This post series is to clarify some of the more advanced stuff about how apt works, specifically when dealing with multiple repositories and versions, that you might want to use apt-pinning to sort out.
What is a repository?
This is an important question, because answering it explains where a lot of the different fields or tags come from when you’re describing how to select packages.
A repository is just a web server, with files arranged in a specific way that allows apt to collect all the metadata about all the hosted packages and then download the one you want.
Lets take a look at sources.list to find one, the default for Debian 12 (Bookworm) is:
deb http://deb.debian.org/debian bookworm main contrib non-free-firmware non-free deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free
so the first deb just tells us this repository contains the binary files, the only other option is deb-src, which means instead it contains the source code. The next bit http://deb.debian.org/debian is the url for the repository, so before we look the rest of the line, lets look there:
As you can see it’s just a list of files and folder, and conveniently the owner of the repo has implemented a nice web interface so we can see that. The critical info is in the dists/ folder:
There’s quite a few things in here, but actually less than it first appears. So there are versions of debian referred to in 3 different ways:
- Version – the 3 Debian XX.YY folders at the top
- Release Codename – bookworm, trixie etc.
- Suite names or release aliases – stable, testing etc.
You also have a sub suite or sub release for some combination of
- backports
- backports-sloppy
- updates
- proposed-updates
Lets open up bookworm
Notice that the 4 names of the folders at the bottom match the last 4 values on the deb line, but for now well have a look at Release (it’s a plain text file)
Origin: Debian Label: Debian Suite: stable Version: 12.11 Codename: bookworm Changelogs: https://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog Date: Sat, 17 May 2025 09:13:04 UTC Acquire-By-Hash: yes No-Support-for-Architecture-all: Packages Architectures: all amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x Components: main contrib non-free-firmware non-free Description: Debian 12.11 Released 17 May 2025 MD5Sum: 0ed6d4c8891eb86358b94bb35d9e4da4 1484322 contrib/Contents-all d0a0325a97c42fd5f66a8c3e29bcea64 98581 contrib/Contents-all.gz f49a4e0893e46866e12d086ec218fd81 840868 contrib/Contents-amd64 06c8860da678334327980e51b5c1780b 60955 contrib/Contents-amd64.gz ...
Now we’re getting somewhere. This has a lot of useful data laid out in black and white
| Field | Data | Description |
| Origin | Debian | Who made the package |
| Label | Debian | ? (appears to always be “Debian” in here) |
| Suite | stable | |
| Version | 12.11 | |
| Codename | bookworm | |
| Architectures | all amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x | List of processor architectures for which this repository contains compiled software |
| Components | main contrib non-free-firmware non-free | Subdivisions within the repository – for the main Debian repositories the distinction is about how free the software is. |
Lets drill a bit deeper. If you do into main/binary-amd64/ the, download and extract Packages.gz you’ll get another plain text file with a massive list of data about the packages you can install, here’s an excerpt:
... Package: apt Version: 2.6.1 Installed-Size: 4232 Maintainer: APT Development Team <deity@lists.debian.org> Architecture: amd64 Replaces: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~) Provides: apt-transport-https (= 2.6.1) Depends: adduser, gpgv | gpgv2 | gpgv1, libapt-pkg6.0 (>= 2.6.1), debian-archive-keyring, libc6 (>= 2.34), libgcc-s1 (>= 3.0), libgnutls30 (>= 3.7.5), libseccomp2 (>= 2.4.2), libstdc++6 (>= 11), libsystemd0 Recommends: ca-certificates Suggests: apt-doc, aptitude | synaptic | wajig, dpkg-dev (>= 1.17.2), gnupg | gnupg2 | gnupg1, powermgmt-base Breaks: apt-transport-https (<< 1.5~alpha4~), apt-utils (<< 1.3~exp2~), aptitude (<< 0.8.10) Description: commandline package manager Description-md5: 9fb97a88cb7383934ef963352b53b4a7 Tag: admin::package-management, devel::lang:ruby, hardware::storage, hardware::storage:cd, implemented-in::c++, implemented-in::perl, implemented-in::ruby, interface::commandline, network::client, protocol::ftp, protocol::http, protocol::ipv6, role::program, scope::application, scope::utility, suite::debian, use::downloading, use::organizing, use::playing, use::searching, works-with-format::html, works-with::audio, works-with::software:package, works-with::text Section: admin Priority: required Filename: pool/main/a/apt/apt_2.6.1_amd64.deb Size: 1372852 MD5sum: 2a077296b9b9f4f8b027f86d9500192b SHA256: 6ea03cbbc7a7bfcee601c9fb08d4e026fd522ede5350561f06867ad9c0a0fa6b Package: apt-doc Source: apt ...
Here you’ve got the name of the package, it’s version, processor architecture and dependencies and some metadata like the Description, Tags, Section (for a categorised list). The file hashes at the end are used by apt to download the file.
More reading:
- Apt Configuration: https://wiki.debian.org/AptConfiguration#apt_preferences_.28APT_pinning.29
- Apt preferences (ie. apt pinning) https://manpages.debian.org/buster/apt/apt_preferences.5.en.html
- APT Repositories Explained https://gist.github.com/CodingKoopa/3b30afe8c91e3950f6b124cd2abe3b6b
apt-cache policyapt-cache policy [packagename]