Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Apt package pinning and priorities



Priority values

From man page: man apt_preferences

        P >= 1000
           causes a version to be installed even if this constitutes a downgrade of the

       990 <= P < 1000
           causes a version to be installed even if it does not come from the target
           release, unless the installed version is more recent

       500 <= P < 990
           causes a version to be installed unless there is a version available belonging to
           the target release or the installed version is more recent

       100 <= P < 500
           causes a version to be installed unless there is a version available belonging to
           some other distribution or the installed version is more recent

       0 < P < 100
           causes a version to be installed only if there is no installed version of the

       P < 0
           prevents the version from being installed

       P = 0
           has undefined behaviour, do not use it.

Package source info


      the Archive: or Suite: line
             Pin: release a=xenial-backports

      the Codename: line
             Pin: release n=xenial

      the Version: line
             Pin: release v=16.04

      the Component: line
             Pin: release c=multiverse

      the Origin: line
               Pin: release o=Ubuntu

      the Label: line
               Pin: release l=Ubuntu

Default target release priorty

Some guides might advise setting the target release version. E.g. in /etc/apt/apt.conf.d/01-ubuntu-release

APT::Default-Release "xenial";

This in effect boosts packages with the codename 'xenial' from priorty 500 to 990.


  • The above seems to operate on the codename n=xenial and overwrites/supeceeds other rules specified for priorities. Even 3rd party and PPA packages with the label 'xenial' get set to priorty 990.
  • In Ubuntu 16.04, the default priority is 500 for ubuntu repo packages and the target release is left unspecified.

Therefore, the above is not advise if you prefere more advanced fine-grained priorities based on the archive info.

How to lower the priority of backported packages

Enable using backports in /etc/apt/sources.list

deb xenial-backports universe multiverse restricted main

By default, xenial-backports would get the same priorty as other archives, e.g. xenial, xenial-updates and xenial-security.

Force a lower priority for backported packaged so that they are not used or upgraded to by default in /etc/apt/preferences.d/priority-ubuntu

Package: *
Pin: release o=Ubuntu,a=xenial,n=xenial
Pin-Priority: 990

Package: *
Pin: release o=Ubuntu,a=xenial-updates,n=xenial
Pin-Priority: 990

Package: *
Pin: release o=Ubuntu,a=xenial-security,n=xenial
Pin-Priority: 990

Package: *
Pin: release o=Ubuntu,a=xenial-backports,n=xenial
Pin-Priority: 900

How to examine priority affect on package selection policy

Inspect policy

$ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 xenial/main amd64 Packages
     release v=16.04,o=LP-PPA-webupd8team-java,a=xenial,n=xenial,l=Oracle Java (JDK) 7 / 8 / 9 
 900 xenial-backports/main amd64 Packages
     release v=16.04,o=Ubuntu,a=xenial-backports,n=xenial,l=Ubuntu,c=main,b=amd64
 500 xenial/partner amd64 Packages
     release v=16.04,o=Canonical,a=xenial,n=xenial,l=Partner archive,c=partner,b=amd64
 990 xenial-security/multiverse i386 Packages
     release v=16.04,o=Ubuntu,a=xenial-security,n=xenial,l=Ubuntu,c=multiverse,b=i386

The above policy

  • Favours packages in the main repo (990)
  • Next favours back-ported packages in the main repo (900)
  • The only allows packages from a PPA or alternate archive at default priorty (500)

The above is safer in that backports and PPA packages must be explicitly installed if they already exist in the offical repos.

Inspect policy for a package, e.g.

$ apt-cache show libarchive13 | grep Version
Version: 3.2.1-2~ubuntu16.04.1
Version: 3.1.2-11ubuntu0.16.04.2
Version: 3.1.2-11build1
$ apt-cache policy libarchive13
  Installed: 3.1.2-11ubuntu0.16.04.2
  Candidate: 3.1.2-11ubuntu0.16.04.2
  Version table:
     3.2.1-2~ubuntu16.04.1 900
        900 xenial-backports/main amd64 Packages
 *** 3.1.2-11ubuntu0.16.04.2 990
        990 xenial-updates/main amd64 Packages
        990 xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     3.1.2-11build1 990
        990 xenial/main amd64 Packages

Explicitly install package with lower priority

Assume a PPA was installed, but the package also exists in the normal Ubuntu repo. For example, the current conky package in 'xenial' has a dual screen bug. The PPA version is newer with the bug fixed.

$ sudo add-apt-repository ppa:vincent-c/conky
$ sudo apt-get update

The PPA version is more recent, but the above priorities will favour the offical repo instead of the PPA

$ apt-cache policy conky-all
  Installed: 1.10.1-3
  Candidate: 1.10.1-3
  Version table:
     1.10.3-1~ppa1~xenial1 500
        500 xenial/main amd64 Packages
 *** 1.10.1-3 990
        990 xenial/universe amd64 Packages
        100 /var/lib/dpkg/status

Force the higher version

$ sudo apt-get install conky-all=1.10.3-1~ppa1~xenial1

Favour newer versions in PPA

Inspect attributes for the conky PPA repo

$ apt-cache policy | grep -A 2 -E 'ppa.*conky'
 500 xenial/main i386 Packages
     release v=16.04,o=LP-PPA-vincent-c-conky,a=xenial,n=xenial,l=Conky,c=main,b=i386
 500 xenial/main amd64 Packages
     release v=16.04,o=LP-PPA-vincent-c-conky,a=xenial,n=xenial,l=Conky,c=main,b=amd64

To make this policy exception affective without needing to force the version edit /etc/apt/preferences.d/priority-conky

Package: *
Pin: LP-PPA-vincent-c-conky,a=xenial,n=xenial,l=Conky
Pin-Priority: 990

Take caution, as any extra depency pacakges in that repo will overwite supported packages in the offical repo if they have a newer version

Risky method for getting newer packages from next development release

One can include the next/newer development releases packages, but there are risks:

  • It might have dependanceis on core libs with regressions that will break the current release.
  • Software isn't supported or full tested - unstable.
  • Using a PPA for that specific package is probably a safer bet!

Add extra/alternate binary packages to /etc/sources.d/ubuntu-yakkety.list

deb yakkety main restricted universe multiverse
deb yakkety-updates main restricted universe multiverse
deb yakkety-security main restricted universe multiverse

Set low priority (so that package is only installed if it doesn't exist for normal release) in /etc/apt/preferences.d/priority-ubuntu

Package: *
Pin: o=Ubuntu,n=yakkety
Pin-Priority: 400

N.B.! When searching for packages via apt-cache or using apt-get install, be very cautious about accidentailly pulling in newer core libaries. Even if pinned as a lower priority than the current release, if the package isn't in the current release's repo, then apt-cache and apt-get install will point to the only available package (and it's dependancies) in the unstalbe development release!

Safer alternative method is building from source packages in the development release

For the newer ubuntu release, advoid using binary packages given they might cause and unintentionally force upgrading new versions of core libraries such as libc6. The alternative is to use source packages. A drawback however, is that a lot of source build dependancies might get pulled in!

Add extra/alternate source packages to /etc/apt/sources.list.d

deb-src yakkety main restricted universe multiverse
deb-src yakkety-updates main restricted universe multiverse
deb-src yakkety-security main restricted universe multiverse

Update repo lists, get build dependancies, and install from source

sudo apt-get update
sudo apt-get build-dep conky
sudo apt-get -b source -t yakkety conky
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.