Debian sources.list Demystified

I have always had a hard time trying to figure out how to configure sources.list in Debian or its derivatives, like Ubuntu. To learn this thing myself, and to give a basic introduction to all, this post is being written.

Debian uses dpkg, apt-get, aptitude, and other programs to install and maintain software packages. These applications, in turn, use the /etc/apt/sources.list file to figure out which repositories to use and where they are located. Depending on how you configure sources.list, the selection of software available to you will vary. So it is important to learn more about this critical piece of your Debian experience.

The format of sources.list file is thus: deb uri distribution [component1] [component2] [...], and these parts are explained below. There is one source on one line, and the most important source comes first. As you add more sources on more lines, their importance decreases based on their location (from top to bottom).


You have two choices here: deb and deb-src. deb means that you want binary packages, and deb-src means you want source packages. Usually both are used, on their own lines, of course.


This is where you specify the location of the repository. It can be local (file:/), CD (cdrom:/), FTP, HTTP, SSH, RSH, and copy.


You have the following choices, written here in descending order of stability and ascending order of new versions of software available: stable, testing, unstable, and experimental.


Component or category has three choices: main, contrib, and non-free. These are “kinds” of packages as sorted based on the Debian philosophy: Debian Policy Manual – The Debian Archive.


deb stable main contrib non-free
deb-src stable main
deb stable/updates main contrib non-free
deb-src stable/updates main


This was just a basic introduction to get you started. To learn more, check out sources.list manpage; How to Have a Pleasant Installation (for Debian Newbies); use aptitude instead of synaptic and why;


5 Responses to Debian sources.list Demystified

  1. Regarding the ‘distribution’ entry, it should also be noted that you can use named releases, instead of ‘stable’, ‘testing’, etc.

    So, for example, if you wanted to lock yourself to ‘etch’, you can list that instead of ‘stable’. Then, in the future, when a new ‘stable’ is released, you will continue to use the same release.

  2. Pingback: Debianizzati.Org » Approfondiamo /etc/apt/sources.list.

  3. Prasinos says:

    Sorry but your post is redundant. This info is already on a million places (and the manpage of sources.list is clear and has many examples).

  4. hs says:

    I found a file called apt_preferences which can be used to assign preference to a repository over another for a particular version of a package. By default if a repository occurs before another, it is preferred. But these preferences can be fine-tuned using apt_preferences (apt pinning). Yum in CentOS also has the same feature via a plug-in, called Yum Priorities.

  5. hs says:

    Some more information: there are no third-party mirrors for Debian security updates, instead the same domain name uses mirrors behind the scenes, implemented using DNS. So for security updates, that is the mirror you use.

    If you do something like sudo aptitude update and you see Ign, then Ign means the repository is being ignored because nothing has changed since we last checked.

    To clean the cache of packages, run the command: sudo aptitude clean and it will clear the cache.

%d bloggers like this: