesting
 $ aptitude search ~S~i~Aunstable
 $ aptitude search ~S~i~Aexperimental

* https://wiki.debian.org/DebianReleases
* https://wiki.debian.org/DebianOldStable
* https://wiki.debian.org/DebianStable
* https://wiki.debian.org/DebianTesting
* https://wiki.debian.org/DebianUnstable
* https://wiki.debian.org/DebianExperimental

Conf files

See man sources.list(5), apt.conf(5), apt_preferences(5).

http://httpredir.debian.org/debian/ used for automatic balancing to nearest perository. Corresponding /etc/apt/sources.list may have:

deb http://httpredir.debian.org/debian/  stable  main contrib non-free
deb http://httpredir.debian.org/debian/  stable-backports  main contrib non-free
deb http://httpredir.debian.org/debian/  unstable  main contrib non-free
deb http://httpredir.debian.org/debian/  experimental  main contrib non-free
deb http://httpredir.debian.org/debian/  testing  main contrib non-free
deb http://httpredir.debian.org/debian/  testing  main contrib non-free

Security updates destributed via different URL (for oldstable, stable and testing only, of cause there are no reason for sid or experimental):

deb http://security.debian.org/  oldstable  main contrib non-free
deb http://security.debian.org/  stable  main contrib non-free
deb http://security.debian.org/  testing  main contrib non-free

Other useful repositories:

deb http://www.deb-multimedia.org  testing  main non-free

To include config as separate file add file with name like:


About /etc/apt/sources.list.
The redirector aims to solve the problem of choosing a Debian mirror.
Keeping your Debian system secure.
List of useful unofficial repositories.
Links to Google repositories and verification key.

Enable/disable recommends and suggestions

To disable installation of recommended packages (which is by default) create file /etc/apt/apt.conf.d/01no-recommends:

APT::Install-Recommends "0";
APT::AutoRemove::RecommendsImportant "1";

APT::Install-Suggests "0";

Alternatively pass corresponding option to installation utility to suppress installation of recommended packages:

apt --no-install-recommends
aptitude --without-recommends
aptitude -R

To install suggested packages:

apt --install-suggests
aptitude --install-suggests

Verify settings:

apt-config dump | fgrep -i recommend
apt-config dump | fgrep -i suggest

Find nearest mirror

Newer approach for selecting mirror is via DNS balancing from httpredir.debian.org. Just use:

deb http://httpredir.debian.org/debian/  stable  main contrib non-free

Older approach to select nearest mirrors is:

$ sudo apt-get install netselect-apt
$ netselect-apt stable
$ netselect-apt testing
$ netselect-apt unstable
$ netselect-apt experimental
$ netselect-apt sid

Check package versions and priority


Package: *
Pin: release a=stable
Pin-Priority: 800

Package: *
Pin: release a=testing
Pin-Priority: 900

Package: *
Pin: release a=unstable
Pin-Priority: 700

Package: *
Pin: release a=experimental
Pin-Priority: 600

Example that prevent installing *systemd* packages (priority strictly below 0 forbid package to be installed):

Package: systemd
Pin: origin ""
Pin-Priority: -1

Package: *systemd*
Pin: origin ""
Pin-Priority: -1

Example that avoid installing packages from different distribution (priority strictly below 100 cause a version to be installed only if there is no installed version of the package), you should keep main distribution priority above foreign distro priority:

Package: *
Pin: release a=testing
Pin-Priority: 990

Package: *
Pin: release o=Kali
Pin-Priority: 50

To discover package priority:

bash# apt-cache madison emacs24
   emacs24 |   24.5+1-3 | http://ftp.us.debian.org/debian/ testing/main amd64 Packages
   emacs24 |   24.4+1-5 | http://http.kali.org/kali/ kali-current/main amd64 Packages
   emacs24 |   24.5+1-3 | http://ftp.us.debian.org/debian/ testing/main Sources

bash# apt-cache policy emacs24
  Installed: 24.5+1-3
  Candidate: 24.5+1-3
  Version table:
 *** 24.5+1-3 0
        990 http://ftp.us.debian.org/debian/ testing/main amd64 Packages
        100 /var/lib/dpkg/status
     24.4+1-5 0
         50 http://http.kali.org/kali/ kali-current/main amd64 Packages

bash# aptitude versions emacs24
Package emacs24:
p   24.4+1-5                                      kali-current              50
i   24.5+1-3                                      testing                   990

Setup backport.

Main backports archive located at http://www.backports.org.

To get packeges gpg sign key:

$ su
$ wget -O - http://backports.org/debian/archive.key | apt-key add -
$ ^D

Write where packeges places:

$ cat /etc/apt/sources.list
deb http://www.backports.org/debian/ etch-backports main contrib non-free

Importing package signing key.

Usualy you can safely update keyring via debian-keyring package because it is signed by prevoius keyring:

$ sudo apt-get install debian-keyring

Defferent 3rd party provide keys for download. If you trust key (or get it in a trusted way) it is easy to import it:

$ sudo apt-key add $FILE.pgp

Another way to resolve warning:

$ sudo apt-get update
W: There is no public key available for the following key IDs:
W: GPG error: http://http.us.debian.org etch Release: The following signatures
couldn't be verified because the public key is not available: NO_PUBKEY

is to use key servers directly:

$ gpg --keyserver pgp.mit.edu --recv-key 9AA38DCD55BE302B \
--keyserver-options http-proxy=http://user:pass@
gpg: requesting key 55BE302B from hkp server pgp.mit.edu
gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

$ gpg --export 9AA38DCD55BE302B | sudo apt-key add -

List packages

List all known packages:

apt list

List installed packages:

apt list --installed

List upgradable packages:

apt list --upgradable

Install build dependency for package

$ apt-get install build-essential    # install dev LIBC and GCC C/C++
$ sudo apt-get build-dep $package

If all you want is checking what packages are needed to build a given package:

$ apt-cache showsrc $package

or check 'Build-Depends' attribute in:

$ apt-cache show $package

Delete config file for removed packages.

To get list of such packages use one of:

$ aptitude search ~c
$ grep-status -n -sPackage -FStatus config-files

To remove them:

$ aptitude purge ~c

Delete obsolete packages.

To get list of such packages use:

$ aptitude search ~o

To remove them:

$ aptitude purge ~o

To remove packages that were automatically installed to satisfy dependencies and are now no longer needed:

$ sudo apt-get autoremove

Clean up packages cache.

Remove everything from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/:

$ sudo apt-get clean

Removes package files that can no longer be downloaded, and are largely useless:

$ sudo apt-get autoclean

Check package files for modification.

$ sudo debsums --changed

Search for packages.

$ aptitude search '?tag(works-with::logfile)'

Show dependency graph.

$ apt-cache dotty $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

$ sudo apt-get install debtree
$ debtree $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

$ sudo apt-get install apt-rdepends
$ apt-rdepends $PKG
$ apt-rdepends -r $PKG
$ apt-rdepends -d $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg
$ apt-rdepends -d -r $PKG | dot -Tsvg >$PKG.svg && see $PKG.svg

Simulation mode

Simulation for apt-get and aptitude shows what happen without actually modifying or installing any packages.

Simulate install or upgrade with -s key:

$ sudo apt-get install -s xterm
$ sudo aptitude install -s xterm
$ sudo apt-get upgrade -s
$ sudo aptitude upgrade -s

Making aptitude forget changes

Following removes or override (like "hold" status) aptitude package state DB:

sudo rm /var/lib/aptitude/pkgstates
sudo aptitude keep-all