I want to get a warning when apt installing from certain sources, like restricted and multiverse

Is there a way to make apt give a warning whenever I'm about to install a package from certain sources?

For example, suppose I specify main, universe and certain PPAs as "OK" (since they basically only have FLOSS if I understand correctly). Then I'd like to get some warning whenever I apt install packages or dependencies that are outside of these whitelisted repositories. I don't want to disable these sources. I just want to get a warning listing which packages are not in whitelisted sources, but still have the option to continue anyway.

I'd prefer a warning, but I'd also be fine with an error that I can easily bypass by repeating the last command using some flag to decide "I'm sure I want them" (or by using normal apt easily without much editing of the command). I'm looking for an apt-compatible command-line solution, not aptitude or any other complex or GUI software.

If this isn't a native capability of apt, we could use some custom script which calls apt-get and dpkg (as long as it's well explained and not overly complex to analyze).

Desired example usage (where apt-free.sh could call apt or apt-get with same parameters and process the output):

$ sudo apt-free install pkg1-free pkg2-proprietary
# The following additional packages will be installed:
#   pkg2-dependency1-free pkg1-dependency1-notfree pkg1-dependency2-notfree
# [...] normal apt output ...
# [...] xxx MB of disk space will be used.
# WARNING: Some packages are NOT in whitelisted sources!
#   pkg1-dependency1-notfree :: http://security.ubuntu.com/ubuntu focal-security restricted
#   pkg1-dependency2-notfree :: https://apt.example.com/ stable main
#   pkg2-proprietary :: http://archive.ubuntu.com/ubuntu focal multiverse
# Proceed? [Y/n] n

$ sudo apt install pkg1-free pkg2-proprietary
# The following additional packages will be installed:
# [...] normal apt output (same but no warning) ...
# Proceed? [Y/n] y

This would be a really cool tool to have for people who want to better manage software licenses and keep track of non-FLOSS software. While restricting yourself to FLOSS would be ideal, sometimes you want to allow non-FLOSS software to be at least discovered, while still being able to make an informed decision on whether or not to install them. Vanilla apt is a bit lacking in this regard, and this tool would be a great improvement in promoting user choice.

It'd be awesome if someone with knowledge could write such script (I assume it's possible to do it without too much complexity) or point me something equivalent. Again, note that I don't want to have to enable/disable sources and apt update all the time.
Is anyone up for the challenge 😁 ?


Solution 1:

Thanks to this answer I sort of found a solution for this, using APT pins. Not sure how this works for dependencies (I didn't test it), but it seems like the best solution I can find for now, at least for packages without non-free dependencies.

This prevents apt from finding proprietary package versions, so apt won't install or upgrade any package in restricted or multiverse unless I whitelist it or ask for a specific version. Tab completion in apt install still works as normal, even for these packages.

sudo nano /etc/apt/preferences.d/proprietary-exceptions.pref && sudo apt update
Explanation: Whitelisted proprietary packages from restricted and multiverse
Package: pkg1-cool pkg2-cool
Pin: release o=Ubuntu
Pin-Priority: 990

Explanation: Prevent APT from finding proprietary package versions in multiverse
Package: *
Pin: release c=multiverse
Pin-Priority: -1

Explanation: Prevent APT from finding proprietary package versions in restricted
Package: *
Pin: release c=restricted
Pin-Priority: -1

So apt install pkg1-proprietary will fail saying it has "no installation candidate".

I can still install a specific version, but I get no updates: apt install pkg1-proprietary=v1.0.1

To allow installation and updates, I have to whitelist it in this file (maybe dependencies too?). To make an empty whitelist, I can simply use an invalid package name like "none" (or just remove the first section).