How to only install updates from a specific repository?

Solution 1:

You can specify a release with -t option. As an example, I have added the following repository to /etc/apt/sources.list to install Iceweasel latest release:

deb http://mozilla.debian.net/ squeeze-backports iceweasel-release

As you know there is a same package iceweasel in the official Debian repository. If I want install Iceweasel from this specific release I run:

apt-get install -t squeeze-backports iceweasel

from apt-get manual page:

-t, --target-release, --default-release
           This option controls the default input to the policy engine, it creates a default pin at priority 990 using the specified
           release string. This overrides the general settings in /etc/apt/preferences. Specifically pinned packages are not affected by
           the value of this option. In short, this option lets you have simple control over which distribution packages will be retrieved
           from. Some common examples might be -t '2.1*', -t unstable or -t sid. Configuration Item: APT::Default-Release; see also the
           apt_preferences(5) manual page.

I think this is a better solution.

UPDATE: As @SuB mentioned in the comment, "-t specifies release not repository name. There is no repository name in Ubuntu (unlike RedHat based linux such as RHEL,Fedora,CentOS, ...)".

Solution 2:

Use Pinning

Pinning is a process that allows you to remain on a stable release of Ubuntu (or any other debian system) while grabbing packages from a more recent version. — help.ubuntu.com

You can disable automatic updates from certain repositories without entirely removing them via apt policies:

To disable automatic updates from repository repo, add a file
/etc/apt/preferences.d/repo with the following content:

Package: *
Pin: release n=repo
Pin-Priority: 50

Which will give all packages from this repository a lower priority than already installed packages (which have 100).

For more information man apt_preferences or check the Ubuntu Community Wiki.

Solution 3:

Short Answer

You need to pin the repositories you don't want to install from with a priority less than 100. Which means (from apt_preference man page)

100 <= P < 500
causes a version to be installed unless there is a version available belonging to some other distribution or the installed version is more recent

And to select a repository for pinning, you'd use fields from repositories' Release file. Such as archive, label, release, version etc. By specifying the values of these fields, you can precisely select a repository and assign your preferred priority to it. Check the apt_preference page for more details.

Long Answer

Before proceeding, we need to know some important thing about pinning. Those includes

1. Fields of Release files and It's mapping to apt-cache policy output

2. Format of apt preference files

3. Using Release files fields to set priority

1. Fields of Release file and apt-cache policy output

From Debian Wiki article

• Description
• Label
• Origin
• Version
• Suite
• Codename
• Components
• Architectures

You would see output from apt-cache policy like these

 500 http://mirrors.ircam.fr/pub/ubuntu/archive xenial/main amd64 Packages
 release v=16.04,o=Ubuntu,a=xenial,n=xenial,l=Ubuntu,c=main,b=amd64

The values in these lines comes from Release files.

• Description sets the description for a repository. This is not shown in apt-cache policy output

• Label it is the label of the repository. Many repositories have empty labels. It's shown in l=<label> in the output.

• Origin this tells about the origin of the repository. Official Ubuntu repository has Ubuntu as the value. Shown as o= in the output

• Version is the version of a distribution. It's 16.04 for Xenial. Shown as v= in the output

• Suite is same as Archive. From debian wiki it's is The name of the distribution of Debian the packages in this directory belong to (or are designed for), i.e. stable, testing or unstable.. For Ubuntu, these are release-updates, release-security etc. For example, xenial-updates, xenial-security. It's shown in the output as a=xenial, a=xenial-security. PPAs use just the release name for this, that's why it won't help much in Pinning.

• Component tells about the licencing thing. It's main, multiverse, restricted, universe in Ubuntu. In the output it's shown as c=main or c=restricted etc. Most PPAs use main for this field, thus it doesn't help in pinning much either.

• Architecture is about the OS architecture. Shown as b=i386 or b=amd64 in the output

• Codename is the release name of the distribution. For 16.04 it is xenial. For 14.04 it is trusty. Shown in apt-cache policy output as n=xenial or n=trusty. It's same for all repositories for a single distribution usually. That's why it doesn't help in pinning much.

The other line in apt-cache policy output starting with origin tells the Internet origin of the repository. It also can be used in pinning. But should not be mixed with Release files Origin field. Those are different.

We'll use these values to pin a repository.

So, how do we use pinning¹ to restrict repository?

There are several ways to control pinning and only a small-subset is effective for Ubuntu. A details explanation is beyond the scope of the answer though. Please refer to apt_preference man-page for this.

2. Pin file format

Pin or apt preference files reside in /etc/apt/preferences.d folder. Each pinning contain three lines.

• First line starts with Package: and a comma-seperated package names follow. Regular expressions and globs are allowed

• Second line starts with Pin: and it is used to target a set of packages.

  If we want to pin packages from xenial higher than xenial-updates, we'll use release a=xenial.

  If we want to pin version 5.0, we'll use version 5.0 here. Glob pattens are allowed.

  Or if we want to pin packages from origin http://archive.ubuntu.com, we'll use origin "archive.ubuntu.com". Note, we don't write http:// protocol there.

• Third line starts with Pin-Priority: and it's value is a number. Which signifies the priority of the targeted items above.

3. Using Release files fields to set priority

Here is an example

Package: *
Pin: release a=xenial
Pin-Priority: 1001

In this example, packages from xenial archives are given higher priority than xenial-updates and xenial-security.

After pinning, running an apt-cache policy nautilus shows that it indeed has given higher priority to a lower version from xenial archive over a higher-versioned from xenial-updates archive. Notice the Candidate: line.

nautilus:
  Installed: 1:3.18.5-0ubuntu1~xenial1
  Candidate: 1:3.18.4.is.3.14.3-0ubuntu4
  Version table:
 *** 1:3.18.5-0ubuntu1~xenial1 100
        100 /var/lib/dpkg/status
     1:3.18.4.is.3.14.3-0ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     1:3.18.4.is.3.14.3-0ubuntu4 1001
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

But, If we want to give priority over PPA provided packages too, this won't work. Because PPAs use same archive name xenial by default. So, assigning a priority to a=xenial will also apply to those packages. For example (after enabled PPA),

13:31 $ apt-cache policy nautilus
nautilus:
  Installed: 1:3.18.5-0ubuntu1~xenial1
  Candidate: 1:3.18.5-0ubuntu1~xenial1
  Version table:
 *** 1:3.18.5-0ubuntu1~xenial1 1001
        500 http://ppa.launchpad.net/budgie-remix/ppa/ubuntu xenial/main amd64 Packages
        500 http://ppa.launchpad.net/gnome3-team/gnome3/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status
     1:3.18.4.is.3.14.3-0ubuntu5 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     1:3.18.4.is.3.14.3-0ubuntu4 1001
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Now the candidate version is from a PPA. Both packages from xenial archive of official Ubuntu repo and the PPA have same priority 1001, because both of them use same value for Archive in Release file. To successfully pin, we need to combine more fields in Pin file.

Some examples

Pin a PPA repository

To pin packages from a repository, we need to target it using the information found from apt-cache policy command. We just saw that a=xenial won't help pin-pointing a repository. We need to use multiple fields together using comma in a preference file to precisely target a repository.

For example, to prevent all packages from http://ppa.launchpad.net/oibaf/graphics-drivers/ ppa, we can use

Package: *
Pin: release n=xenial,o=LP-PPA-oibaf-graphics-drivers
Pin-Priority: 10

Here we are using the codename value as well as Origin value of the PPA. (Though codename value is not required here actually). Sometimes repository may miss these value. In those cases, some other techniques should be used. The output of apt-cache policy libgl1-mesa-glx says that it works. It lowered the priority of all packages of this PPA.

libgl1-mesa-glx:
  Installed: 12.1~git1608200730.16ef7a~gd~x
  Candidate: 12.1~git1608200730.16ef7a~gd~x
  Version table:
 *** 12.1~git1608200730.16ef7a~gd~x 100
        -10 http://ppa.launchpad.net/oibaf/graphics-drivers/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status
     11.2.0-1ubuntu2.1 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
     11.2.0-1ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Ignore the fact that it is Candidate. This happended, because It is already installed in my system. Check the priority at the right

Pin a repository when release info is missing

If we want to pin a repository whose release information is missing, like this one http://download.opensuse.org/repositories/home:/sarimkhan/xUbuntu_14.04, we must use other method. Since, no other repository is using that origin, we can safely use origin to pin this repository.

Package: *
Pin: origin download.opensuse.org
Pin-Priority: 10

Note 1: This origin is the Internet origin, not the one which specifies Vendor in the Release file.

Note 2: Pin-Priority number has special meaning. Check apt_preference manual page for details.