Skip to main content

Installing Debian unstable safely with APT pinning

Using Aptitude to list and install backported or unstable packages

Early into my linux Debian web server administration, out of necessity and after a lot of trail and error and reading I worked out the right preferences that keeps my systems very stable and yet with the ability to install the occasional backported or unstable package. My package management utility of choice is `aptitude` but these settings will also effectively work for `apt-get` and before I begin do +1 this if you find it useful.

The above shows the available version of Django with their respective APT pinning numbers: 990 being the stable version and selected by default when installing, 400 being the backported version, 50 being an unstable version, and 100 pinning for our already installed version.

During normal installation the stable default is always selected, however now I also have an option to easily see other available versions by viewing the information provided at bottom of the package details. Based on the displayed pinning I can tell any backported versions and the unstable version available and review the potential conflicts it could create in a straight forward way.

Setting it all Up

There are four things that need to be edited, the default pinning release needs to be set, the sources need backports and unstable added, lowering the pinning priority of backports/unstable packages, and the aptitude display settings needs to be modified to display pinning.


Create a ' /etc/apt/apt.conf.d/10defaultrelease' and make it's contents as follows:
Apt::default-Release "stable";

Update package `sources.list`

Edit your /etc/apt/sources.list to add unstable and backports sources so it looks something like this:

# deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main

deb squeeze main
deb-src squeeze main

deb squeeze/updates main
deb-src squeeze/updates main

# squeeze-update, previously know as 'volatile'
deb squeeze-updates main
deb-src squeeze-updates main

# squeeze backports
deb squeeze-backports main

# unstable
deb unstable main
deb-src unstable main

# non free ex. sun java
#deb squeeze non-free
#deb-src squeeze non-free

Edit `etc/apt/preferences` pinning file

If the file doesn't exist do create it, if it does modify it to add lower pinning the default 500 for unstable and backports packages as follow:

# Package pinning priorities
# See and
# In nut shell highest PIN gets installed
# Pining default are as follow which are in addition to our settings:
#   990 - for version that are not installed but DO belong to our `APT::Default-Relase "stable"` setting.
#   500 - for versions that are not installed and do not belong to the target release
#   100 - for packages that already installed, this also means other versions of same package
#     1 - for experimental packages; packages with "NotAutomatic: yes"
# Our Pinnings
#   400 - backports that can safely be installed without the need to update other packages
#    50 - unstable packages, install forced in the details screen, can result in conflicts

Package: *
Pin: release n=squeeze-backports
Pin-Priority: 400

Package: *
Pin: release a=unstable
Pin-Priority: 50

Add pinning information to Aptitude

By default Aptitude does not display any pinning information however this can be changed and once done a pinning number will be displayed when one view the package details, add the following file `/etc/apt/apt.conf.d/100guiconf`:

Aptitude::UI::Package-Display-Format "%c%a%M %p %Z %v %V %i";

That's it. It is worth pointing that this setup has worked for me over the past 3.5 have years without any issues

It is even able to handle a scenario where a previously installed unstable is upgraded to a stable backported higher version correctly as can be seen with the above example of the Django package.


Popular posts from this blog

Opera SOCKS Proxy Setup Issues

SOCKS error: Connection closed by remote server When setting up SOCKS only proxy in Opera web browser make sure to specify the IP address instead of your fully qualified domain name (FQDN). Using a host name will not work and Opera simply fails to connect to the proxy server. Sample working setup screen shot with a Dante proxy server , note that HTTP, HTTPS, FTP, SSH options are left blank. Bug DSK-364301 has been filled with Opera, if it has been a while since this post and the issue still not fixed feel free to add your word of encouragement by emailing :)

Storing passwords in PuTTY

How to save SSH username/password for auto login in PuTTy The answer is you can't do least in plain PuTTy. However there is an awesome fork with that let's you store the username and password and other additional features called KiTTy.

So grab yourself a copy and +1 this if you do, thanks.

How to child proof a fireplace

DIY - Do it yourself fireplace child guard Our wonderful 8.5 month old Sofia has become a crawling race car with an untamed thirst for exploration. And so with the cold nights approaching we needed to child proof the fireplace. This however proved to be more difficult than would reasonably expect, I've checked the local Toys "R" Us, Walmart, and even a Canadian Tire with no success for a ready to use product. Internet search was more fruitful and returned a few online stores one could order from, however in all honestly they didn't look too sturdy to me. So I build my own relatively quickly and inexpensively. Materials needed is a privacy plastic lattice - the smallest hole pattern - a few screws and anchors; tools needed are a drill, and a handsaw if you don't have the lattice cut at the store - that’s it. The construction consits of screwing the lattice into the wall and the final product is easiest explained through following pictures. Feel free to +1 this po…