Mixing Stable and Testing in Debian

Debian stable is rather stable, but has the disadvantage that it does not contain the latest software versions. Server administrators sometimes want to use stable versions of libraries and the base system, but more recent versions of certain often-used software.

Basically, there are five methods to accomplish this:
 * 1) Use stable with backports of testing software
 * 2) Manual install for other application (not using packages)
 * 3) Use stable with apt-get; use dpkg directly for other packages.
 * 4) Use apt pinning to mix stable and testing: use always stable, and only testing if stable is not available.
 * 5) Have a dual Debian system

Before you choose any method, carefully consider your choices. The last three options are not recommended!

In particular, do make a conscious decision whether to use testing or unstable (if any at all). Testing will better operate with other packages. Since sarge, testing also has security support, but unstable also has relatively fast security support since it simply relies on the security from the upstream package. Backports is the recommend system since it is officially supported by the Debian project. Using backports works best if you a couple of backports at most. If you need recent versions of more software, considering using the testing distribution.

Use backports
Backports are newer versions of programs compiled against the older libraries in the stable release. The advantage of this method over apt pinning is that core libraries like libc do not need to be updated.

Backports are available from http://backports.debian.org/ (previously known as http://www.backports.org/). Other sources (without official Debian support) can be found at http://www.dotdeb.org/ and http://debian.jones.dk.

See the instruction at these pages how to add backports to apt-get. Typically, you just add a line to /etc/apt/sources.list with an URL pointing to a specific package.

Manual install non-stable packages
Use apt-get for stable packages, if available, and manual install other programs.

You can manually install programs in /usr/local, using the old-fashined:
 * 1) download
 * 2) configure
 * 3) make
 * 4) make install

Of course, this way, apt-get does not know about dependencies of software you installed manually, since you are bypassing the package manager. Another disadvantage is that you need to keep track of security updates yourselves.

Use apt-get for stable and dpkg for other packages
The advantage of this method over manual install is that dependencies are known to apt.

The following example shows how to manually install a package, taking the metalog package as example:

Download sources:
 * http://ftp.debian.org/debian/pool/main/m/metalog/metalog_0.7beta-3.dsc
 * http://ftp.debian.org/debian/pool/main/m/metalog/metalog_0.7beta.orig.tar.gz
 * http://ftp.debian.org/debian/pool/main/m/metalog/metalog_0.7beta-3.diff.gz

In same directory:


 * 1) dpkg-source -x metalog_0.7beta-3.dsc
 * 2) cd metalog_0.7beta
 * 3) dpkg-buildpackage -us -uc -rfakeroot
 * 4) cd ..
 * 5) dpkg -i metalog_0.7beta-3_i386.deb

If the package does not install, because of a conflict with a package in stable, and you can not remove the stable package due to a plethora of package that depends on the stable package, you can force things by typing:


 * 1) dpkg --force-depends -r syslog-ng
 * 2) dpkg -i metalog_0.7beta-3_i386.deb

Caution: use force options with extreme care, but they are occasionally useful.

Use apt pinning for both stable and testing
The advantage of this method over normal manual install is that it easy to maintain, and dependencies are not just known, but also followed.

If you are still running an older Debian version like woody, you will need to install apt 0.5.3 before this will work.

Configure /etc/apt/sources.list
As a first step, add pointers to stable and testing in /etc/apt/sources.list. For example:

deb    http://ftp.us.debian.org/debian           stable          main contrib non-free deb    http://security.debian.org/               stable/updates  main contrib non-free deb    http://ftp.us.debian.org/debian           testing          main contrib non-free deb    http://security.debian.org/               testing/updates  main contrib non-free
 * 1) Stable
 * 1) Testing

While the infrastructure for security updates for 'testing' is present, it is not supported, and is currently empty. It does not hurt to include it though. It is not present for unstable.

Add pinning priorities
Secondly, configure /etc/apt/preferences to add pinning priorities. See man apt_preferences for details. For example:

Package: * Pin: release a=stable Pin-Priority: 700 Package: * Pin: release a=sarge-backports Pin-Priority: 200 Package: * Pin: release a=testing Pin-Priority: 50

Remove any notion of APT::Default-Release in apt.conf (or apt.conf.d), since it seems to conflict with the above preferences

Optionally, if you get the errors like "Dynamic MMap ran out of room", set the memory cache higher, by adding the following line to /etc/apt/apt.conf.d/00local: APT::Cache-Limit 16777216;

Pinning Priorities

 * &ge; 1001:causes a version to be installed even if it is a downgrade of the package
 * 991 - 1000:causes a version to be installed even if it does not come from the target release, but never downgrades
 * 990:the version that is not installed and belongs to the target release
 * 501 - 990:causes a version to be installed unless there is a version available belonging to the target release or the installed version is more recent
 * 500:the versions that are not installed and do not belong to the the target release
 * 101 - 500:causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent
 * 100:the version that is already installed (if any)
 * 0 - 99:causes a version to be installed only if there is no installed version of the package
 * &lt; 0:prevents the version from being installed

Installing packages
Download package descriptions as usual:
 * 1) apt-get update

To override the default pinning, do:


 * 1) apt-get install mozilla/testing      to install from testing
 * 2) apt-get install mozilla/unstable     to install from unstable
 * 3) apt-get -t testing install mozilla      alternative way to install from testing

Debian dual system
It is possible to have an unstable distribution inside a chrooted directory on your otherwise stable Debian server. I never tried this method.

Appendix: Downgrades
If you want to downgrade more then 10 packages, the easiest method to backup your config files, and completely reinstall your system. However, if you want to just downgrade a limited number of packages, it is possible by hand.

Get a list of packages to downgrade
First, find out which packages are installed from testing or unstable.

Install the package apt-show-versions
 * 1) apt-show-versions  -b | grep testing

Downgrade a particular packages
To install from or downgrade to stable:
 * 1) apt-get install mozilla/stable

It is recommended to first run apt-get -s (--simulate) to check for dependencies and see what would actually happen.

This won't work if you have installed some packages that are new to testing. If that's the case, you will need to remove those packages by hand and try again.

Use apt-pinning to downgrade
The easiest way to downgrade everything is to use apt-pinning. Setting the pinning to a value higher then 1000 will force that particular version. See man apt_preferences for details

To do so, put in /etc/apt/preferences

Package: * Pin: release a=stable Pin-Priority: 1001

For an extensive report, see http://people.debian.org/~osamu/downgrade.html

Appendix: My sources.list
deb http://ftp.nl.debian.org/debian/         squeeze          main contrib non-free deb http://ftp.nl.debian.org/debian-security/ squeeze/updates main deb http://ftp.nl.debian.org/debian/         squeeze-updates  main contrib non-free deb http://ftp.nl.debian.org/debian-backports squeeze-backports main
 * 1) Squeeze:
 * 1) Security updates:
 * 1) Volatile package updates:
 * 1) Backports:

With a sources.list this big, you need to set these parameters in /etc/apt/apt.conf.d/00local:

APT::Cache-Limit 16777216; APT::Default-Release "stable";