Mixing Stable and Testing in Debian
Debian stable is rather stable, but has the disadvantage that it does not contain the latest software versions. Server administrators sometimes want to use stable versions of libraries and the base system, but more recent versions of certain often-used software.
Basically, there are five methods to accomplish this:
- Use stable with backports of testing software
- Manual install for other application (not using packages)
- Use stable with apt-get; use dpkg directly for other packages.
- Use apt pinning to mix stable and testing: use always stable, and only testing if stable is not available.
- Have a dual Debian system
Before you choose any method, carefully consider your choices. The last three options are not recommended!
In particular, do make a conscious decision whether to use testing or unstable (if any at all). Testing will better operate with other packages. Since sarge, testing also has security support, but unstable also has relatively fast security support since it simply relies on the security from the upstream package. Backports is the recommend system since it is officially supported by the Debian project. Using backports works best if you a couple of backports at most. If you need recent versions of more software, considering using the testing distribution.
- 1 Use backports
- 2 Manual install non-stable packages
- 3 Use apt-get for stable and dpkg for other packages
- 4 Use apt pinning for both stable and testing
- 5 Debian dual system
- 6 Appendix: Downgrades
- 7 Appendix: My sources.list
Backports are newer versions of programs compiled against the older libraries in the stable release. The advantage of this method over apt pinning is that core libraries like libc do not need to be updated.
Backports are available from http://backports.debian.org/ (previously known as http://www.backports.org/). Other sources (without official Debian support) can be found at http://www.dotdeb.org/ and http://debian.jones.dk.
See the instruction at these pages how to add backports to apt-get. Typically, you just add a line to /etc/apt/sources.list with an URL pointing to a specific package.
Manual install non-stable packages
Use apt-get for stable packages, if available, and manual install other programs.
You can manually install programs in /usr/local, using the old-fashined:
# download # configure # make # make install
Of course, this way, apt-get does not know about dependencies of software you installed manually, since you are bypassing the package manager. Another disadvantage is that you need to keep track of security updates yourselves.
Use apt-get for stable and dpkg for other packages
The advantage of this method over manual install is that dependencies are known to apt.
The following example shows how to manually install a package, taking the metalog package as example:
In same directory:
# dpkg-source -x metalog_0.7beta-3.dsc # cd metalog_0.7beta # dpkg-buildpackage -us -uc -rfakeroot # cd .. # dpkg -i metalog_0.7beta-3_i386.deb
If the package does not install, because of a conflict with a package in stable, and you can not remove the stable package due to a plethora of package that depends on the stable package, you can force things by typing:
# dpkg --force-depends -r syslog-ng # dpkg -i metalog_0.7beta-3_i386.deb
Caution: use force options with extreme care, but they are occasionally useful.
Use apt pinning for both stable and testing
The advantage of this method over normal manual install is that it easy to maintain, and dependencies are not just known, but also followed.
If you are still running an older Debian version like woody, you will need to install apt 0.5.3 before this will work.
As a first step, add pointers to stable and testing in /etc/apt/sources.list. For example:
#Stable deb http://ftp.us.debian.org/debian stable main contrib non-free deb http://security.debian.org/ stable/updates main contrib non-free #Testing deb http://ftp.us.debian.org/debian testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free
While the infrastructure for security updates for 'testing' is present, it is not supported, and is currently empty. It does not hurt to include it though. It is not present for unstable.
Add pinning priorities
Secondly, configure /etc/apt/preferences to add pinning priorities. See man apt_preferences for details. For example:
Package: * Pin: release a=stable Pin-Priority: 700 Package: * Pin: release a=sarge-backports Pin-Priority: 200 Package: * Pin: release a=testing Pin-Priority: 50
Remove any notion of APT::Default-Release in apt.conf (or apt.conf.d), since it seems to conflict with the above preferences
Optionally, if you get the errors like "Dynamic MMap ran out of room", set the memory cache higher, by adding the following line to /etc/apt/apt.conf.d/00local:
- ≥ 1001
- causes a version to be installed even if it is a downgrade of the package
- 991 - 1000
- causes a version to be installed even if it does not come from the target release, but never downgrades
- the version that is not installed and belongs to the target release
- 501 - 990
- causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent
- the versions that are not installed and do not belong to the the target release
- 101 - 500
- causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent
- the version that is already installed (if any)
- 0 - 99
- causes a version to be installed only if there is no installed version of the package
- < 0
- prevents the version from being installed
Download package descriptions as usual:
# apt-get update
To override the default pinning, do:
# apt-get install mozilla/testing to install from testing # apt-get install mozilla/unstable to install from unstable # apt-get -t testing install mozilla alternative way to install from testing
Debian dual system
It is possible to have an unstable distribution inside a chrooted directory on your otherwise stable Debian server. I never tried this method.
If you want to downgrade more then 10 packages, the easiest method to backup your config files, and completely reinstall your system. However, if you want to just downgrade a limited number of packages, it is possible by hand.
Get a list of packages to downgrade
First, find out which packages are installed from testing or unstable.
Install the package apt-show-versions
# apt-show-versions -b | grep testing
Downgrade a particular packages
To install from or downgrade to stable:
# apt-get install mozilla/stable
It is recommended to first run apt-get -s (--simulate) to check for dependencies and see what would actually happen.
This won't work if you have installed some packages that are new to testing. If that's the case, you will need to remove those packages by hand and try again.
Use apt-pinning to downgrade
The easiest way to downgrade everything is to use apt-pinning. Setting the pinning to a value higher then 1000 will force that particular version. See man apt_preferences for details
To do so, put in /etc/apt/preferences
Package: * Pin: release a=stable Pin-Priority: 1001
For an extensive report, see http://people.debian.org/~osamu/downgrade.html
Appendix: My sources.list
# Squeeze: deb http://ftp.nl.debian.org/debian/ squeeze main contrib non-free # Security updates: deb http://ftp.nl.debian.org/debian-security/ squeeze/updates main # Volatile package updates: deb http://ftp.nl.debian.org/debian/ squeeze-updates main contrib non-free # Backports: deb http://ftp.nl.debian.org/debian-backports squeeze-backports main
With a sources.list this big, you need to set these parameters in /etc/apt/apt.conf.d/00local:
APT::Cache-Limit 16777216; APT::Default-Release "stable";