Skip to main content

Installing Debian unstable safely with APT pinning

Using Aptitude to list and install backported or unstable packages

Early into my linux Debian web server administration, out of necessity and after a lot of trail and error and reading I worked out the right preferences that keeps my systems very stable and yet with the ability to install the occasional backported or unstable package. My package management utility of choice is `aptitude` but these settings will also effectively work for `apt-get` and before I begin do +1 this if you find it useful.

The above shows the available version of Django with their respective APT pinning numbers: 990 being the stable version and selected by default when installing, 400 being the backported version, 50 being an unstable version, and 100 pinning for our already installed version.

During normal installation the stable default is always selected, however now I also have an option to easily see other available versions by viewing the information provided at bottom of the package details. Based on the displayed pinning I can tell any backported versions and the unstable version available and review the potential conflicts it could create in a straight forward way.

Setting it all Up

There are four things that need to be edited, the default pinning release needs to be set, the sources need backports and unstable added, lowering the pinning priority of backports/unstable packages, and the aptitude display settings needs to be modified to display pinning.

Apt::default-Release

Create a ' /etc/apt/apt.conf.d/10defaultrelease' and make it's contents as follows: 
Apt::default-Release "stable";
.

Update package `sources.list`

Edit your /etc/apt/sources.list to add unstable and backports sources so it looks something like this: 

# deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main

deb http://ftp.us.debian.org/debian/ squeeze main
deb-src http://ftp.us.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main

# squeeze-update, previously know as 'volatile'
deb http://ftp.us.debian.org/debian/ squeeze-updates main
deb-src http://ftp.us.debian.org/debian/ squeeze-updates main

# squeeze backports
# http://backports.debian.org/Instructions/
deb http://backports.debian.org/debian-backports squeeze-backports main

# unstable
# http://wiki.debian.org/AptPreferences
deb http://ftp.us.debian.org/debian/ unstable main
deb-src http://ftp.us.debian.org/debian/ unstable main

# non free ex. sun java
#deb http://ftp.us.debian.org/debian/ squeeze non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze non-free

Edit `etc/apt/preferences` pinning file

If the file doesn't exist do create it, if it does modify it to add lower pinning the default 500 for unstable and backports packages as follow:

# Package pinning priorities
# See http://wiki.debian.org/AptPreferences and http://manpages.debian.net/cgi-bin/man.cgi?query=apt_preferences
#
# In nut shell highest PIN gets installed
#
# Pining default are as follow which are in addition to our settings:
#   990 - for version that are not installed but DO belong to our `APT::Default-Relase "stable"` setting.
#   500 - for versions that are not installed and do not belong to the target release
#   100 - for packages that already installed, this also means other versions of same package
#     1 - for experimental packages; packages with "NotAutomatic: yes"
#
# Our Pinnings
#   400 - backports that can safely be installed without the need to update other packages
#    50 - unstable packages, install forced in the details screen, can result in conflicts

Package: *
Pin: release n=squeeze-backports
Pin-Priority: 400

Package: *
Pin: release a=unstable
Pin-Priority: 50

Add pinning information to Aptitude

By default Aptitude does not display any pinning information however this can be changed and once done a pinning number will be displayed when one view the package details, add the following file `/etc/apt/apt.conf.d/100guiconf`:

Aptitude::UI::Package-Display-Format "%c%a%M %p %Z %v %V %i";

That's it. It is worth pointing that this setup has worked for me over the past 3.5 have years without any issues

It is even able to handle a scenario where a previously installed unstable is upgraded to a stable backported higher version correctly as can be seen with the above example of the Django package.

Comments

Post a Comment

Popular posts from this blog

Duplicate value found: duplicates value on record with id: <unknown>.

System.DmlException: Insert failed. First exception on row 0; first error: DUPLICATE_VALUE, duplicate value found: <unknown> duplicates value on record with id: <unknown>. The above error is triggered in the database layer and caused by a trigger or workflow outside of your main code of block that is bubbling this exception. This is rather difficult to track down especially if you are unfamiliar with the code, I am sharing my procedure in the hopes this saves you time - if you find this helpful drop me a line or follow me on twitter @danielsokolows . This error is caused by unique field constraint on the object, so the first step is to examine the object and locate the API names of all unique fieds. You can do this through SF direclty 'Setup < Customize &lt <object being inserted> &lt Fields' or by downloading the `src/objects` metadata information and searching for <unique> ; I preffer the latter and actually download ALL matadata i
3 comments
Read more

Softeher 'Error occurred. (Error code: 2)' sollution

Protocol error occurred. Error was returned from the destination server. The Softether server by default to run on port 443 , if you server also hosts normal https then 443 is already taken and so Softether can't bind to it. When you run `vpncmd` it attempts to connect, find an active port, but of course fails with 'Protocol error occurred. Error was returned from the destination server.' because it's not actually connecting to the vpn server. By default Softether also listens on 992 , 1194 , and 5555 so the sollution is to modify specify `localhost:5555` when executing the `vpncmnd`. If this has helped you feel free to comment or follow me on twitter @danielsokolows .
6 comments
Read more

How to child proof a fireplace

DIY - Do it yourself fireplace child guard Our wonderful 8.5 month old Sofia has become a crawling race car with an untamed thirst for exploration. And so with the cold nights approaching we needed to child proof the fireplace. This however proved to be more difficult than would reasonably expect, I've checked the local Toys "R" Us, Walmart, and even a Canadian Tire with no success for a ready to use product. Internet search was more fruitful and returned a few online stores one could order from, however in all honestly they didn't look too sturdy to me. So I build my own relatively quickly and inexpensively. Materials needed is a privacy plastic lattice - the smallest hole pattern - a few screws and anchors; tools needed are a drill, and a handsaw if you don't have the lattice cut at the store - that’s it. The construction consits of screwing the lattice into the wall and the final product is easiest explained through following pictures.
11 comments
Read more