Mixing Stable and Testing in Debian

From Exterior Memory
Jump to: navigation, search
This article was written in January 2006. Given the volatile nature of this topic, expect that the content of this article is outdated after about two years time.

Debian stable is rather stable, but has the disadvantage that it does not contain the latest software versions. Server administrators sometimes want to use stable versions of libraries and the base system, but more recent versions of certain often-used software.

Basically, there are five methods to accomplish this:

  1. Use stable with backports of testing software
  2. Manual install for other application (not using packages)
  3. Use stable with apt-get; use dpkg directly for other packages.
  4. Use apt pinning to mix stable and testing: use always stable, and only testing if stable is not available.
  5. Have a dual Debian system

Before you choose any method, carefully consider your choices. The last three options are not recommended!

In particular, do make a conscious decision whether to use testing or unstable (if any at all). Testing will better operate with other packages. Since sarge, testing also has security support, but unstable also has relatively fast security support since it simply relies on the security from the upstream package. Backports is the recommend system since it is officially supported by the Debian project. Using backports works best if you a couple of backports at most. If you need recent versions of more software, considering using the testing distribution.

Use backports

Backports are newer versions of programs compiled against the older libraries in the stable release. The advantage of this method over apt pinning is that core libraries like libc do not need to be updated.

Backports are available from http://backports.debian.org/ (previously known as http://www.backports.org/). Other sources (without official Debian support) can be found at http://www.dotdeb.org/ and http://debian.jones.dk.

See the instruction at these pages how to add backports to apt-get. Typically, you just add a line to /etc/apt/sources.list with an URL pointing to a specific package.

Manual install non-stable packages

Use apt-get for stable packages, if available, and manual install other programs.

You can manually install programs in /usr/local, using the old-fashined:

# download
# configure
# make
# make install

Of course, this way, apt-get does not know about dependencies of software you installed manually, since you are bypassing the package manager. Another disadvantage is that you need to keep track of security updates yourselves.

Use apt-get for stable and dpkg for other packages

The advantage of this method over manual install is that dependencies are known to apt.

The following example shows how to manually install a package, taking the metalog package as example:

Download sources:

In same directory:

# dpkg-source -x metalog_0.7beta-3.dsc
# cd metalog_0.7beta
# dpkg-buildpackage -us -uc -rfakeroot
# cd ..
# dpkg -i metalog_0.7beta-3_i386.deb

If the package does not install, because of a conflict with a package in stable, and you can not remove the stable package due to a plethora of package that depends on the stable package, you can force things by typing:

# dpkg --force-depends -r syslog-ng
# dpkg -i metalog_0.7beta-3_i386.deb

Caution: use force options with extreme care, but they are occasionally useful.

Sources

Use apt pinning for both stable and testing

The advantage of this method over normal manual install is that it easy to maintain, and dependencies are not just known, but also followed.

If you are still running an older Debian version like woody, you will need to install apt 0.5.3 before this will work.

Configure /etc/apt/sources.list

As a first step, add pointers to stable and testing in /etc/apt/sources.list. For example:

#Stable
deb     http://ftp.us.debian.org/debian           stable          main contrib non-free
deb     http://security.debian.org/               stable/updates  main contrib non-free

#Testing
deb     http://ftp.us.debian.org/debian           testing          main contrib non-free
deb     http://security.debian.org/               testing/updates  main contrib non-free

While the infrastructure for security updates for 'testing' is present, it is not supported, and is currently empty. It does not hurt to include it though. It is not present for unstable.

Add pinning priorities

Secondly, configure /etc/apt/preferences to add pinning priorities. See man apt_preferences for details. For example:

Package: *
Pin: release a=stable
Pin-Priority: 700

Package: *
Pin: release a=sarge-backports
Pin-Priority: 200

Package: *
Pin: release a=testing
Pin-Priority: 50 

Remove any notion of APT::Default-Release in apt.conf (or apt.conf.d), since it seems to conflict with the above preferences

Optionally, if you get the errors like "Dynamic MMap ran out of room", set the memory cache higher, by adding the following line to /etc/apt/apt.conf.d/00local:

APT::Cache-Limit 16777216;

Pinning Priorities

≥ 1001
causes a version to be installed even if it is a downgrade of the package
991 - 1000
causes a version to be installed even if it does not come from the target release, but never downgrades
990
the version that is not installed and belongs to the target release
501 - 990
causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent
500
the versions that are not installed and do not belong to the the target release
101 - 500
causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent
100
the version that is already installed (if any)
0 - 99
causes a version to be installed only if there is no installed version of the package
< 0
prevents the version from being installed

Installing packages

Download package descriptions as usual:

# apt-get update

To override the default pinning, do:

# apt-get install mozilla/testing      to install from testing
# apt-get install mozilla/unstable     to install from unstable
# apt-get -t testing install mozilla      alternative way to install from testing

Sources

Debian dual system

It is possible to have an unstable distribution inside a chrooted directory on your otherwise stable Debian server. I never tried this method.

Appendix: Downgrades

If you want to downgrade more then 10 packages, the easiest method to backup your config files, and completely reinstall your system. However, if you want to just downgrade a limited number of packages, it is possible by hand.

Get a list of packages to downgrade

First, find out which packages are installed from testing or unstable.

Install the package apt-show-versions

# apt-show-versions  -b | grep testing

Downgrade a particular packages

To install from or downgrade to stable:

# apt-get install mozilla/stable     

It is recommended to first run apt-get -s (--simulate) to check for dependencies and see what would actually happen.

This won't work if you have installed some packages that are new to testing. If that's the case, you will need to remove those packages by hand and try again.

Use apt-pinning to downgrade

The easiest way to downgrade everything is to use apt-pinning. Setting the pinning to a value higher then 1000 will force that particular version. See man apt_preferences for details

To do so, put in /etc/apt/preferences

Package: *
Pin: release a=stable
Pin-Priority: 1001

For an extensive report, see http://people.debian.org/~osamu/downgrade.html

Sources


Appendix: My sources.list

# Squeeze:
deb http://ftp.nl.debian.org/debian/          squeeze          main contrib non-free

# Security updates:
deb http://ftp.nl.debian.org/debian-security/ squeeze/updates  main

# Volatile package updates:
deb http://ftp.nl.debian.org/debian/          squeeze-updates  main contrib non-free

# Backports:
deb http://ftp.nl.debian.org/debian-backports squeeze-backports main

With a sources.list this big, you need to set these parameters in /etc/apt/apt.conf.d/00local:

APT::Cache-Limit 16777216;
APT::Default-Release "stable";