Simple pinning (Shallow Thoughts)

Akkana's Musings on Open Source, Science, and Nature.

Sun, 01 Mar 2009

Simple pinning

"Pinning" is the usual way Debian derivatives (like Ubuntu) deal with pulling software from multiple releases. For instance, you need an updated gtk or qt library in order to build some program, but you don't want to pull in everything else from the newer release.

But most people, upon trying to actually set up pinning, get lost in the elaborate documentation and end up deciding maybe they don't really need it after all.

For years, I've been avoiding needing to learn pinning because of a wonderful LinuxChix Techtalk posting from Hamster years ago on easier method of pinning releases Basically, you add a line like:

APT::Default-Release "hardy";
to your /etc/apt/apt.conf (creating it if it doesn't already exist). Then when you need to pull something from the newer repository you pull with apt-get install -t hardy-backports packagename.

That's generally worked for me, until yesterday when I tried to pull a -dev package and found out it was incompatible with the library package I already had installed. It turned out that the lib package came from hardy-security, which is considered a different archive from hardy, so my Default-Release didn't apply to security updates (or bugfixes, which come from hardy-updates).

You can apparently only have one Default-Release. Since Ubuntu uses three different archives for hardy the only way to handle it is pinning. Pinning is documented in the man page apt_preferences(5) -- which is a perfect example of a well intentioned geek-written Unix man page. There's tons of information there -- someone went to a lot of work, bless their heart, to document exactly what happens and why, down to the algorithms used to decide priorities -- but straightforward "type X to achieve effect Y" examples are lost in the noise. If you want to figure out how to actually set this up on your own system, expect to spend a long time going back and forward and back and forward in the man page correlating bits from different sections.

Ubuntu guru Mackenzie Morgan was nice enough to help me out, and with her help I got the problem fixed pretty quickly. Here's the quick recipe:

First, remove the Default-Release thing from apt.conf.

Next, create /etc/apt/preferences and put this in it:

Package: *
Pin: release a=hardy-security
Pin-Priority: 950

Package: *
Pin: release a=hardy-updates
Pin-Priority: 940

Package: *
Pin: release a=hardy
Pin-Priority: 900

# Pin backports negative so it'll never try to auto-upgrade
Package: *
Pin: release a=hardy-backports
Pin-Priority: -1

Here's what it means:

a= means archive, though it's apparently not really needed.

The hardy-security archive has the highest priority, 950. hardy-updates is right behind it with 940 (actually, setting these equal might be smarter but I'm not sure it matters).

hardy, which apparently is just the software initially installed, is lower priority so it won't override the other two.

Finally, hardy-backports has a negative priority so that apt will never try to upgrade automatically from it; it'll only grab things from there if I specify apt-get install -t hardy-backports.

You can put comments (with #) in /etc/apt/preferences but not in apt.conf -- they're a syntax error there (so don't bother trying to comment out that Default-Release line).

And while you're editing apt.conf, a useful thing to put there is:

APT::Install-Recommends "false";
APT::Install-Suggests "false";
which prevents apt from automatically installing recommended or suggested packages. Aptitude will still install the recommends and suggests; it's supposed to be configurable in aptitude as well, but turning it off never worked for me, so mostly I just stick to apt-get.

Tags: , ,
[ 20:19 Mar 01, 2009    More linux/install | permalink to this entry ]