APT_PREFERENCES(5) APT APT_PREFERENCES(5) apt_preferences - APT APT /etc/apt/preferences /etc/apt/preferences.d/ sources.list(5) (stable testing ) APT apt-get APT APT sources.list(5) apt-get sources.list(5) APT ! APT / () /etc/apt/preferences.d "pref" (-) (_) (.) Dir::Ignore-Files-Silently APT APT apt-get APT /etc/apt/apt.conf /etc/apt/preferences pin apt-get install -t testing some-package APT::Default-Release "stable"; APT 1 to the versions coming from archives which in their Release files are marked as "NotAutomatic: yes" but not as "ButAutomaticUpgrades: yes" like the Debian experimental archive, as well as versions that are not phased on this systems. 100 () squeeze-backports Debian Release "NotAutomatic: yes" "ButAutomaticUpgrades: yes" 500 990 APT 100 500 Release "NotAutomatic: yes" 1 "ButAutomaticUpgrades: yes" 100 APT o 1000 (APT 1000 ) o o () o --reinstall ( 100) sources.list(5) ( 500 990) apt-get install some-package apt-get upgrade apt-get install some-package apt-get upgrade apt-get install some-package apt-get upgrade Phased Updates APT understands a field called Phased-Update-Percentage which can be used to control the rollout of a new version. It is an integer between 0 and 100. A system's eligibility to a phased update is determined by seeding random number generator with the package source name, the version number, and /etc/machine-id, and then calculating an integer in the range [0, 100]. If this integer is larger than the Phased-Update-Percentage, the version is pinned to 1, and thus held back. Otherwise, normal policy rules apply. In case you have multiple systems that you want to receive the same set of updates, you can set APT::Machine-ID to a UUID such that they all phase the same, or set APT::Get::Never-Include-Phased-Updates or APT::Get::Always-Include-Phased-Updates to true such that APT will never/always consider phased updates. APT APT o ("Pin-Priority") "5.32" perl Package: perl Pin: version 5.32* Pin-Priority: 1001 o (Release ) FQDN APT Package: * Pin: origin "" Pin-Priority: 999 : "origin" "ftp.de.debian.org" Package: * Pin: origin "ftp.de.debian.org" Pin-Priority: 999 Release Origin Release "Origin:" "Debian" "Ximian" "unstable" Package: * Pin: release a=unstable Pin-Priority: 50 "trixie" Package: * Pin: release n=trixie Pin-Priority: 900 "stable" "12" Package: * Pin: release a=stable, v=12 Pin-Priority: 500 "and" : : ( "a" ) Matching packages in the Package field The Package field specifies the package that a pinning priority is applied to. The field can either contain a binary package name, a source package name (prefixed with "src:"), a glob(7) expression or a regular expression (surrounded by slashes). Multiple package names, glob(7) expressions and regular expressions can be listed separated by whitespace in which case the record will match any of the matched packages. By default, only packages of the native architecture are matched. To match binary packages of any architecture, add the :any suffix to the package name. You can also limit matching to a specific architecture by appending the architecture name to the package name, separated by a colon character. For example, the following example uses a glob expression and a regular expression to assign the priority 500 to all packages from experimental where the name starts with gnome (as a glob(7)-like expression) or contains the word kde (as a POSIX extended regular expression surrounded by slashes). Package: gnome* /kde/ Pin: release a=experimental Pin-Priority: 500 pin lunar 990 Package: * Pin: release n=lunar* Pin-Priority: 990 Package pin pin Package "*" glob(7) To pin all binaries produced by the apt source package of this APT's version to 990, you can do: Package: src:apt Pin: version 2.9.6 Pin-Priority: 990 Source package pinning can be combined with regular expressions and glob patterns, and can also take a binary architecture. For example, let's pin all binaries for all architectures produced by any source package containing apt in its name to 990: Package: src:*apt*:any Pin: version * Pin-Priority: 990 The :any suffix makes sure to select binary packages from any architecture. Without that suffix, apt implicitly assumes the :native suffix which would only select packages from the native architecture. APT APT (P) () P >= 1000 990 <= P < 1000 500 <= P < 990 100 <= P < 500 0 < P < 100 P < 0 P = 0 APT Package: perl Pin: version 5.32* Pin-Priority: 1001 Package: * Pin: origin "" Pin-Priority: 999 Package: * Pin: release unstable Pin-Priority: 50 o "5.32" perl 5.32* 5.36* perl o perl () o sources.list(5) unstable sources.list(5) Packages Release Packages .../dists/dist-name/component/arch .../dists/stable/main/binary-i386/Packages APT 2 Package: Version: Release .../dists/dist-name .../dists/stable/Release .../dists/bookworm/Release 1 Packages Release APT Archive: Suite: "Archive: stable" "Suite: stable" Release stable APT Pin: release a=stable Codename: "Codename: trixie" Release trixie APT Pin: release n=trixie Version: Debian 12 testing unstable APT Pin: release v=12 Pin: release a=stable, v=12 Pin: release 12 Component: Release "Component: main" main (Debian ) APT Pin: release c=main Origin: Release Debian APT Pin: release o=Debian Label: Release Debian APT Pin: release l=Debian sources.list(5) Packages Release /var/lib/apt/lists apt.conf Dir::State::Lists debian.lcs.mit.edu_debian_dists_unstable_contrib_binary-i386_Release debian.lcs.mit.edu unstable contrib binary-i386 Release APT APT Explanation: APT stable (500) Debian Explanation: Uninstall or do not install any Debian-originated Explanation: package versions other than those in the stable distro Package: * Pin: release a=stable Pin-Priority: 900 Package: * Pin: release o=Debian Pin-Priority: -10 sources.list(5) stable apt-get install package-name apt-get upgrade apt-get dist-upgrade testing apt-get install package/testing APT testing unstable Debian Package: * Pin: release a=testing Pin-Priority: 900 Package: * Pin: release a=unstable Pin-Priority: 800 Package: * Pin: release o=Debian Pin-Priority: -10 sources.list(5) testing apt-get install package-name apt-get upgrade apt-get dist-upgrade unstable apt-get upgrade testing testing unstable unstable apt-get install package/unstable APT (500) Debian APT APT testing stable oldstable testing Explanation: Uninstall or do not install any Debian-originated package versions Explanation: other than those in the distribution codenamed with trixie or sid Package: * Pin: release n=trixie Pin-Priority: 900 Explanation: Debian unstable is always codenamed with sid Package: * Pin: release n=sid Pin-Priority: 800 Package: * Pin: release o=Debian Pin-Priority: -10 sources.list(5) trixie apt-get install package-name apt-get upgrade apt-get dist-upgrade sid apt-get upgrade trixie trixie sid sid apt-get install package/sid /etc/apt/preferences "pin" : Dir::Etc::Preferences /etc/apt/preferences.d/ : Dir::Etc::PreferencesParts apt-get(8) apt-cache(8) apt.conf(5) sources.list(5) APT [1] APT /usr/share/doc/debian/bug-reporting.txt reportbug(1) (2003-2006,2009-2012), Takuma Yamada (2016), Debian JP Documentation ML [FAMILY Given] 1. APT https://bugs.debian.org/src:apt APT 2.9.6 03 1 2022 APT_PREFERENCES(5)