255

Say you're running a server and you don't want to upgrade to Testing (Squeeze) from Stable (Lenny) to just install a required package or two.

What's the best way of installing only certain packages from Testing?

Gareth
  • 8,413
  • 13
  • 43
  • 44
  • 8
    This is what the latest official documentation has to say: [Packages from mixed source of archives](https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_packages_from_mixed_source_of_archives). – Alexey Nov 18 '17 at 17:47

10 Answers10

218

Many people seem to be afraid of mixing stable with testing, but frankly, testing is fairly stable in its own right, and with proper preferences and solution checking, you can avoid the "stability drift" that puts your core packages on the unstable path.

"Testing is fairly stable??", you ask. Yes. In order for a package to migrate from unstable to testing, it has to have zero open bugs for 10 consecutive days. Chances are that, especially for the more popular packages, somebody is going to submit a bug report for an unstable version if something is wrong.

Even if you don't want to mix the environments, it's still nice to have the option there in case you run into something that requires a newer version than what is in stable.

Here's what I recommend for setting this up:

First, create the following files in /etc/apt/preferences.d:

stable.pref:

# 500 <= P < 990: causes a version to be installed unless there is a
# version available belonging to the target release or the installed
# version is more recent

Package: *
Pin: release a=stable
Pin-Priority: 900

testing.pref:

# 100 <= P < 500: causes a version to be installed unless there is a
# version available belonging to some other distribution or the installed
# version is more recent

Package: *
Pin: release a=testing
Pin-Priority: 400

unstable.pref:

# 0 < P < 100: causes a version to be installed only if there is no
# installed version of the package

Package: *
Pin: release a=unstable
Pin-Priority: 50

experimental.pref:

# 0 < P < 100: causes a version to be installed only if there is no
# installed version of the package

Package: *
Pin: release a=experimental
Pin-Priority: 1

(Don't be afraid of the unstable/experimental stuff here. The priorities are low enough that it's never going to automatically install any of that stuff. Even the testing branch will behave, as it's only going to install the packages you want to be in testing.)

Now, creating a matching set for /etc/apt/sources.list.d:

stable.list: Copy from your original /etc/apt/sources.list. Rename the old file to something like sources.list.orig.

testing.list: Same as stable.list, except with testing.

unstable.list: Same as stable.list, except with unstable, and remove the security lists.

experimental.list: Same as unstable.list, except with experimental.

You can also add a oldstable in sources.lists.d and preferences.d (use a priority of 1), though this moniker will tend to expire and disappear before the next stable cycle. In cases like that, you can use http://archive.debian.org/debian/ and "hardcode" the Debian version (etch, lenny, etc.).

To install the testing version of a package, simply use aptitude install lib-foobar-package/testing, or just jump into aptitude's GUI and select the version inside of the package details (hit enter on the package you're looking at).

If you get complaints of package conflicts, look at the solutions first. In most cases, the first one is going to be "don't install this version". Learn to use the per-package accept/reject resolver choices. For example, if you're installing foobar-package/testing, and the first solution is "don't install foobar-package/testing", then mark that choice as rejected, and the other solutions will never veer to that path again. In cases like these, you'll probably have to install a few other testing packages.

If it's getting too hairy (like it's trying to upgrade libc or the kernel or some other huge core system), then you can either reject those upgrade paths or just back out of the initial upgrade altogether. Remember that it's only going to upgrade stuff to testing/unstable if you allow it to.

EDIT: Fixed some priority pins, and updated the list.

SineSwiper
  • 2,539
  • 3
  • 13
  • 10
  • 3
    I'm trying to use this, but I'm not able to resolve any dependencies at all. It seems like neither apt-get, neither aptitude will look for the dependencies in the testing repos. Is there a way to solve that? – Tamás Szelei Nov 19 '12 at 16:28
  • 6
    Did you run `apt-get update` after you created the config files? – Flow Apr 30 '13 at 16:04
  • 3
    I'm getting (what seems to me) inconsistent behaviours using this method. "apt-get install -t testing appX" does not give the same as "apt-get install appX/testing" (see http://serverfault.com/q/646934/132528 )- I'm guessing that it's just about the way this method causes the priorities to be resolved, even though it not intuitive to me? – eugenevd Dec 08 '14 at 11:45
  • 1
    I'm trying to use it and I have a few questions. Should I remove these repositories from /etc/apt/sources.list after creating these files in /etc/apt/sources.list.d? And the repositories in my sources.list have "jessie" instead of "stable". Is there any difference? – barteks2x Aug 11 '15 at 15:18
  • 9
    IMPORTANT: the author chose a pinning preference value for stable/security that is *higher* than the Default Release value...see http://serverfault.com/a/653552/120130 for more info – Alex Ryan Jan 15 '16 at 01:52
  • hrm. Where do I get the necessary OpenPGP key from and how do I add it to my system? – Frederick Nord Jun 25 '16 at 16:40
  • 1
    Note! there is a much shorter instruction. It's in the accepted answer and also in: http://www.binarytides.com/enable-testing-repo-debian/ – Nux Oct 24 '16 at 18:01
  • 7
    This answer just broke my system. After an attempt to do `sudo apt-get update`, I got an update error. Then restarted, which gave me `Xsession error`, restarted again, and now I don't have gui. the `/dev/sda1/` is now full. Great. – luchonacho Nov 06 '16 at 13:03
  • 3
    I'm going to recommend folks heed the negative comments on this post. I just got bit by it on the recent Debian 9 update, which was corrected by reverting these changes. Heed the advice in Debian's article on this matter: https://wiki.debian.org/DontBreakDebian (scroll to Don't make a FrankenDebian) – Brandon Arnold Jun 18 '17 at 18:54
  • This configuration did not work in my case (Debian Stretch stable), it asked to downgrade a lot of packages. I made it work by removing "stable" and "security" from preferences file and decreasing the priority of repositories like "testing" to a value below "500". An update to this answer would be helpful for users that don't read comments. By the way, this answer did not mention the stable-updates repository which is included by default and there is also the debian backports repository. Software from other repositories can also be installed with apt / apt-get instead of aptitude with "-t". – baptx Nov 07 '18 at 19:12
  • The `stable.pref` example is indeed causing issues here at my side as well. – Melroy van den Berg Jun 11 '22 at 22:57
123

In /etc/apt/apt.conf.d add the following file

99defaultrelease:

APT::Default-Release "stable";

in /etc/apt/sources.list.d - add urls for testing / unstable sources

stable.list:

deb     http://ftp.de.debian.org/debian/    stable main contrib non-free
deb-src http://ftp.de.debian.org/debian/    stable main contrib non-free

deb     http://security.debian.org/         stable/updates  main contrib non-free

testing.list:

deb     http://ftp.de.debian.org/debian/    testing main contrib non-free
deb-src http://ftp.de.debian.org/debian/    testing main contrib non-free

deb     http://security.debian.org/         testing/updates  main contrib non-free

run

apt-get update

and then install what you need with

apt-get -t testing install something

Be very very careful if you install stuff that has plenty of dependencies. Preferably don't do this on production.

You can as well try your luck at backports or similar repository.

Flow
  • 958
  • 9
  • 15
pQd
  • 29,561
  • 5
  • 64
  • 106
  • 1
    Wow. That was quick. I was posting so as to share the information I'd just come across! Nice one! – Gareth Jun 09 '09 at 08:05
  • I've never actually used the apt.conf method before. It seems simpler that the preferences file method, but gives you less precise control. - Coops – Coops Jun 09 '09 at 08:37
  • 4
    Answer needs upgrading; this config will break things completely now that squeeze has become stable and lenny has become oldstable. – El Yobo Feb 15 '11 at 03:05
  • 1
    Not useable anymore, please update – Lothar Jan 03 '12 at 10:53
  • What if a new version of "something" becomes available in "testing?" Will `apt-get upgrade` automatically update it to the latest version under this configuration? Or, does it wait for the later version to become available in "stable?" – BMiner Dec 13 '12 at 16:35
  • 4
    in newer debian releases there is no apt.conf file, instead edit /etc/apt/apt.conf.d/70debconf – Hayden Thring Mar 22 '13 at 07:35
  • How would you get the "add urls for testing / unstable sources"? Thank you. – Drew LeSueur Jun 11 '14 at 19:56
  • If I'm still using jessie should I use `APT::Default-Release "jessie";` instead? – Gayan Weerakutti Sep 22 '17 at 11:39
  • I've removed `deb http://security.debian.org/` line from `stable.list` and `testing.list` because of the error `The repository 'http://security.debian.org testing/updates Release' does not have a Release file.`. – hal9000 Nov 15 '19 at 06:54
  • This way seems to be more straight forward because of not playing with packages priority and just make a global priority to the stable branch. – Lukáš Viktora Dec 10 '19 at 13:00
  • I had to change `testing/updates` to `testing-security/updates` or `bullseye-security/updates`. cc @hal9000 – Solomon Ucko Sep 23 '20 at 16:50
54

apt_preferences

Define the default level that the system should 'safe-upgrade' to in the /etc/apt/preferences file:
man apt_preferences

There's a lot you can do with apt_preferences but for the sake of simplicity...

I needed to install a single package (autoMysqlBackup) that was only available in Testing. The solution was to add the following to /etc/apt/preferences:

Explanation: Uninstall or do not install any Debian-originated
Explanation: package versions other than those in the stable distro
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release o=Debian
Pin-Priority: -10

With multiple repositories added to /etc/apt/sources.list aptitude will now only upgrade to your specified release even though the later release repos are listed (in this case 'stable').

deb http://mirror.aarnet.edu.au/debian/ lenny main
deb-src http://mirror.aarnet.edu.au/debian/ lenny main
deb http://mirror.aarnet.edu.au/debian/ squeeze main
deb-src http://mirror.aarnet.edu.au/debian/ squeeze main

So to install that package, all you have to do is:

$ aptitude install -t testing packageName
Gareth
  • 8,413
  • 13
  • 43
  • 44
  • This is a good method too, not at quick as easy as apt.conf, but lets you control all your different sources in a relative manner. – Coops Jun 09 '09 at 08:39
  • 2
    This is too complicated for the task... Using APT::Default-Release does set the pin priority of the release to 990 (similar to how you set it to 900) and the negative pinning for the rest is not really needed... during dist-upgrades the stable package have priority anyway and as soon as you list something explicitly on the command line, its negative pinning priority will be mostly ignored. – Raphaël Hertzog Jun 09 '09 at 09:54
  • I'm not sure how to reply to you @Raphael. It seems a very elegant way of doing things. I've used apt pinning before years ago but I never really 'got' it. The examples I've used above are straight from the apt_preferences man page. – Gareth Jun 09 '09 at 10:27
  • Also not working anymore on Debian 6. There is no /etc/apt/preferences file anymore. – Lothar Jan 03 '12 at 10:54
  • It works on that version; you have to create the file. – lfaraone Jan 03 '12 at 16:18
  • 2
    Confirm this works fine on squeeze – tomfanning Mar 07 '12 at 11:48
  • 3
    @Lothar: It does work on Debian 6. Just because the file doesn't exist doesn't mean it doesn't work. Just create the file and add the settings. Quote from the man page: "If there is no preferences file or if there is no entry in the file that applies to a particular version then the priority assigned to that version is the priority of the distribution to which that version belongs." – rzetterberg Oct 15 '12 at 12:11
  • If **apt-get update** complains about signatures which cannot be verified, try **apt-key adv --recv-keys --keyserver keys.gnupg.net 9D6D8F6BC857C906**. 9D6D8F6BC857C906 is an example for a public key ID; replace with the one apt-get is complaing about. – Klaws Dec 23 '18 at 08:43
18

For what it's worth, the general advice I've always seen is "Don't mix stable with anything." Most of the mixed systems tutorials are for mixing testing and unstable.

The reasoning seems to be that if you mix stable with testing, very basic packages (like libc6) will require updates (in order to install software from testing), and once these basic packages move to testing, the whole system can drift that way.

Here are two alternatives:

  1. Use Backports.
  2. Install a source line from testing, and try to build the later version you want from source.
Martin Schröder
  • 315
  • 1
  • 5
  • 24
Telemachus
  • 561
  • 2
  • 11
  • 2
    I agree. I just tried updating libdvdread4 from testing because of a bug in the version in wheezy/stable. It wants to bring in the latest libc though. So I just grabbed the source package for libdvdread4 from stable and patched it with the 1 line source change and rebuilt it. Way better than pulling in all sorts of packages from testing. Now all packages are still the "stable" ones and I just have the 1-line change I need. – dgrant Sep 12 '13 at 16:58
13

The debian documentation is extensive in the subject and I strongly advise to dig in as it will truely unveil the beauty of the debian system.

Have a look at How to keep a mixed system, it will explain all you need tio know.

tomdeb
  • 709
  • 1
  • 7
  • 10
  • 1
    This seems to be the same method used in the answer by @pQd, so it doesn't apply to debian >=6.0. Also the link title says "obsolete documentation" now. Also mostly link only answer. – dequis Apr 12 '14 at 09:08
  • While @dequis is right in that the link seems to be outdated, I just followed the instructions on a Debian 8 (testing) to install a package from unstable, and everything seems to work just perfectly fine. Anyone got a up-to-date documentation link? – domsson Dec 28 '16 at 15:36
  • 2
    This is likely to be what you're looking for:https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_tracking_literal_testing_literal_with_some_packages_from_literal_unstable_literal – tomdeb Jan 22 '17 at 19:46
9

Another way, that could prevent installing too many dependences from Testing or Sid, is this: you tell apt-get to get the source of the package from Testing or Sid and create a package for your system using Debian tools (no need to manually tinker with sources).

Quoting from here:
https://wiki.debian.org/DebianUnstable#How_do_I_backport_a_sid_package_to_testing_or_stable.3F

How do I backport a sid package to testing or stable?

Install the Debian source (and the development tools, especially debhelper, devscripts, and build-essential), and then build the package.

Step by step:

add a deb-src line for sid to your sources.list

apt-get update

apt-get build-dep PACKAGE_NAME

apt-get -b source PACKAGE_NAME

The resulting debs should be in the current directory and can be installed with dpkg -i the.deb.

gerlos
  • 245
  • 3
  • 11
4

I have been doing it for an extended period of time to be confident in saying it is safe enough and can be made convenient. With the below setup stable version will installed by default, however Aptitude will also allow you to choose backported or unstable version if so desired:

enter image description here

There are four things that need to be edited, the default pinning release needs to be set, the sources need backports and unstable added, lowering the pinning priority of backports/unstable packages, and the aptitude display settings needs to be modified to display pinning.

  • Create a '/etc/apt/apt.conf.d/10defaultrelease' and make it's contents as follows:
Apt::default-Release "stable";
  • Edit your '/etc/apt/sources.list' to add unstable and backports sources so it looks something like this:
# deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main

deb http://ftp.us.debian.org/debian/ squeeze main
deb-src http://ftp.us.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main

# squeeze-update, previously know as 'volatile'
deb http://ftp.us.debian.org/debian/ squeeze-updates main
deb-src http://ftp.us.debian.org/debian/ squeeze-updates main

# squeeze backports
# http://backports.debian.org/Instructions/
deb http://backports.debian.org/debian-backports squeeze-backports main

# unstable
# http://wiki.debian.org/AptPreferences
deb http://ftp.us.debian.org/debian/ unstable main
deb-src http://ftp.us.debian.org/debian/ unstable main

# non free ex. sun java
#deb http://ftp.us.debian.org/debian/ squeeze non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze non-free
  • Edit etc/apt/preferences pinning file - if the file doesn't exist do create it.
# Package pinning priorities
# See http://wiki.debian.org/AptPreferences and http://manpages.debian.net/cgi-bin/man.cgi?query=apt_preferences
#
# In nut shell highest PIN gets installed
#
# Pining default are as follow which are in addition to our settings:
#   990 - for version that are not installed but DO belong to our `APT::Default-Relase "stable"` setting.
#   500 - for versions that are not installed and do not belong to the target release
#   100 - for packages that already installed, this also means other versions of same package
#     1 - for experimental packages; packages with "NotAutomatic: yes"
#
# Our Pinnings
#   400 - backports that can safely be installed without the need to update other packages
#    50 - unstable packages, install forced in the details screen, can result in conflicts

Package: *
Pin: release n=squeeze-backports
Pin-Priority: 400

Package: *
Pin: release a=unstable
  • Create '/etc/apt/apt.conf.d/100guiconf' and to setup Aptitude so it display pinning information.
Aptitude::UI::Package-Display-Format "%c%a%M %p %Z %v %V %i";
Daniel Sokolowski
  • 859
  • 7
  • 9
  • 1
    Just an update that in addition to the above I have settled on running all my system packages from the 'testing' development repositories. So in `source.list` it should say code name `jessie` instead of `squeeze`. Debian's policy `testing` is near stable and packages have been almost as new as from the `unstable` repository. I'm running out of space here so please take a look at: https://wiki.debian.org/DebianReleases, https://wiki.debian.org/StableUpdates, and https://wiki.debian.org/StableProposedUpdates; the last two are additional repository sources. – Daniel Sokolowski Aug 08 '13 at 13:20
2

What I do to avoid mixing stable/testing/experimental, is to install a Debian Sid in a directory on my Debian stable system with debootstrap, then I can use the tools I want. In this example, I need a recent xmllint tool (XML processing).

For this, this is what I've done:

apt install debootstrap
mkdir /home/sid-chroot
debootstrap --arch amd64 sid /home/sid-chroot http://mirrors.ircam.fr/pub/debian/
chroot /home/sid-chroot
apt install libxml2-utils

Now, I can exit the chroot and use the lib, 'hacking' LD_LIBRARY_PATH for specific dynamic loading librarys.

In ~/.bashrc:

alias xmllint='LD_LIBRARY_PATH=/home/sid-chroot/usr /home/sid-chroot/usr/bin/xmllint'

Now, when I run xmllint, I have the 2.9.10 version of libxml2-utils. (2019 vs 2016 versions).

The pros:

  • I can install any other one package easily
  • no kitty killed, no risk to crash my desktop by mixing testing/experimental stuff
  • I keep my Debian stable system up to date with the security updates
  • I keep my system largely used by many people (unlike sid), this way, random software are still compatible enough

The cons:

  • it takes 410MB on the system (I don't care)
  • it needs aliasing in .bashrc
Gilles Quenot
  • 1,150
  • 9
  • 15
2

If your selection of packages is more involved or the installation will be repeated on multiple machines, you might consider setting up a private repository that mirrors a subset of the official repositories. This requires a bit of work to configure the repository but the reward is easy to maintain with a bare minimum of configuration on each client and repeatable results when doing dozens of installations. I find this helpful even when only one or two packages are being installed, and use this method for automating and maintaining cloud installs. A single server on a cheap VPS can handle dozens of private repositories.

To configure your private repository server:

# Install aptly.
apt-get install aptly

# Create local mirror (choose a source mirror near you).
aptly mirror create -filter="mirror-contains-no-packages" stretch-roundcube http://httpredir.debian.org/debian stretch main

# Configure filters for local mirror.
aptly mirror edit -filter="Name (% roundcube*)" stretch-roundcube

# Update local mirror.
aptly mirror update stretch-roundcube

# Drop previously published repositories and mirrors, if running these commands in a script.
aptly publish drop stretch

# Drop snapshot, if running these commands in a script.
aptly snapshot drop stretch-roundcube

# Create new snapshot.
aptly snapshot create stretch-roundcube from mirror stretch-roundcube

# Publish snapshot.
aptly publish snapshot -architectures=i386,amd64 -distribution=stretch -component=roundcube -label="Your Name" -origin="Your Name" stretch-roundcube

Then configure your web server of choice to serve the static repository files. Possibly protect the repository with a security certificate and basic authentication.

To automatically maintain your private repository and pull in updates from upstream, put the above in a script and run from a cron job.

To configure your client machine, on your client machine:

# Configure private repository without authentication.
echo 'deb http://private.repository.example.com/ stretch roundcube' > /etc/apt/sources.list.d/private.repository.example.com.list

# Configure private repository with authentication.
echo 'deb https://hostname:password@private.repository.example.com/ stretch roundcube' > /etc/apt/sources.list.d/private.repository.example.com.list
apt-get install apt-transport-https

# Update.
apt-get update

# Install package.
apt-get install roundcube

To maintain your client machine and pull in all of your private repository updates, on your client machine:

# Update.
apt-get update

# Upgrade.
apt-get upgrade
Monica For CEO
  • 320
  • 1
  • 17
2

Another option is to download instead the source package from testing. APT can auto-build the source package after downloading it. This way, your stable packages will not be affected by testing updates. The only trade-off is that it will take more time than just downloading and installing the binary package.

To configure APT to download source packages from testing, just add:

deb-src http://<your debian mirror here> testing main

If you just want to follow the current testing and not future testings, replace "testing" with the current codename (as of this writing it is "buster")

temy
  • 21
  • 1