How do I check the origin and archive of a package?

The method to find the package identification(Origin, Archive, etc) is to check the Release file of the repository. The Release file is located at directory /var/lib/apt/lists/, and named after your repository URI path.

For example, my Debian operating system's third party Release file is /var/lib/apt/lists/mirrors.ustc.edu.cn_dotdeb_packages.dotdeb.org_dists_wheezy_Release. Its content is as below:

Origin: packages.dotdeb.org
Label: packages.dotdeb.org
Suite: stable
Codename: wheezy
Architectures: i386 amd64
Components: all
MD5Sum:
 7b0372c2d39e7574ff3360513577371a 90169 all/binary-amd64/Packages
 d9d802d8f7c7db495ee3d66202e757df 16777 all/binary-amd64/Packages.bz2
 c878a40df3d1c1a35a2df2bb5f1b0945 17803 all/binary-amd64/Packages.gz
 bab1973f5a315e894ba11c93476d2eea 90134 all/binary-i386/Packages
 3ad627d656bd2b663f63184a3d2dead6 16802 all/binary-i386/Packages.bz2
 9a39629120f5735e727d9c5f7b93685e 17806 all/binary-i386/Packages.gz
 f0d3d108cc53373e65bf008a454a6c9b 13431 all/source/Sources
 f52943cb088a96e24aff985ffbbb5dd2 4239 all/source/Sources.bz2
 a7cc0f55dc5d885dda5ea6fa14a20492 4291 all/source/Sources.gz
SHA1:
 0b396db57ee74d25a66c3b003dfc8df40575ec22 90169 all/binary-amd64/Packages
 9730122304e2a5018231fd9735a7cddb215b9264 16777 all/binary-amd64/Packages.bz2
 fc31511be43f3bd62509843039ae7ee5fa2e6e42 17803 all/binary-amd64/Packages.gz
 f33c1260a3db7593ef9dd7d8c8717d754d34652a 90134 all/binary-i386/Packages
 e1032286e95fb396ddef773799675e2539b8dd76 16802 all/binary-i386/Packages.bz2
 bc566974412402f959f9f519450b35151bc12c59 17806 all/binary-i386/Packages.gz
 e8b9a8c659bae2ac41187bb9bbc3e866527aaf57 13431 all/source/Sources
 2d1f8e9656c23f899d0475a5ef097b13d1724a60 4239 all/source/Sources.bz2
 0bd911daf399f742279794f6722d937420616676 4291 all/source/Sources.gz
SHA256:
 fb102dbedf57e311e9fd4694edeb856bd186e4f5301765efd8ca9210a607a3dd 90169 all/binary-amd64/Packages
 66d6eaea52e1c69fcc9ef2279bf808d8f55cdfa932e72e4fada11d2bddcda9a7 16777 all/binary-amd64/Packages.bz2
 16d5513b83fb5c442e12fb0c54bbe7fb1c065c28810b158b8f97444063af2d38 17803 all/binary-amd64/Packages.gz
 1dacf00be5f242bd89f142e1a8e6b660525398b04558ac3715b6f05746207d4c 90134 all/binary-i386/Packages
 2e3ee584d47ad2ec18b6a2b06e08facb62ed09c7c51dfde7bdc500901c475088 16802 all/binary-i386/Packages.bz2
 fea4c9c9fa10f07c2821e9e0dac464d3b6443770727a907766f98716e52425db 17806 all/binary-i386/Packages.gz
 2b124de5b3bcabe694d637621f448106787df104bcb69fbdf4c6057103347cbd 13431 all/source/Sources
 6a9ccffeb3392f8fcc158fcf8da1c2dcb2435afcc9e9d1ca7cb5d2e070e5f630 4239 all/source/Sources.bz2
 761c5d086a7b418c75e680a3d9320cb8958cb00e688a4379bb73ce967b632391 4291 all/source/Sources.gz

Then I add the following line in Unattended-Upgrade::Origins-Pattern section:

        "o=packages.dotdeb.org,a=stable";

Ok, I found a way that's enough for my immediate purpose, even though it isn't general enough. I'll leave the answer here, but I will not accept it.

When running unattended-upgrade -d, it will log information about the packages with upgrades available. This information contains origin and archive. For example:

2010-10-27 13:21:28,734 DEBUG Checking: postgresql-8.4 (["component: 'main' archive: 'lenny-backports' origin: 'Debian Backports' label: 'Debian Backports' site 'backports.debian.org' isTrusted: 'True'"])

The script unattended-upgrade itself is Python, and uses python-apt, an interface to libapt-pkg, to get that information.


The following command lists all the versions of a given package available from all sources configured in your sources.list:

apt-cache policy <packagename>

EDIT

Here is sample output from a system with multiple sources in sources.list.

# apt-cache policy nano
nano:
  Installed: 2.0.7-5
  Candidate: 2.2.5-1
  Version table:
     2.2.5-1 0
        500 http://mirrors.kernel.org sid/main Packages
     2.2.4-1 0
        500 http://mirrors.kernel.org squeeze/main Packages
 *** 2.0.7-5 0
        500 http://mirrors.kernel.org lenny/main Packages
        100 /var/lib/dpkg/status

The version table shows the available package versions, priorities, archive URLs, and suites.