apt_preferences - Preference control file for APT
The APT preferences file /etc/apt/preferences and the fragment files in the /etc/apt/preferences.d/ folder can be used to control which versions of packages will be selected for installation.
Several versions of a package may be available for installation when the sources.list(5) file contains references to more than one distribution (for example, stable and testing). APT assigns a priority to each version that is available. Subject to dependency constraints, apt-get selects the version with the highest priority for installation. The APT preferences override the priorities that APT assigns to package versions by default, thus giving the user control over which one is selected for installation.
Several instances of the same version of a package may be available when the sources.list(5) file contains references to more than one source. In this case apt-get downloads the instance listed earliest in the sources.list(5) file. The APT preferences do not affect the choice of instance, only the choice of version.
Preferences are a strong power in the hands of a system administrator but they can become also their biggest nightmare if used without care! APT will not question the preferences, so wrong settings can lead to uninstallable packages or wrong decisions while upgrading packages. Even more problems will arise if multiple distribution releases are mixed without a good understanding of the following paragraphs. Packages included in a specific release aren't tested in (and therefore don't always work as expected in) older or newer releases, or together with other packages from different releases. You have been warned.
Note that the files in the /etc/apt/preferences.d directory are parsed in alphanumeric ascending order and need to obey the following naming convention: The files have either no or "pref" as filename extension and only contain alphanumeric, hyphen (-), underscore (_) and period (.) characters. Otherwise APT will print a notice that it has ignored a file, unless that file matches a pattern in the Dir::Ignore-Files-Silently configuration list - in which case it will be silently ignored.
APT's Default Priority Assignments¶
If there is no preferences file or if there is no entry in the file that applies to a particular version then the priority assigned to that version is the priority of the distribution to which that version belongs. It is possible to single out a distribution, "the target release", which receives a higher priority than other distributions do by default. The target release can be set on the apt-get command line or in the APT configuration file /etc/apt/apt.conf. Note that this has precedence over any general priority you set in the /etc/apt/preferences file described later, but not over specifically pinned packages. For example,
apt-get install -t testing some-package
If the target release has been specified then APT uses the following algorithm to set the priorities of the versions of a package. Assign:
If the target release has not been specified then APT simply assigns priority 100 to all installed package versions and priority 500 to all uninstalled package versions, except versions coming from archives which in their Release files are marked as "NotAutomatic: yes" - these versions get the priority 1 or priority 100 if it is additionally marked as "ButAutomaticUpgrades: yes".
APT then applies the following rules, listed in order of precedence, to determine which version of a package to install.
In a typical situation, the installed version of a package (priority 100) is not as recent as one of the versions available from the sources listed in the sources.list(5) file (priority 500 or 990). Then the package will be upgraded when apt-get install some-package or apt-get upgrade is executed.
More rarely, the installed version of a package is more recent than any of the other available versions. The package will not be downgraded when apt-get install some-package or apt-get upgrade is executed.
Sometimes the installed version of a package is more recent than the version belonging to the target release, but not as recent as a version belonging to some other distribution. Such a package will indeed be upgraded when apt-get install some-package or apt-get upgrade is executed, because at least one of the available versions has a higher priority than the installed version.
APT understands a field called Phased-Update-Percentage which can be used to control the rollout of a new version. It is an integer between 0 and 100.
A system's eligibility to a phased update is determined by seeding random number generator with the package source name, the version number, and /etc/machine-id, and then calculating an integer in the range [0, 100]. If this integer is larger than the Phased-Update-Percentage, the version is pinned to 1, and thus held back. Otherwise, normal policy rules apply.
In case you have multiple systems that you want to receive the same set of updates, you can set APT::Machine-ID to a UUID such that they all phase the same, or set APT::Get::Never-Include-Phased-Updates or APT::Get::Always-Include-Phased-Updates to true such that APT will never/always consider phased updates.
The Effect of APT Preferences¶
The APT preferences file allows the system administrator to control the assignment of priorities. The file consists of one or more multi-line records separated by blank lines. Records can have one of two forms, a specific form and a general form.
Package: perl Pin: version 5.20* Pin-Priority: 1001
This general-form entry in the APT preferences file applies only to groups of packages. For example, the following record assigns a high priority to all package versions available from the local site.
Package: * Pin: origin "" Pin-Priority: 999
A note of caution: the keyword used here is "origin" which can be used to match a hostname. The following record will assign a high priority to all versions available from the server identified by the hostname "ftp.de.debian.org"
Package: * Pin: origin "ftp.de.debian.org" Pin-Priority: 999
This should not be confused with the Origin of a distribution as specified in a Release file. What follows the "Origin:" tag in a Release file is not an Internet address but an author or vendor name, such as "Debian" or "Ximian".
The following record assigns a low priority to all package versions belonging to any distribution whose Archive name is "unstable".
Package: * Pin: release a=unstable Pin-Priority: 50
The following record assigns a high priority to all package versions belonging to any distribution whose Codename is "bookworm".
Package: * Pin: release n=bookworm Pin-Priority: 900
The following record assigns a high priority to all package versions belonging to any release whose Archive name is "stable" and whose release Version number is "11".
Package: * Pin: release a=stable, v=11 Pin-Priority: 500
The effect of the comma operator is similar to an "and" in logic: All conditions must be satisfied for the pin to match. There is one exception: For any type of condition (such as two "a" conditions), only the last such condition is checked.
Matching packages in the Package field¶
The Package field specifies the package that a pinning priority is applied to. The field can either contain a binary package name, a source package name (prefixed with "src:"), a glob(7) expression or a regular expression (surrounded by slashes). Multiple package names, glob(7) expressions and regular expressions can be listed separated by whitespace in which case the record will match any of the matched packages.
By default, only packages of the native architecture are matched. To match binary packages of any architecture, add the :any suffix to the package name. You can also limit matching to a specific architecture by appending the architecture name to the package name, separated by a colon character.
For example, the following example uses a glob expression and a regular expression to assign the priority 500 to all packages from experimental where the name starts with gnome (as a glob(7)-like expression) or contains the word kde (as a POSIX extended regular expression surrounded by slashes).
Package: gnome* /kde/ Pin: release a=experimental Pin-Priority: 500
The rule for those expressions is that they can occur anywhere where a string can occur. Thus, the following pin assigns the priority 990 to all packages from a release starting with hirsute.
Package: * Pin: release n=hirsute* Pin-Priority: 990
If a regular expression occurs in a Package field, the behavior is the same as if this regular expression were replaced with a list of all package names it matches. It is undecided whether this will change in the future; thus you should always list wild-card pins first, so later specific pins override it. The pattern "*" in a Package field is not considered a glob(7) expression in itself.
To pin all binaries produced by the apt source package of this APT's version to 990, you can do:
Package: src:apt Pin: version 2.5.2 Pin-Priority: 990
Source package pinning can be combined with regular expressions and glob patterns, and can also take a binary architecture.
For example, let's pin all binaries for all architectures produced by any source package containing apt in its name to 990:
Package: src:*apt*:any Pin: version * Pin-Priority: 990
The :any suffix makes sure to select binary packages from any architecture. Without that suffix, apt implicitly assumes the :native suffix which would only select packages from the native architecture.
How APT Interprets Priorities¶
Priorities (P) assigned in the APT preferences file must be positive or negative integers. They are interpreted as follows (roughly speaking):
P >= 1000
990 <= P < 1000
500 <= P < 990
100 <= P < 500
0 < P < 100
P < 0
P = 0
The first specific-form record matching an available package version determines the priority of the package version. Failing that, the priority of the package is defined as the maximum of all priorities defined by generic-form records matching the version. Records defined using patterns in the Pin field other than "*" are treated like specific-form records.
For example, suppose the APT preferences file contains the three records presented earlier:
Package: perl Pin: version 5.20* Pin-Priority: 1001 Package: * Pin: origin "" Pin-Priority: 999 Package: * Pin: release unstable Pin-Priority: 50
Determination of Package Version and Distribution Properties¶
The locations listed in the sources.list(5) file should provide Packages and Release files to describe the packages available at that location.
The Packages file is normally found in the directory .../dists/dist-name/component/arch: for example, .../dists/stable/main/binary-i386/Packages. It consists of a series of multi-line records, one for each package available in that directory. Only two lines in each record are relevant for setting APT priorities:
the Package: line
the Version: line
The Release file is normally found in the directory .../dists/dist-name: for example, .../dists/stable/Release, or .../dists/bullseye/Release. It consists of a single multi-line record which applies to all of the packages in the directory tree below its parent. Unlike the Packages file, nearly all of the lines in a Release file are relevant for setting APT priorities:
the Archive: or Suite: line
Pin: release a=stable
the Codename: line
Pin: release n=bookworm
the Version: line
Pin: release v=11 Pin: release a=stable, v=11 Pin: release 11
the Component: line
Pin: release c=main
the Origin: line
Pin: release o=Debian
the Label: line
Pin: release l=Debian
All of the Packages and Release files retrieved from locations listed in the sources.list(5) file are stored in the directory /var/lib/apt/lists, or in the file named by the variable Dir::State::Lists in the apt.conf file. For example, the file debian.lcs.mit.edu_debian_dists_unstable_contrib_binary-i386_Release contains the Release file retrieved from the site debian.lcs.mit.edu for binary-i386 architecture files from the contrib component of the unstable distribution.
Optional Lines in an APT Preferences Record¶
Each record in the APT preferences file can optionally begin with one or more lines beginning with the word Explanation:. This provides a place for comments.
The following APT preferences file will cause APT to assign a priority higher than the default (500) to all package versions belonging to a stable distribution and a prohibitively low priority to package versions belonging to other Debian distributions.
Explanation: Uninstall or do not install any Debian-originated Explanation: package versions other than those in the stable distro Package: * Pin: release a=stable Pin-Priority: 900 Package: * Pin: release o=Debian Pin-Priority: -10
With a suitable sources.list(5) file and the above preferences file, any of the following commands will cause APT to upgrade to the latest stable version(s).
apt-get install package-name apt-get upgrade apt-get dist-upgrade
The following command will cause APT to upgrade the specified package to the latest version from the testing distribution; the package will not be upgraded again unless this command is given again.
apt-get install package/testing
Tracking Testing or Unstable¶
The following APT preferences file will cause APT to assign a high priority to package versions from the testing distribution, a lower priority to package versions from the unstable distribution, and a prohibitively low priority to package versions from other Debian distributions.
Package: * Pin: release a=testing Pin-Priority: 900 Package: * Pin: release a=unstable Pin-Priority: 800 Package: * Pin: release o=Debian Pin-Priority: -10
With a suitable sources.list(5) file and the above preferences file, any of the following commands will cause APT to upgrade to the latest testing version(s).
apt-get install package-name apt-get upgrade apt-get dist-upgrade
The following command will cause APT to upgrade the specified package to the latest version from the unstable distribution. Thereafter, apt-get upgrade will upgrade the package to the most recent testing version if that is more recent than the installed version, otherwise, to the most recent unstable version if that is more recent than the installed version.
apt-get install package/unstable
Tracking the evolution of a codename release¶
The following APT preferences file will cause APT to assign a priority higher than the default (500) to all package versions belonging to a specified codename of a distribution and a prohibitively low priority to package versions belonging to other Debian distributions, codenames and archives. Note that with this APT preference APT will follow the migration of a release from the archive testing to stable and later oldstable. If you want to follow for example the progress in testing notwithstanding the codename changes you should use the example configurations above.
Explanation: Uninstall or do not install any Debian-originated package versions Explanation: other than those in the distribution codenamed with bookworm or sid Package: * Pin: release n=bookworm Pin-Priority: 900 Explanation: Debian unstable is always codenamed with sid Package: * Pin: release n=sid Pin-Priority: 800 Package: * Pin: release o=Debian Pin-Priority: -10
With a suitable sources.list(5) file and the above preferences file, any of the following commands will cause APT to upgrade to the latest version(s) in the release codenamed with bookworm.
apt-get install package-name apt-get upgrade apt-get dist-upgrade
The following command will cause APT to upgrade the specified package to the latest version from the sid distribution. Thereafter, apt-get upgrade will upgrade the package to the most recent bookworm version if that is more recent than the installed version, otherwise, to the most recent sid version if that is more recent than the installed version.
apt-get install package/sid
APT bug page. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.
- APT bug page
|03 January 2022||APT 2.5.2|