A friend of mine, Major, asked for a little advice on Debian apt configuration for a stable production server. Over the years, I have learned a few little things with regards to apt configuration with sane access to newer backports and/or testing/unstable/alpha apt repositories, and particularly one gotcha when a new stable release is completed.
One of my favorite apt preference resources is maintained by Roderick Schertler, and I always keep his apt pinning page listed in my /etc/apt/preferences file.
I track Debian stable (currently “Lenny”) on production servers and upgrade only software that is absolutely necessary from backports or testing – the gotcha I mention above is when Debian releases a new “stable” (“Squeeze” is next). Without “oldstable” listed in the preferences file at a higher priority than “stable”, you might be in for a surprise one day with a long list of packages set to be upgraded to the new “stable” 😉 This is not particularly desirable in a production environment that will require a good deal of work to make sure a dist-upgrade to the new stable release will function properly.
On my workstations and laptop, I typically roll along with the “testing” (currently “Squeeze) apt repositories and update/upgrade daily for that new software fresh feeling. I use the same apt configurations and simply bump the testing preference to 910. This allows me to do things like ‘apt-cache policy $FOO’ to see what versions of a package are in all the releases, without trolling around packages.d.o.
Here’s a tarball of my Lenny apt configs and the contents:
/etc/apt/apt.conf – set lenny as the default release and bump the cache limit a lot higher
APT::Default-Release "lenny"; APT::Cache-Limit 33554432;
/etc/apt/sources.list – Lenny/testing/sid along with security, backports, debian-multimedia, and alpha kernel builds
# Lenny deb http://ftp.us.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.us.debian.org/debian/ lenny main contrib non-free deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main contrib non-free # Testing deb http://ftp.us.debian.org/debian/ testing main contrib non-free deb-src http://ftp.us.debian.org/debian/ testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free # Sid deb http://ftp.us.debian.org/debian/ unstable main contrib non-free deb-src http://ftp.us.debian.org/debian/ unstable main contrib non-free # Experimental deb http://ftp.us.debian.org/debian/ experimental main contrib non-free deb-src http://ftp.us.debian.org/debian/ experimental main contrib non-free ##### # Lenny Backports deb http://www.backports.org/debian lenny-backports main contrib non-free deb-src http://www.backports.org/debian lenny-backports main contrib non-free # Debian Multimedia deb http://www.debian-multimedia.org/ lenny main deb-src http://www.debian-multimedia.org/ lenny main # buildserver.net kernel buildd repo # http://wiki.debian.org/DebianKernel deb http://kernel-archive.buildserver.net/debian-kernel/ trunk main deb-src http://kernel-archive.buildserver.net/debian-kernel/ trunk main
/etc/apt/preferences – the magic to not dork up a stable box.. read Roderick’s pinning page for really great explanations on how this all works
Explanation: see http://www.argon.org/~roderick/apt-pinning.html Package: * Pin: release o=Debian,a=oldstable Pin-Priority: 905 Package: * Pin: release o=Debian,a=stable Pin-Priority: 900 Package: * Pin: release o=Debian,a=testing Pin-Priority: 400 Package: * Pin: release o=Debian,a=unstable Pin-Priority: 300 Package: * Pin: release o=Debian Pin-Priority: -1 Package: * Pin: origin www.backports.org Pin-Priority: 600 Package: * Pin: origin www.debian-multimedia.org Pin-Priority: 600 Package: * Pin: release o=Debian-Kernel,a=kernel-dists-trunk Pin-Priority: 200