Avoiding Debian Headaches: Apt Pinning By Example

I use Virtualmin on my Linode VPS. When it Debian 6.0 was first released, Virtualmin only supported 5.0 (lenny), not unstable or 6.0 (squeeze). I was unwittingly auto-upgraded, hosing the Virtualmin install. Cleaning up the mess required a re-install, and these are some notes on my setup so I don’t get surprised by the apt package manager again in the future:

/etc/apt/sources.list

Make sure release codenames are named, like ‘lenny’ rather than ‘stable’, unless you’d like to be upgraded to the next dist without warning!

## main & security repositories
deb http://ftp.us.debian.org/debian/ lenny main
deb-src http://ftp.us.debian.org/debian/ lenny main
deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

#deb http://ftp.us.debian.org/debian/ lenny contrib
#deb-src http://ftp.us.debian.org/debian/ lenny contrib
#deb http://security.debian.org/ lenny/updates contrib
#deb-src http://security.debian.org/ lenny/updates contrib

#deb http://ftp.us.debian.org/debian/ lenny non-free
#deb-src http://ftp.us.debian.org/debian/ lenny non-free
#deb http://security.debian.org/ lenny/updates non-free
#deb-src http://security.debian.org/ lenny/updates non-free
deb http://software.virtualmin.com/gpl/debian/ virtualmin-lenny main
deb http://software.virtualmin.com/gpl/debian/ virtualmin-universal main

#DCL: backports
deb http://Backports.Debian.Org/debian-backports lenny-backports main contrib non-free
deb-src http://Backports.Debian.Org/debian-backports lenny-backports main contrib non-free

#DCL: unstable
deb http://ftp.us.debian.org/debian unstable main non-free contrib
deb-src http://ftp.us.debian.org/debian unstable main non-free contrib

/etc/apt/preferences

Make sure you read the apt_preferences man page!

Package: *
Pin: release a=lenny
Pin-Priority: 700 

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200 

Package: *
Pin: release a=unstable
Pin-Priority: -10 

How to use

To install from backports, aptitude -t lenny-backports <pkg-name>. It will then be auto-updated from lenny-backports in the future because of the 200 pin priority, as per the backports instructions.

To install from unstable, aptitude -t unstable <pkg-name>. The negative pin priority prevents it from being auto-updated. This is useful because it may otherwise drag the whole system up to the unstable versions.