I want to block all packages from non-free, except for those that I
name explicitly. Currently, I have:
/etc/apt/sources.list :
deb http://ftp.us.debian.org/debian stable main contrib non-free
/etc/apt/preferences.d/non-free_policy :
Explanation: Disable packages from `non-free` tree by default Package: * Pin: release c=non-free Pin-Priority: -1
(The idea is, that I add an explicit stanza for every package I want from non-free.)
But it doesn’t work:
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="13617c7c6753607a7f717661">[email protected]</a>:/etc/apt/preferences.d# apt-get -s install firmware-linux-nonfree Paketlisten werden gelesen... Fertig Abhängigkeitsbaum wird aufgebaut. Statusinformationen werden eingelesen.... Fertig Die folgenden NEUEN Pakete werden installiert: firmware-linux-nonfree 0 aktualisiert, 1 neu installiert, 0 zu entfernen und 0 nicht aktualisiert. Inst firmware-linux-nonfree (0.43 Debian:8.4/stable [all]) Conf firmware-linux-nonfree (0.43 Debian:8.4/stable [all])
What am I missing?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You need to ensure you don’t have another, more general pin priority which takes priority over your non-free-excluding rule. (This includes the APT::Default-Release configuration setting which assigns a high priority to the given release.)
For example, if your /etc/apt/preferences file (or another file in /etc/apt/preferences.d) contains something like the following:
Package: * Pin: release a=unstable Pin-Priority: 200
then unstable packages will have pin priority 200, regardless of the component. To make this work with your additional file, you should change this to
Package: * Pin: release a=unstable, c=main Pin-Priority: 200
(and add an additional stanza for contrib if you care about that). (In your case you would have stable of course.)
You can check the effect of your pin priorities by running
apt-cache policy
If your non-free-excluding configuration is working correctly, you should see entries for all the suites you’re tracking, on non-free, with a pin-priority of -1. Once that’s working, you’ll find that you can no longer install raccoon, or in fact any non-free package (even if mentioned explicitly) — you’ll need to add the non-free packages you want to your configuration file, with an appropriate pin priority.
As an example, here’s the setup I use: I have a file named /etc/apt/preferences.d/non-free containing
Package: intel-microcode Pin: release n=buster, c=non-free Pin-Priority: 100 Explanation: Disable packages from non-free tree by default Package: * Pin: release c=non-free Pin-Priority: -1
Non-free packages still appear in searches, but I can’t install them:
$ sudo apt install lmbench Reading package lists... Done Building dependency tree Reading state information... Done Package lmbench is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'lmbench' has no installation candidate
and apt policy agrees:
$ apt policy lmbench
lmbench:
Installed: (none)
Candidate: (none)
Version table:
3.0-a9+debian.1-2 -1
-1 http://ftp.fr.debian.org/debian buster/non-free amd64 Packages
-1 http://ftp.fr.debian.org/debian testing/non-free amd64 Packages
-1 http://ftp.fr.debian.org/debian unstable/non-free amd64 Packages
But intel-microcode is installable and upgradable. Thus after a forced downgrade to the oldstable version, I get
$ apt policy intel-microcode
intel-microcode:
Installed: 3.20190618.1~deb9u1
Candidate: 3.20190618.1
Version table:
3.20190618.1 100
-1 http://ftp.fr.debian.org/debian buster/non-free amd64 Packages
-1 http://ftp.fr.debian.org/debian testing/non-free amd64 Packages
-1 http://ftp.fr.debian.org/debian unstable/non-free amd64 Packages
*** 3.20190618.1~deb9u1 100
100 /usr/var/lib/dpkg/status
$ apt list --upgradable
intel-microcode/stable,testing,unstable 3.20190618.1 amd64 [upgradable from: 3.20190618.1~deb9u1]
The apt policy output ends up somewhat confusing — refer to the “Candidate” line to see what’s really going to happen.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0