Translation(s): English - Español - Français - Italiano - Português (Brasil) - Русский
Contents
Configuring Apt Sources
Apt downloads packages from one or more software repositories (sources) and installs them onto your computer.
A repository is generally a network server, such as the official DebianStable repository. Local directories or CD/DVD are also accepted.
The specific repositories (package sources) configured on your machine affect:
- What software packages are available for download
- What versions of packages are available
- Who packages the software
Commonly used package sources
DebianStable: official Debian repository for the current release
StableProposedUpdates: official Debian repository for upcoming point releases (security and important bug fixes every ~2 months)
StableUpdates: official Debian repository for changes that cannot wait for the next point release, packages are also added to StableProposedUpdates for inclusion in the next point release
DebianSecurity: official Debian repository for frequent security updates
DebianBackports: more recent versions of some packages, compatible with DebianStable.
DebianTesting: current development state of the next stable Debian distribution
DebianUnstable: rolling development version containing the latest packages
DebianExperimental: development version containing the experimental/alpha/beta/untested packages
Editing software sources
Precautions
Being able to change the repositories used by your package management system is a powerful feature but this power comes with some responsibility. Users are cautioned that it is possible to break your system (in a way that could be difficult or impossible to cleanly fix) by adding third-party repositories, or repositories for a Debian version that does not match your current version - these repository create a risk of conflicting package versions, creating what's sometimes called a "Franken-Debian" system. The whole concept behind a Debian stable release is that the Debian developers have picked a set of software and their versions that function nicely together. While this software is patched to fix security issues, the software is frequently not the latest version. It takes some experience to know how the repos may be changed without risk of breaking your system. Users of all levels are advised to change repos cautiously.
Using a graphical program
Some programs allow configuring Apt sources through a graphical interface. For example:
Applications menu > Settings > Software and updates (software-properties-gtk package)
Using a text editor
The main Apt sources configuration file is at /etc/apt/sources.list. You can edit this file (as root) using your favorite text editor. See the sources.list manual page for more info.
To add custom sources, creating separate files under /etc/apt/sources.list.d/ in DEB822 source format is preferred. See the deb822 manual page for more info.
sources.list format
The entries in this file normally follow this format:
deb http://site.example.com/debian distribution component1 component2 component3 deb-src http://site.example.com/debian distribution component1 component2 component3
Archive type
The first word on each line, deb or deb-src, indicates the type of archive. Deb indicates that the archive contains binary packages (deb), the pre-compiled packages that we normally use. Deb-src indicates source packages, which are the original program sources plus the Debian control file (.dsc) and the diff.gz containing the changes needed for packaging the program.
Repository URL
The next entry on the line is a URL to the repository that you want to download the packages from. The main list of Debian repository mirrors is located here.
Distribution
The 'distribution' can be either the release code name / alias ( stretch, buster, bullseye, bookworm, sid) or the release class (oldoldstable, oldstable, stable, testing, unstable) respectively. If you mean to be tracking a release class then use the class name, if you want to track a Debian point release, use the code name. Avoid using stable in your sources.list as that results in nasty surprises and broken systems when the next release is made; upgrading to a new release should be a deliberate, careful action and editing a file once every two years is not a burden.
For example, if you always want to help test the testing release, use 'testing'. If you are tracking trixie and want to stay with it from testing to end of life, use 'trixie'.
Component
main consists of DFSG-compliant packages, which do not rely on software outside this area to operate. These are the only packages considered part of the Debian distribution.
contrib packages contain DFSG-compliant software, but have dependencies not in main (possibly packaged for Debian in non-free).
non-free contains software that does not comply with the DFSG.
The Debian project has taken the decision in 2022-10 to create a new repository component non-free-firmware, and include its content on installation media for the Debian bookworm to make things easier for our users.
And if you choose to get more information, feel free to follow the firmware GR result - what happens next?.
The Debian wiki has a page about firmware for older releases, bookworm and later.
Example sources.list
Below is an example of a sources.list for Debian 12/Bookworm (stable) released 10th June 2023.
deb http://deb.debian.org/debian bookworm main non-free-firmware deb-src http://deb.debian.org/debian bookworm main non-free-firmware deb http://security.debian.org/debian-security bookworm-security main non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware deb http://deb.debian.org/debian bookworm-updates main non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
The equivalent entry in deb822 style under /etc/apt/sources.list.d/debian.sources looks like this:
Types: deb deb-src URIs: http://deb.debian.org/debian Suites: bookworm bookworm-updates Components: main Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src URIs: http://security.debian.org/debian-security Suites: bookworm-security Components: main Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
If you need the contrib, non-free and non-free-firmware components, add contrib non-free non-free-firmware after main. For example, for Debian 12/Bookworm:
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
The equivalent entry in deb822 style including the non-free and non-free-firmware components:
Types: deb deb-src URIs: http://deb.debian.org/debian Suites: bookworm bookworm-updates Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src URIs: http://security.debian.org/debian-security Suites: bookworm-security Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
If you need the Backports, contrib, and non-free components, add bookworm-backports lines. For example, for Debian 12/Bookworm:
deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
The equivalent entry in deb822 style including the non-free non-free-firmware and bookworm-backports component:
Types: deb deb-src URIs: http://deb.debian.org/debian Suites: bookworm bookworm-updates bookworm-backports Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src URIs: http://security.debian.org/debian-security Suites: bookworm-security Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Below is an example of a sources.list for Debian 11/Bullseye (oldstable).
deb http://deb.debian.org/debian bullseye main deb-src http://deb.debian.org/debian bullseye main deb http://deb.debian.org/debian-security/ bullseye-security main deb-src http://deb.debian.org/debian-security/ bullseye-security main deb http://deb.debian.org/debian bullseye-updates main deb-src http://deb.debian.org/debian bullseye-updates main
If you need the contrib and non-free components, add contrib non-free after main. For example, for Debian 11/Bullseye:
deb http://deb.debian.org/debian bullseye main contrib non-free deb-src http://deb.debian.org/debian bullseye main contrib non-free deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free deb-src http://deb.debian.org/debian-security/ bullseye-security main contrib non-free deb http://deb.debian.org/debian bullseye-updates main contrib non-free deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
If you need the Backports, contrib, and non-free components, add bullseye-backports lines. For example, for Debian 11/Bullseye:
deb http://deb.debian.org/debian bullseye-backports main contrib non-free deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free
Questions about the support cycle? Click here
If you need the Debian Unstable, then change the distribution to unstable. Note that Updates and Security is not used since Unstable is a rolling development version consisting of the latest packages. That is, unstable main will be the only entry in sources.list.
deb http://deb.debian.org/debian/ unstable main deb-src http://deb.debian.org/debian/ unstable main
You can instead use https://... in all of the above lines to use the repositories over encrypted HTTPS connections if the according mirror supports HTTPS. (Users of Debian 9/Stretch or older releases will need to install the apt-transport-https package first.)
You can use a GNOME tool to edit your sources.list file. Access it through Menu → System → Administration → Software Sources.
Using Tor with Apt
Apt can retrieve and download updates through Tor. For this to work you need to install the tor and apt-transport-tor packages. You can then use the official onion services provided by Debian.
Here is an example sources.list using the onion services for Debian 11/Bullseye:
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main deb-src tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/ debian-security bullseye-security main deb-src tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/ debian-security bullseye-security main deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-updates main deb-src tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-updates main
CD-ROM
If you'd rather use your CD-ROM for installing packages or updating your system automatically with APT, you can put it in your /etc/apt/sources.list. To do so, you can use the apt-cdrom program like this:
# apt-cdrom add
with the Debian CD-ROM in the drive.
You can use -d for the directory of the CD-ROM mount point or add a non-CD mount point (i.e. a USB keydrive).
Name Resolution
On occasion name resolution can break.
# apt update 0% [Working]Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Unsupported socketcall: 20 Err:1 http://deb.debian.org/debian testing InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done W: Failed to fetch http://deb.debian.org/debian/dists/testing/InRelease Temporary failure resolving 'deb.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead.
You can temporarily work around it by obtaining the IP address from another machine, and then using the IP address rather than the URI:
echo "deb http://128.30.2.26/debian testing main" > /etc/apt/sources.list apt update Get:1 http://128.30.2.26/debian testing InRelease [232 kB] Get:2 http://128.30.2.26/debian testing/main s390x Packages [7583 kB] Get:3 http://128.30.2.26/debian testing/main Translation-en [5134 kB] Fetched 13.0 MB in 32s (403 kB/s) Reading package lists... Done
Debug Symbol Packages
To debug a crash you often need the related debug symbol files. For most Debian packages these are in dbgsym packages. These are available from a separate archive.
Here is an example entry for your sources.list for Debian 12/Bookworm dbgsym packages:
deb http://deb.debian.org/debian-debug/ bookworm-debug main
And an example for Debian 11/Bullseye:
deb http://deb.debian.org/debian-debug/ bullseye-debug main
The same if you running testing:
deb http://deb.debian.org/debian-debug/ testing-debug main
And one more example if you are using the unstable distribution:
deb http://deb.debian.org/debian-debug/ unstable-debug main
More information
A list of UnofficialRepositories to get extra software ( Skype, Opera, Google )
About deb.debian.org, a service that aims to solve the problem of choosing a Debian mirror.
DebianRepository/UseThirdParty - Instructions to use to a third-party repository
sources.list(5) manual page