Home / server / Questions / 426780
In Process
Hamish Downer
Asked: 2012-09-13 06:41:06 +0800 CST

Apt pin and self hosted apt repo

  • 772

We have our own apt/deb repository with a handful of packages where we want to control the version. Crucially this includes puppet, which can be sensitive to versions being different.

I want our desktops to only get puppet from our repository, but also for people to be able to add their own PPAs, enable backports etc. The current problem we have is backports on Ubuntu Lucid. Some important lines from /etc/apt/sources.list:

deb http://gb.archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse
deb http://gb.archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse
deb http://gb.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse

deb http://deb.example.org/apt/ubuntu/lucid/ binary/

And in /etc/apt/preferences.d/puppet:

Package: puppet puppet-common
Pin: release a=binary
Pin-Priority: 800

Package: puppet puppet-common
Pin: release a=lucid-backports
Pin-Priority: -10

Currently policy says:

$ sudo apt-cache policy puppet
puppet:
  Installed: (none)
  Candidate: (none)
  Package pin: 2.7.1-1ubuntu3.6~lucid1
  Version table:
     2.7.1-1ubuntu3.6~lucid1 -10
        500 http://gb.archive.ubuntu.com/ubuntu/ lucid-backports/main Packages
        100 /var/lib/dpkg/status
     2.6.14-1puppetlabs1 -10
        500 http://deb.example.org/apt/ubuntu/lucid/ binary/ Packages
     0.25.4-2ubuntu6.8 -10
        500 http://gb.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
     0.25.4-2ubuntu6 -10
        500 http://gb.archive.ubuntu.com/ubuntu/ lucid/main Packages

If I use n= instead of a= then I get Package pin: (not found)

I'm just plain confused at this point as to what I should use. Any help appreciated.

Edit

I've spent some more time reading the apt/preferences man page and found the origin keyword. So I've now tried:

Explanation: get puppet from our server
Explanation: priority over 1000 means downgrade if necessary
Package: puppet puppet-common
Pin: origin "deb.example.org"
Pin-Priority: 1001

I did delete the backports line. The man page says that a priority over 1000 will lead to a downgrade. But as it is there is nothing installed. I still get Package pin: (not found) and Candidate: (not found) while still getting the full version table above. I don't see why my origin doesn't change the priority of the deb.example.org one.

ubuntu

1 Answers

  1. This answer will obviously depend on how you package up and distribute packages such as puppet in your own private repo but an alternative option to consider would be to make company specific versions with a prefixed name to avoid clashes with the "main" repositories such as backports.

    So instead of puppet, use abc-puppet where abc is shorthand for your company.

    • 1