Yet another apt-pinning thread...

If none of the more specific forums is the right place to ask

Yet another apt-pinning thread...

Postby kce » 2010-03-10 00:48

OK. Here is what I'd like to do: I am running stable with a few backports. I would like to selectively install some things from testing on an individual basis using the -t switch (aptitude -t testing somepackage). I would not like testing to be installed over backports nor stable. This creates problems because by default backports are pinned at a priority of 1 and testing is at 500.

Can anyone think of any adverse effects of pinning the particular packages I want out of testing at 500, and pinning all of testing at 1?

Like so:
Code: Select all
Package: libjson-glib-1.0-0
Pin: version 0.8.0*
Pin-Priority: 500

Package: *
Pin: release a=testing
Pin-Priority: 1



and my apt-cache policy:
Code: Select all
Package files:
 100 /var/lib/dpkg/status
     release a=now
 990 http://dl.google.com stable/main Packages
     release v=1.0,o=Google, Inc.,a=stable,l=Google,c=main
     origin dl.google.com
 500 http://mirror.csclub.uwaterloo.ca stable/main Translation-en_US
 990 http://mirror.csclub.uwaterloo.ca stable/main Packages
     release v=None,o=Unofficial Multimedia Packages,a=stable,l=Unofficial Multimedia Packages,c=main
     origin mirror.csclub.uwaterloo.ca
 500 http://download.virtualbox.org lenny/non-free Packages
     release o=Sun Microsystems, Inc.,l=Sun Microsystems, Inc.,c=non-free
     origin download.virtualbox.org
   1 http://www.backports.org lenny-backports/non-free Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=non-free
     origin www.backports.org
   1 http://www.backports.org lenny-backports/contrib Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=contrib
     origin www.backports.org
   1 http://www.backports.org lenny-backports/main Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=main
     origin www.backports.org
   1 http://security.debian.org squeeze/updates/non-free Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=non-free
     origin security.debian.org
   1 http://security.debian.org squeeze/updates/contrib Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=contrib
     origin security.debian.org
   1 http://security.debian.org squeeze/updates/main Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=main
     origin security.debian.org
   1 http://http.us.debian.org squeeze/non-free Packages
     release o=Debian,a=testing,l=Debian,c=non-free
     origin http.us.debian.org
   1 http://http.us.debian.org squeeze/contrib Packages
     release o=Debian,a=testing,l=Debian,c=contrib
     origin http.us.debian.org
   1 http://http.us.debian.org squeeze/main Packages
     release o=Debian,a=testing,l=Debian,c=main
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/non-free Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=non-free
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/contrib Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=contrib
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/main Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=main
     origin http.us.debian.org
 990 http://volatile.debian.org lenny/volatile/non-free Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=non-free
     origin volatile.debian.org
 990 http://volatile.debian.org lenny/volatile/contrib Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=contrib
     origin volatile.debian.org
 990 http://volatile.debian.org lenny/volatile/main Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
     origin volatile.debian.org
 990 http://security.debian.org lenny/updates/non-free Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org lenny/updates/contrib Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org lenny/updates/main Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
     origin security.debian.org
Pinned packages:
     libjson-glib-1.0-0 -> 0.8.0-1


This should let me selectively install packages out of both backports and testing without having them squash each other right?
More paranoid than AMLJ!
User avatar
kce
 
Posts: 265
Joined: 2008-10-31 16:48

Re: Yet another apt-pinning thread...

Postby julian67 » 2010-03-10 01:30

You should set a default release in the file /etc/apt/apt.conf, creating that file if it doesn't exist. For specific info see http://www.debian.org/doc/manuals/reference/ch02.en.html#_packages_from_mixed_source_of_archives particularly the section entitled Table 2.18. List of the default Pin-Priority value for each package source type

The target release archive can be set by several methods.

* "/etc/apt/apt.conf" configuration file with "APT::Default-Release "stable";" line
* command line option, e.g., "apt-get install -t testing some-package"


You can also read the apt-get man page which describes the same facility.

As an example I have a machine running Lenny but my sources list also contains testing, unstable and experimental. My file /etc/apt/apt.conf includes the line
Code: Select all
APT::Default-Release "stable";


This means that nothing from any release except Lenny is ever installed unless I explicitly choose to do that. cron-apt runs daily and performs an apt-get dist-upgrade which collects any Lenny security updates but never upgrades a package from Lenny to any other release.
Wisdom from my inbox: "do not mock at your pottenocy"
User avatar
julian67
 
Posts: 4648
Joined: 2007-04-06 14:39
Location: Just hanging around

Re: Yet another apt-pinning thread...

Postby kce » 2010-03-10 02:10

I do actually have the APT::Default-Release "stable"; line in my /etc/apt/apt.conf but I found that apt would want to upgrade the packages I have installed out of backports to their slightly more recent version present in testing. I'm not exactly sure why this happens, but here's an example if I disable my preferences file:

Code: Select all
apt-cache policy iceweasel
iceweasel:
  Installed: 3.5.6-1~bpo50+1
  Candidate: 3.5.8-1
  Version table:
     3.5.8-1 0
        500 http://http.us.debian.org squeeze/main Packages
     3.5.8-1~bpo50+1 0
          1 http://www.backports.org lenny-backports/main Packages
 *** 3.5.6-1~bpo50+1 0
        100 /var/lib/dpkg/status
     3.0.6-3 0
        990 http://security.debian.org lenny/updates/main Packages
        990 http://http.us.debian.org lenny/main Packages
More paranoid than AMLJ!
User avatar
kce
 
Posts: 265
Joined: 2008-10-31 16:48

Re: Yet another apt-pinning thread...

Postby julian67 » 2010-03-10 02:49

I don't know because I don't know what you might have already installed from other releases, but maybe you have installed development packages from testing? I certainly don't get the same result:

Code: Select all
$ apt-cache policy iceweasel
iceweasel:
  Installed: 3.0.6-3
  Candidate: 3.0.6-3
  Version table:
     3.5.8-1 0
        500 http://ftp.fr.debian.org squeeze/main Packages
        500 http://ftp.fr.debian.org sid/main Packages
 *** 3.0.6-3 0
        990 http://ftp.fr.debian.org lenny/main Packages
        990 http://security.debian.org lenny/updates/main Packages
        100 /var/lib/dpkg/status


You could run
Code: Select all
aptitude why iceweasel
and it will tell you why the package manager has determined that a particular version should be installed.

One thing I always try if considering installing from a different release, i.e. unstable, is to use
Code: Select all
apt-get -s install <package_name>/unstable
first in preference to
Code: Select all
apt-get -s -t unstable install <package_name>
The -s is simulate and the difference is that the first command will try to fetch the desired package from unstable but the dependencies only from the default release, while the second will fetch everything from unstable. Sometimes this is possible and sometimes not, but if possible then it prevents needless upgrades of dependencies.
Wisdom from my inbox: "do not mock at your pottenocy"
User avatar
julian67
 
Posts: 4648
Joined: 2007-04-06 14:39
Location: Just hanging around

Re: Yet another apt-pinning thread...

Postby kce » 2010-03-12 01:37

The only thing I've installed out of testing is libjson-glib-1.0-0. I've installed a few things out of backports. Here's what I think is going on: backports are all pinned at 1, testing at 500 and stable (the default release) at 990. It appears that once something from backports is installed it's pinned at 100 (see my apt-cache for examples), which according to the apt_preferences manpage means: "causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent". So if there is a more recent version of a package available in testing than the one installed from backports (which is often the case) apt will upgrade to the one from testing. This means that if I just 'aptitude install blahityblah' apt will pull the package for stable (good), however if I install from backports and they're happens to be a newer version available in testing, apt either just install the one from testing (bad) or next time I do an aptitude safe-upgrade, it'll upgrade that package to track testing (bad).

I think this is what's going on...?


Anyway, since the only time I need to use testing packages is for libraries required for 3rd party software (in this case, pidgin-facebookchat) I don't see anything wrong about pinning testing to 1 like backports and installing stuff out of it piecemeal using either the -t or the packagename/testing switch.
More paranoid than AMLJ!
User avatar
kce
 
Posts: 265
Joined: 2008-10-31 16:48

Re: Yet another apt-pinning thread...

Postby julian67 » 2010-03-12 01:53

maybe this, maybe that, perhaps, if....

or run
Code: Select all
aptitude why iceweasel
and have your package manager offer an answer based on the state of your system, not what you remember you did, or what I think, or what you think.
Wisdom from my inbox: "do not mock at your pottenocy"
User avatar
julian67
 
Posts: 4648
Joined: 2007-04-06 14:39
Location: Just hanging around

Re: Yet another apt-pinning thread...

Postby kce » 2010-03-12 01:59

julian67 wrote: and have your package manager offer an answer based on the state of your system, not what you remember you did, or what I think, or what you think.


Actually, I did do that and I did not find the results terribly enlightening. My apologizes for neglecting to include my "work". Aptitude's why switch gives the same result with or without my /etc/apt/preferences file and if the preferences file is missing, apt still opts to upgrade all the packages installed from backports to the ones in testing.

Code: Select all
 aptitude why iceweasel
i   iceweasel-gnome-support Depends iceweasel
thinkpad:/home/kce$ aptitude why iceweasel-gnome-support
i   gnome-session           Suggests desktop-base                               
i A desktop-base            Suggests gnome | kde | xfce4 | wmaker               
pi  gnome                   Depends  gnome-desktop-environment (= 1:2.22.2~5)   
pi  gnome-desktop-environment Depends  epiphany-browser (>= 2.22.2) | gnome-www-browser
i   iceweasel-gnome-support Provides gnome-www-browser
More paranoid than AMLJ!
User avatar
kce
 
Posts: 265
Joined: 2008-10-31 16:48

Re: Yet another apt-pinning thread...

Postby shadowking » 2010-03-12 13:10

Editing /etc/apt/preferences gives finer control. The idea is the the non-preferred repos are <500 and risky repos are <100 . Main release is always 500. Dangerous stuff like experimental should be <0. Keep a track of security notices for low priority repos.

For lenny / backports / testing mix:

backports = 300 (90 if you don't want auto-updates)
testing = 50



For testing / sid mix:

sid = 50
shadowking
 
Posts: 496
Joined: 2009-05-06 11:34

Re: Yet another apt-pinning thread...

Postby shadowking » 2010-03-12 13:17

Package: *
Pin: release a=testing
Pin-Priority: 50

Package: *
Pin: release a=lenny-backports
Pin-Priority: 90
shadowking
 
Posts: 496
Joined: 2009-05-06 11:34

Re: Yet another apt-pinning thread...

Postby bugsbunny » 2010-03-12 18:52

By default:
backports and experimental get a priority of 1
all uninstalled packages in other branches get 500
all installed packages get a priority of 100.
A "default release" gives that branch a priority of 990, and will override any settings in the preferences file which refer to the same branch.

When you disable preferences what happens is the installed version of iceweasel (from backports) gets a preference of 100. The version from stable has a preference of 990, the version from testing has a priority of 500.

When deciding if it should upgrade or not:
1) It will never downgrade, unless forced to do so via manual intervention of some kind. So the version from stable is a non-player.
2) The version from testing has the following:
a) it's version is > than the installed version
b) it's priority is >= the installed version
c) there's no other version with a greater priority with a greater version number

Put it all together and the system chooses to upgrade.

The default priorities of 1 for backports and experimental are fine, no reason to change those. If you want backports versions to always be used in preference to installed stable packages you can change that priority to 100.

Set testing to a priority < 100 and things won't get pulled from there unless you specifically do so.

When you do want to pull things from testing use the form:
Code: Select all
aptitude install package/testing
rather than the -t form, otherwise all dependencies (that aren't already installed) will be pulled from testing rather than stable. So if depenencyA has a version in both testing and stable (and either would work) with testing having a different (greater) version number the testing version would be installed. Using the package/testing form the dependency from stable would be pulled. Using this form you may have to do a bit more work in some cases, but you get much finer grained control over what versions get installed.

Be careful about core libraries getting pulled from testing - if that happens you're not running stable any more.

see man apt_preferences for a full explanation of the priority system.
User avatar
bugsbunny
 
Posts: 5355
Joined: 2008-07-06 17:04

Re: Yet another apt-pinning thread...

Postby kce » 2010-04-28 20:36

I know this tread is old, but bugsbunny has the correct explanation for the behavior I mentioned in my first post:

Here's my solution if you want to install stuff "manually" out of testing and keep it pinned to a particular version, and at the same time prevent all your install packages out of backports from being replaced with those in testing while still allowing for them to be updated (from the backports repo).

apt-cache policy
Code: Select all
 100 /var/lib/dpkg/status
     release a=now
 990 http://dl.google.com stable/main Packages
     release v=1.0,o=Google, Inc.,a=stable,l=Google,c=main
     origin dl.google.com
 990 http://mirror.csclub.uwaterloo.ca stable/main Packages
     release v=5.0r0,o=Unofficial Multimedia Packages,a=stable,l=Unofficial Multimedia Packages,c=main
     origin mirror.csclub.uwaterloo.ca
 500 http://download.virtualbox.org lenny/non-free Packages
     release o=Sun Microsystems, Inc.,l=Sun Microsystems, Inc.,c=non-free
     origin download.virtualbox.org
 200 http://www.backports.org lenny-backports/non-free Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=non-free
     origin www.backports.org
 200 http://www.backports.org lenny-backports/contrib Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=contrib
     origin www.backports.org
 200 http://www.backports.org lenny-backports/main Packages
     release v=None,o=Backports.org archive,a=lenny-backports,l=Backports.org archive,c=main
     origin www.backports.org
  90 http://security.debian.org squeeze/updates/non-free Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=non-free
     origin security.debian.org
  90 http://security.debian.org squeeze/updates/contrib Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=contrib
     origin security.debian.org
  90 http://security.debian.org squeeze/updates/main Packages
     release v=None,o=Debian,a=testing,l=Debian-Security,c=main
     origin security.debian.org
  90 http://http.us.debian.org squeeze/non-free Packages
     release o=Debian,a=testing,l=Debian,c=non-free
     origin http.us.debian.org
  90 http://http.us.debian.org squeeze/contrib Packages
     release o=Debian,a=testing,l=Debian,c=contrib
     origin http.us.debian.org
  90 http://http.us.debian.org squeeze/main Packages
     release o=Debian,a=testing,l=Debian,c=main
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/non-free Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=non-free
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/contrib Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=contrib
     origin http.us.debian.org
 990 http://http.us.debian.org lenny/main Packages
     release v=5.0.4,o=Debian,a=stable,l=Debian,c=main
     origin http.us.debian.org
 990 http://volatile.debian.org lenny/volatile/non-free Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=non-free
     origin volatile.debian.org
 990 http://volatile.debian.org lenny/volatile/contrib Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=contrib
     origin volatile.debian.org
 990 http://volatile.debian.org lenny/volatile/main Packages
     release o=volatile.debian.org,a=stable,l=debian-volatile,c=main
     origin volatile.debian.org
 990 http://security.debian.org lenny/updates/non-free Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=non-free
     origin security.debian.org
 990 http://security.debian.org lenny/updates/contrib Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=contrib
     origin security.debian.org
 990 http://security.debian.org lenny/updates/main Packages
     release v=5.0,o=Debian,a=stable,l=Debian-Security,c=main
     origin security.debian.org
Pinned packages:
     libjson-glib-1.0-0 -> 0.8.0-1


/etc/apt/preferences
Code: Select all
## Required for pidgin-facebookchat
Package: libjson-glib-1.0-0
Pin: version 0.8.0*
Pin-Priority: 500

Package: *
Pin: release a=testing
Pin-Priority: 90

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200


and lastly an example: apt-cache policy iceweasel
Code: Select all
iceweasel:
  Installed: 3.5.6-1~bpo50+1
  Candidate: 3.5.8-1~bpo50+2
  Version table:
     3.5.9-2 0
         90 http://http.us.debian.org squeeze/main Packages
     3.5.8-1~bpo50+2 0
        200 http://www.backports.org lenny-backports/main Packages
 *** 3.5.6-1~bpo50+1 0
        100 /var/lib/dpkg/status
     3.0.6-3 0
        990 http://security.debian.org lenny/updates/main Packages
        990 http://http.us.debian.org lenny/main Packages


Appreciate the help!
More paranoid than AMLJ!
User avatar
kce
 
Posts: 265
Joined: 2008-10-31 16:48


Return to General Questions

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable