Ubuntu is great in my opinion, and of the reasons for it is its use of recent versions for the packages in their APT repositories. But what if you need a package in an even more recent version and cannot wait for the next release? The Debian Sid release, the unstable development version, has those newer packages and they can be used in an Ubuntu with the help of APT package pinning and this post shows the things you need to know for that.
Date | Change description |
---|---|
2018-04-27 | The first release |
The specific case I had, was the usage of the great tool libguestfs [1], which is very useful when dealing with virtual machine disk images. Unfortunately, when I tried to work with it on the s390x architecture, I’ve discovered a bug, which was already reported upstream [2]. Luckily, there was also already a patch series provided on the mailing list of libguestfs [3] and the last commit, needed to fix the bug, was also already merged [4] and available with version 1.37.22 of libguestfs.
My problem was, Ubuntu 16.04 packaged libguestfs in version 1.34 and Ubuntu 18.04 packaged it in version 1.36. Both were too old and didn’t contain any backports. As Ubuntu is based on Debian, I checked their repositories and found the needed version 1.38 of libguestfs in their unstable development release named Sid [5].
From the multiple options I had:
proved only the last one successful for me and the next sections show the needed actions for this.
Install the needed packages and add the keys and the Debian Sid repo itself:
1 2 3 4 5 6 7 8 9 | $ apt update
$ apt install -y software-properties-common \
debian-archive-keyring \
dirmngr
$ apt-key adv --keyserver keyserver.ubuntu.com \
--recv-keys 8B48AD6246925553
$ apt-key adv --keyserver keyserver.ubuntu.com \
--recv-keys 7638D0442B90D010
$ add-apt-repository "deb http://ftp.de.debian.org/debian sid main"
|
If you don’t use the apt-key
command before adding the repository,
you’ll see this error message:
1 2 3 4 5 6 7 8 9 | Err:3 http://ftp.de.debian.org/debian sid InRelease
The following signatures couldn't be verified because the
public key is not available:
NO_PUBKEY 8B48AD6246925553
NO_PUBKEY 7638D0442B90D010
E: The repository 'http://ftp.de.debian.org/debian sid InRelease'
is not signed.
N: Updating from such a repository can't be done securely,
and is therefore disabled by default.
|
After the Sid release is added to the repository list, we need to deal with the fact that we have the same packages in different versions in different repositories, which can confuse APT a little.
apt-cache policy
The command apt-cache policy <package-name>
is a good way to determine
what package would be installed from which repository, in case you trigger
the install with apt-get install <package-name>
.
Let’s check how this looks with a common package, e.g. nano
:
1 2 3 4 5 6 7 8 9 | $ apt-cache policy nano
nano:
Installed: (none)
Candidate: 2.9.3-2
Version table:
2.9.5-1 300
300 http://ftp.de.debian.org/debian sid/main s390x Packages
2.9.3-2 500
500 http://ports.ubuntu.com/ubuntu-ports bionic/main s390x Packages
|
The package is in both repositories, the newer one with version
2.9.5-1
is in Debian Sid and gets the priority 300
, but the older
one in Ubuntu with version 2.9.3-2
has a higher priority of 500
and is therefore the install candidate.
Let’s try the package I’m interested in, libguestfs-tools
, which matches
the pattern described in the preferences file from before:
1 2 3 4 5 6 7 8 9 | $ apt-cache policy libguestfs-tools
libguestfs-tools:
Installed: (none)
Candidate: 1:1.38.0-4
Version table:
1:1.38.0-4 700
300 http://ftp.de.debian.org/debian sid/main s390x Packages
1:1.36.13-1ubuntu3 500
500 http://ports.ubuntu.com/ubuntu-ports bionic/universe s390x Packages
|
The package is in both repositories, the newer one is in Debian Sid,
and it has the higher priority because its name matches the pattern we
specified in the preferences file, and is therefore the install candidate
with a priority of 700
.
With all the things from above, I was able to get the packages (and their dependencies) in a version current enough to get the job done.
It is also possible to enforce downgrades of a package or avoid an installation at all. The man page [6] has the details you need to determine how to fulfill your use case.
Doing that in a multi-purpose host which needs to be kept updated, brings the risk that you potentially make that system unstable and less predictable. Doing that in a single-purpose immutable host, e.g. packaged as Docker image, might be a good enough band-aid until a new Ubuntu release comes out which contains the package in the version you need.
[1] | http://libguestfs.org/ |
[2] | https://bugzilla.redhat.com/show_bug.cgi?id=1376547 |
[3] | https://www.redhat.com/archives/libguestfs/2017-May/msg00066.html |
[4] | https://github.com/libguestfs/libguestfs/commit/5b60dd4eff02f48d344bcdad0d4bad4676ca9168 |
[5] | https://packages.debian.org/sid/s390x/libguestfs0/download |
[6] | https://linux.die.net/man/5/apt_preferences |