Managing mixed Debian packages using APT pinning | Day in my life

April 16, 2012

Managing mixed Debian packages using APT pinning

I use Debian “stable” as my primary Linux OS. Anyone using Debian stable would know getting the latest and greatest package you really need is bit of a nuisance. If you are in this situation i.e. looking to upgrade just a package from a different repository here is how to do it.

APT pinning is a way to have a mixed package system (i.e. packages installed from different repositories) and provide a easy upgrade paths to those packages in automated and predictable way.

If you are doing this on production box make sure you have tried it somewhere else, as you might put your system in disarray if you are not cautious.

  1. /etc/apt - main location for everything related to APT

  2. /etc/apt/apt.conf - main configuration file. Note: This could not be on your system if you are not adventures enough. If it doesn’t exists go head and create it. APT reads this file if its present.

  3. /etc/apt/sources.list - repository configuration are kept in this file.

  4. /etc/apt/apt.conf.d/* - split configuration files added by individual programs. This is to sperate things specific to program which added it to help easy upgrade paths.

  5. /etc/apt/preferences - main preference file. Note: This could not be on your system. Again this is read if its present.

  6. /etc/apt/preferences.d/* - split preference file could be for each package or each repository, again its up to you on how you would like to manage.

I would be explaining APT pinning with an example as it makes for a better understanding. Here is my scenario, I would like to update a package forked-daapd from version 0.12 in Debian stable at the time of this writing to the version 0.19 from backports. In addition to that I would like all new versions of “forked-daapd” (from backports) be upgraded as part of my normal system upgrade process.

forked-daapd is a DAAP streaming server to stream media to any DAAP compatible player (iTunes) or a device.

Since we are upgrading from a backports we would be pulling only the package forked-daapd and rest of the dependencies will be satisfied by the stable repository. This might not be the case with the package you are looking to upgrade so check your package dependencies and make sure it wont be upgrading the once that are already installed on your system.


Most packages on Linux is built with some sort of dependent libraries. Majority of libraries are installed and managed independently of the the application that uses it and hence upgrading just the library to a newer version might break the existing application. For example, say we install an application ‘A’ which depends on a library ‘L’. So when application ‘A’ is being installed library ‘L’ would be installed as a dependency. Later down the line if we want to install another application say ‘B’ which also depends on the the same library as that of application ‘A’. During installation of ‘B’ APT sees that the library ‘L’ is installed already and skips the installation of the library. So at this point you have two applications ‘A’ & ‘B’ depending on the same library ‘L’. If at this point if the library ‘L’ is being upgraded because of installation of a new package from different source, chances are it would break the existing application ‘A’ & ‘B’ (assuming that there is no backward compatibility in the upgraded versions of the library). Hence its advisable to check each dependency thats being pulled from another repository during APT pinning.

Here are the steps to achieve above described scenario

  1. Add backports repository to /etc/apt/sources.list
    # squeeze backports  
    deb squeeze-backports main contrib non-free

Defines the backports repository, as a rule remember to run update (see next step) after changing sources.list to get the latest indexes from predefined repository and update local cache.

  1. Lets Update to make APT aware of the latest packages and its sources
    $ apt-get update
  1. Verify APT can see both versions of the package i.e. 0.12 and 0.19
    $ apt-cache show forked-daapd
  1. Amend /etc/apt/apt.conf and comment out line beginning with APT::Default-Release this is to make sure the priorities that we define works as it should. If apt.conf file doesn’t exists then don’t bother with this step.

Its recommended to comment the line APT::Default-Release which interferes with our priorities in case we have more than 2 repositories defined. In default stable install, we usually get two repositories defined for us i.e. stable and stable-updates. Adding the backports becomes third and hence its better to control priorities ourself rather than the tool (assuming we know what we are doing). I had lot of grief having this option hence, I personally prefer controlling through preferences.

  1. Manually define our release priorities by adding following line to /etc/apt/preferences file
    Package: *  
    Pin: release o=Debian,a=stable  
    Pin-Priority: 900  
    Package: *  
    Pin: release o=Debian,a=stable-updates  
    Pin-Priority: 900  
    Package: *  
    Pin: release a=squeeze-backports  
    Pin-Priority: 890

Lays out preferences for each release. Again higher the number higher the priority basic stuff.

  1. Create a new file forked-daapd under /etc/preferences.d/ with following content
    Package: forked-daapd  
    Pin: release a=squeeze-backports  
    Pin-Priority: 910

Adding package of choice “forked-daapd” and bump up the number than the stable release number in this case more > 900.

  1. Run update again as in Step 4 to make aware of all changes to APT

  2. Check using policy if the latest package gets picked up

    $ apt-get policy forked-daapd 
    Installed: (none)  
    Candidate: 0.19-1~bpo60+1  
    Package pin: 0.19-1~bpo60+1  
    Version table:  
    0.19-1~bpo60+1 910  
    890 squeeze-backports/main amd64 Packages 
    0.12~git0.11-125-gca72ee5-3 910  
    900 squeeze/main amd64 Packages

Candidate line which tells us whats going to be installed.

  1. Install forked-daapd should install 0.19 version of the package and rest of the dependencies will be pulled in from stable release.
    $ apt-get install forked-daapd

I spent quite some time understanding APT-Pinning and hope this helps someone looking for the same. I read following articles to better my understanding.

Furture Reading:

© Nataraj Basappa 2021