APT – Advanced Package Tool

Updated 03-Aug-2025

APT -- Advanced Package Tool -- is all that is needed for most application installations when there are repositories which are regularly updated for packages of interest.

Note that apt essentially makes irrelevant apt-get so there is no reason for that redundancy any longer.

Note: Use aptitude when dealing with packages that have upgrade/downgrade issues, as aptitude provides better options for resolving issues. Use the -f flag with aptitude if the downgrading is out of hand.

If packages are kept back, simply install them directly with the install command. Use -f to force dependency upgrade.

Additional Note: Use apt or aptitude to install .deb packages including the ./ before packagename, as in:

> sudo apt install ./packagename

stable, backports, testing, unstable repos

For a stable system, using stable (or oldstable) and backports ensures stability. However, it doesn't deal with new hardware issues, or any kind of additional functionality, such as adding updated applications. For this, it is a matter of tracking down external packages, or using the testing or unstable repositories.

> Note that mixing repos is discouraged by debian and may result in breakage. See also choosing a distribution.

Currently, my main desktop is tied to an oldstable release to keep an older printer working properly.

I do expect to be running Debian 10, and Debian 11 (aka stable and test)more or less parallel (backup desktop, server, primary desktop).

Apt pinning

Upgrading the linux kernel using apt

Update Repositories

sudo apt update -y 
sudo apt update -y -t stretch-backports

Upgrade Applications

sudo apt upgrade -y --fix-missing
sudo apt upgrade -y -t stretch-backports --fix-missing

Broken Dependencies

sudo apt install -f

also

sudo apt --fix-broken install

Upgrade Distributon (e.g, Debian Stable)

sudo apt dist-upgrade -y --fix-missing

Clean, Autoclean, Check, Autoremove

All these commands can be run from apt. In particular, autoremove is a good option to keep things tidy.

sudo apt autoremove -y

Purge and Remove

To seriously remove things, do:

sudo apt --purge remove package-name

Sources

Sources are found in a few places:

sudo nano /etc/apt/sources.list

Current stable/backports sources:

(Note Trixie will be released on 09 AUG 2025, but backports do not currently exist, hence the need to comment them out.)

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware non-free
deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware

deb http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware

## deb http://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
## deb-src http://deb.debian.org/debian/ trixie-backports main contrib non-free non-free-firmware
ls /etc/apt/sources.list.d

Current additional sources (note, see extrepo below for making these obsolete):

docker.list
vivaldi.list

Extrepo

Note: as of late Trixie beta I've removed Extrepo and am going with some straight *.list -> *.sources files, as there are only two that I use (SyncThing and VSCodium) and I can't get SyncThing to work because of lag on the Extrepo updates. See above under modernize-sources.

Extrepo allows one to enable known external repositories, using a tool extrepo. Extrepo writes the necessary keys (to /usr/share/extrepo/offline-data/debian/...) and repositories (to /etc/apt/sources.list.d/...).

Install from apt, then enable and update various sources, for example:

sudo extrepo enable nginx
sudo extrepo enable vscodium
sudo extrepo enable syncthing
sudo extrepo enable sury

sudo extrepo update nginx
sudo extrepo update vscodium
sudo extrepo update syncthing
sudo extrepo update sury

Note: I seem to have to run these commands twice through, to get it to enable and update, at least the first time.

extrepo architecture error

Sometimes there is an architecture error, such as noted in this merge request: , if it isn't removed upstream, simply edit the repository file found in /etc/apt/sources.list.d/... and remove the offending architectures.

see also

extrepo man page

Debian Fasttrack

For making non-standard packages available to stable users (not using standard testing distribution).

rmadison

Note the use of rmadison which is a utility found in devscripts. To install:

sudo apt install devscripts

Use the command rmadison to find all available versions of an application across all debian repositories, e.g., rmadison inkscape will result in:

inkscape   | 0.92.4-3        | oldoldstable             | source, amd64, arm64, armhf, i386
inkscape   | 1.0.2-4~bpo10+1 | buster-backports         | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
inkscape   | 1.0.2-4~bpo10+1 | buster-backports-debug   | source
inkscape   | 1.0.2-4         | oldstable                | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
inkscape   | 1.2.2-2~bpo11+1 | bullseye-backports       | source, amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
inkscape   | 1.2.2-2~bpo11+1 | bullseye-backports-debug | source
inkscape   | 1.2.2-2         | stable                   | source
inkscape   | 1.2.2-2+b1      | stable                   | amd64, arm64, armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
inkscape   | 1.2.2-7         | testing                  | source
inkscape   | 1.2.2-7         | unstable                 | source
inkscape   | 1.2.2-7         | unstable-debug           | source
inkscape   | 1.2.2-7+b1      | testing                  | amd64, arm64, armel, armhf, i386, mips64el, ppc64el, riscv64, s390x
inkscape   | 1.2.2-7+b1      | unstable                 | mips64el, riscv64
inkscape   | 1.2.2-8         | buildd-unstable          | source, amd64, arm64, armel, armhf, i386, ppc64el, s390x
inkscape   | 1.2.2-8         | unstable                 | source, amd64, arm64, armel, armhf, i386, ppc64el, s390x
inkscape   | 1.2.2-8         | unstable-debug           | source
inkscape   | 1.4-3           | experimental             | source, amd64, armel, armhf, mips64el
inkscape   | 1.4-3           | experimental-debug       | source

Can I use PPAs in Debian?

Well, sort of, but should you? Only if really needed.

modernize-sources

This puts sources.list and all third-party *.list files into a modern format. Accomplish this with the command:

sudo apt modernize-sources

Some things end up with errors, which is largely due to an incompatibility or lack of .gpg and .asc files. For example, SyncThing and Vivaldi tend to have these problems. Basically, re-import the .asc and/or .gpg files then update the *.sources file to include the proper Signed-By: location.

Syncthing source

/etc/apt/sources.list.d/syncthing.sources

Types: deb
URIs: https://apt.syncthing.net/
Suites: syncthing
Components: stable
Signed-By: /etc/apt/keyrings/syncthing-archive-keyring.gpg
  • Install Syncthing *.gpg
sudo mkdir -p /etc/apt/keyrings
sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg

Vivaldi source

/etc/apt/sources.list.d/vivaldi.sources

Types: deb
URIs: https://repo.vivaldi.com/stable/deb/
Architectures: amd64
Suites: stable
Components: main
Signed-By: /etc/apt/trusted.gpg.d/vivaldi-browser.gpg
  • Install Vivaldi *.gpg
sudo wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor | sudo dd of=/etc/apt/trusted.gpg.d/vivaldi-browser.gpg

VSCodium source

/etc/apt/sources.list.d/vscodium.sources

Suites: vscodium
Uris: https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs/
Architectures: amd64 arm64
Components: main
Types: deb
Signed-By: /usr/share/keyrings/vscodium-archive-keyring.gpg
  • Install VSCodium *.gpg
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg \
    | gpg --dearmor \
    | sudo dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg

Debian source (Trixie)

  • Note this is without Backports as they don't yet exist (as of this writing).
# Modernized from /etc/apt/sources.list
Types: deb deb-src
URIs: http://deb.debian.org/debian/
Suites: trixie
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# Modernized from /etc/apt/sources.list
Types: deb deb-src
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

# Modernized from /etc/apt/sources.list
Types: deb deb-src
URIs: http://deb.debian.org/debian/
Suites: trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

PHP source

/etc/apt/sources.list.d/php.sources

Types: deb
URIs: https://packages.sury.org/php/
Suites: trixie
Components: main
Signed-By: /usr/share/keyrings/debsuryorg-archive-keyring.gpg
  • Install PHP *.list and *.gpg
sudo curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
sudo dpkg -i /tmp/debsuryorg-archive-keyring.deb
sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
sudo apt modernize-sources

Docker source

/etc/apt/sources.list.d/docker.sources

Types: deb
URIs: https://download.docker.com/linux/debian/
Suites: trixie
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
  • Install Docker *.list and *.gpg
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Resources

Note: mixing repositories is not needed and generally discouraged (called franken-distributions). Stable for servers, testing for desktop.

We use cookies only for WordPress functionality, and do not use third-party analytics or tracking.
Accept