Ubuntu with Debian Sid APT repository

Ubuntu is great in my opinion, and of the reasons for it is its use of recent versions for the packages in their APT repositories. But what if you need a package in an even more recent version and cannot wait for the next release? The Debian Sid release, the unstable development version, has those newer packages and they can be used in an Ubuntu with the help of APT package pinning and this post shows the things you need to know for that.

Change history:
Date Change description
2018-04-27 The first release

Use Case

The specific case I had, was the usage of the great tool libguestfs [1], which is very useful when dealing with virtual machine disk images. Unfortunately, when I tried to work with it on the s390x architecture, I’ve discovered a bug, which was already reported upstream [2]. Luckily, there was also already a patch series provided on the mailing list of libguestfs [3] and the last commit, needed to fix the bug, was also already merged [4] and available with version 1.37.22 of libguestfs.

My problem was, Ubuntu 16.04 packaged libguestfs in version 1.34 and Ubuntu 18.04 packaged it in version 1.36. Both were too old and didn’t contain any backports. As Ubuntu is based on Debian, I checked their repositories and found the needed version 1.38 of libguestfs in their unstable development release named Sid [5].

From the multiple options I had:

  • use Debian Sid as host
  • build libguestfs from source
  • wait for CentOS 7.5 which has libguestfs 1.36 but with backports
  • wait for Ubuntu 18.10 (in the hope it has the fixes/backports)
  • use Ubuntu 18.04 and add the Debian Sid repositories

proved only the last one successful for me and the next sections show the needed actions for this.

Add the Debian Sid repository

Install the needed packages and add the keys and the Debian Sid repo itself:

1
2
3
4
5
6
7
8
9
$ apt update
$ apt install -y software-properties-common \
debian-archive-keyring \
dirmngr
$ apt-key adv --keyserver keyserver.ubuntu.com \
--recv-keys 8B48AD6246925553
$ apt-key adv --keyserver keyserver.ubuntu.com \
--recv-keys 7638D0442B90D010
$ add-apt-repository "deb http://ftp.de.debian.org/debian sid main"

If you don’t use the apt-key command before adding the repository, you’ll see this error message:

1
2
3
4
5
6
7
8
9
Err:3 http://ftp.de.debian.org/debian sid InRelease
  The following signatures couldn't be verified because the
  public key is not available:
  NO_PUBKEY 8B48AD6246925553
  NO_PUBKEY 7638D0442B90D010
E: The repository 'http://ftp.de.debian.org/debian sid InRelease'
is not signed.
N: Updating from such a repository can't be done securely,
and is therefore disabled by default.

After the Sid release is added to the repository list, we need to deal with the fact that we have the same packages in different versions in different repositories, which can confuse APT a little.

Check with apt-cache policy

The command apt-cache policy <package-name> is a good way to determine what package would be installed from which repository, in case you trigger the install with apt-get install <package-name>.

Let’s check how this looks with a common package, e.g. nano:

1
2
3
4
5
6
7
8
9
$ apt-cache policy nano
nano:
  Installed: (none)
  Candidate: 2.9.3-2
  Version table:
     2.9.5-1 300
        300 http://ftp.de.debian.org/debian sid/main s390x Packages
     2.9.3-2 500
        500 http://ports.ubuntu.com/ubuntu-ports bionic/main s390x Packages

The package is in both repositories, the newer one with version 2.9.5-1 is in Debian Sid and gets the priority 300, but the older one in Ubuntu with version 2.9.3-2 has a higher priority of 500 and is therefore the install candidate.

Let’s try the package I’m interested in, libguestfs-tools, which matches the pattern described in the preferences file from before:

1
2
3
4
5
6
7
8
9
$ apt-cache policy libguestfs-tools
libguestfs-tools:
  Installed: (none)
  Candidate: 1:1.38.0-4
  Version table:
     1:1.38.0-4 700
        300 http://ftp.de.debian.org/debian sid/main s390x Packages
     1:1.36.13-1ubuntu3 500
        500 http://ports.ubuntu.com/ubuntu-ports bionic/universe s390x Packages

The package is in both repositories, the newer one is in Debian Sid, and it has the higher priority because its name matches the pattern we specified in the preferences file, and is therefore the install candidate with a priority of 700.

Conclusion

With all the things from above, I was able to get the packages (and their dependencies) in a version current enough to get the job done.

It is also possible to enforce downgrades of a package or avoid an installation at all. The man page [6] has the details you need to determine how to fulfill your use case.

Doing that in a multi-purpose host which needs to be kept updated, brings the risk that you potentially make that system unstable and less predictable. Doing that in a single-purpose immutable host, e.g. packaged as Docker image, might be a good enough band-aid until a new Ubuntu release comes out which contains the package in the version you need.