| 1. | APT bug page |
NAME
sources.list - List of configured APT data sources
DESCRIPTION
The source list /etc/apt/sources.list and the files contained in /etc/apt/sources.list.d/ are designed to support any number of active sources and a variety of source media. The files list one source per line (one-line style) or contain multiline stanzas defining one or more sources per stanza (deb822 style), with the most preferred source listed first (in case a single version is available from more than one source). The information available from the configured sources is acquired by apt-get update (or by an equivalent command from another APT front-end).
SOURCES.LIST.D
The /etc/apt/sources.list.d directory provides a way to add sources.list entries in separate files. Two different file formats are allowed as described in the next two sections. Filenames need to have either the extension .list or .sources depending on the contained format. The filenames may only contain letters (a-z and A-Z), digits (0-9), underscore (_), hyphen (-) and period (.) characters. Otherwise APT will print a notice that it has ignored a file, unless that file matches a pattern in the Dir::Ignore-Files-Silently configuration list - in which case it will be silently ignored.
The suggested filename for new systems is /etc/apt/sources.list.d/vendor.sources, where vendor is the result of dpkg-vendor --query Vendor | tr A-Z a-z, in deb822-style format. For example, Ubuntu uses /etc/apt/sources.list.d/ubuntu.sources.
ONE-LINE-STYLE FORMAT
Files in this format have the extension .list. Each line specifying a source starts with a type (e.g. deb-src) followed by options and arguments for this type. Individual entries cannot be continued onto a following line. Empty lines are ignored, and a # character anywhere on a line marks the remainder of that line as a comment. Consequently an entry can be disabled by commenting out the entire line. If options should be provided they are separated by spaces and all of them together are enclosed by square brackets ([]) included in the line after the type separated from it with a space. If an option allows multiple values these are separated from each other with a comma (,). An option name is separated from its value(s) by an equals sign (=). Multivalue options also have -= and += as separators, which instead of replacing the default with the given value(s) modify the default value(s) to remove or include the given values.
This is the traditional format and supported by all apt versions. Note that not all options as described below are supported by all apt versions. Note also that some older applications parsing this format on their own might not expect to encounter options as they were uncommon before the introduction of multi-architecture support.
This format is deprecated and may eventually be removed, but not before 2029.
DEB822-STYLE FORMAT
Files in this format have the extension .sources. The format is similar in syntax to other files used by Debian and its derivatives, such as the metadata files that apt will download from the configured sources or the debian/control file in a Debian source package. Individual entries are separated by an empty line; additional empty lines are ignored, and a # character at the start of the line marks the entire line as a comment. An entry can hence be disabled by commenting out each line belonging to the stanza, but it is usually easier to add the field "Enabled: no" to the stanza to disable the entry. Removing the field or setting it to yes re-enables it. Options have the same syntax as every other field: A field name separated by a colon (:) and optionally spaces from its value(s). Note especially that multiple values are separated by whitespaces (like spaces, tabs and newlines), not by commas as in the one-line format. Multivalue fields like Architectures also have Architectures-Add and Architectures-Remove to modify the default value rather than replacing it.
This is a new format supported by apt itself since version 1.1. Previous versions ignore such files with a notice message as described earlier. It is intended to make this format gradually the default format, deprecating the previously described one-line-style format, as it is easier to create, extend and modify for humans and machines alike especially if a lot of sources and/or options are involved. Developers who are working with and/or parsing apt sources are highly encouraged to add support for this format and to contact the APT team to coordinate and share this work. Users can freely adopt this format already, but may encounter problems with software not supporting the format yet.
THE DEB AND DEB-SRC TYPES: GENERAL FORMAT
The deb type references a typical two-level Debian archive, distribution/component. The distribution is generally a suite name like stable or testing or a codename like trixie or forky while component is one of main, contrib, non-free or non-free-firmware. The deb-src type references a Debian distribution's source code in the same form as the deb type. A deb-src line is required to fetch source indexes.
The format for two one-line-style entries using the deb and deb-src types is:
deb [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...]
deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...]Alternatively the equivalent entry in deb822 style looks like this:
\n
Types: deb deb-src
\n
URIs: uri
\n
Suites: suite
\n
Components: [component1] [component2] [...]
\n
option1: value1
\n
option2: value2
\nThe URI for the deb type must specify the base of the Debian distribution, from which APT will find the information it needs. suite can specify an exact path, in which case the components must be omitted and suite must end with a slash (/). This is useful for the case when only a particular sub-directory of the archive denoted by the URI is of interest. If suite does not specify an exact path, at least one component must be present.
suite may also contain a variable, $(ARCH) which expands to the Debian architecture (such as amd64 or armel) used on the system. This permits architecture-independent sources.list files to be used. In general this is only of interest when specifying an exact path; APT will automatically generate a URI with the current architecture otherwise.
Especially in the one-line-style format since only one distribution can be specified per line it may be necessary to have multiple lines for the same URI, if a subset of all available distributions or components at that location is desired. APT will sort the URI list after it has generated a complete set internally, and will collapse multiple references to the same Internet host, for instance, into a single connection, so that it does not inefficiently establish a connection, close it, do something else, and then re-establish a connection to that same host. APT also parallelizes connections to different hosts to more effectively deal with sites with low bandwidth.
It is important to list sources in order of preference, with the most preferred source listed first. Typically this will result in sorting by speed from fastest to slowest (CD-ROM followed by hosts on a local network, followed by distant Internet hosts, for example).
As an example, the sources for your distribution could look like this in the deprecated one-line-style format:
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian-security trixie-security main contrib non-free non-free-firmwareor like this in deb822 style format:
Types: deb
URIs: http://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: http://deb.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgTHE DEB AND DEB-SRC TYPES: OPTIONS
Each source entry can have options specified to modify which source is accessed and how data is acquired from it. Format, syntax and names of the options vary between the one-line-style and deb822-style formats as described, but they both have the same options available. For simplicity we list the deb822 field name and provide the one-line name in brackets. Remember that besides setting multivalue options explicitly, there is also the option to modify them based on the default, but we aren't listing those names explicitly here. Unsupported options are silently ignored by all APT versions.
Furthermore, there are options which if set affect all sources with the same URI and Suite, so they have to be set on all such entries and can not be varied between different components. APT will try to detect and error out on such anomalies.
Types: deb
URIs: https://deb.debian.org
Suites: stable
Components: main contrib non-free non-free-firmware
Signed-By:
\n
-----BEGIN PGP PUBLIC KEY BLOCK-----
\n
.
\n
mDMEYCQjIxYJKwYBBAHaRw8BAQdAD/P5Nvvnvk66SxBBHDbhRml9ORg1WV5CvzKY
\n
CuMfoIS0BmFiY2RlZoiQBBMWCgA4FiEErCIG1VhKWMWo2yfAREZd5NfO31cFAmAk
\n
IyMCGyMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQREZd5NfO31fbOwD6ArzS
\n
dM0Dkd5h2Ujy1b6KcAaVW9FOa5UNfJ9FFBtjLQEBAJ7UyWD3dZzhvlaAwunsk7DG
\n
3bHcln8DMpIJVXht78sL
\n
=IE0r
\n
-----END PGP PUBLIC KEY BLOCK-----Snapshot IDs are usually timestamps in the form of YYYYMMDDTHHMMSSZ, such as 20220102T030405Z which is the January 2nd, 2022 at 03:04:05 UTC, servers may however support additional types of IDs, and APT does not perform any checks so far.
URI SPECIFICATION
The currently recognized URI types are:
http (apt-transport-http(1))
Note that these forms of authentication are insecure as the whole communication with the remote server (or proxy) is not encrypted so a sufficiently capable attacker can observe and record login as well as all other interactions. The attacker can not modify the communication through as APT's data security model is independent of the chosen transport method. See apt-secure(8) for details.
https (apt-transport-https(1))
mirror, mirror+scheme (apt-transport-mirror(1))
file
cdrom
copy
adding more recognizable URI types
EXAMPLES
Uses the archive stored locally (or NFS mounted) at /home/apt/debian for stable/main, stable/contrib, stable/non-free and stable/non-free-firmware.
deb file:/home/apt/debian stable main contrib non-free non-free-firmwareTypes: deb
URIs: file:/home/apt/debian
Suites: stable
Components: main contrib non-free non-free-firmwareAs above, except this uses the unstable (development) distribution.
deb file:/home/apt/debian unstable main contrib non-free non-free-firmwareTypes: deb
URIs: file:/home/apt/debian
Suites: unstable
Components: main contrib non-free non-free-firmwareSources specification for the above.
deb-src file:/home/apt/debian unstable main contrib non-free non-free-firmwareTypes: deb-src
URIs: file:/home/apt/debian
Suites: unstable
Components: main contrib non-free non-free-firmwareThe first line gets package information for the architectures in APT::Architectures while the second always retrieves amd64 and armel.
deb http://deb.debian.org/debian trixie main
deb [ arch=amd64,armel ] http://deb.debian.org/debian trixie mainTypes: deb
URIs: http://deb.debian.org/debian
Suites: trixie
Components: main
Types: deb
URIs: http://deb.debian.org/debian
Suites: trixie
Components: main
Architectures: amd64 armelUses HTTP to access the archive at archive.debian.org, and uses only the hamm/main area.
deb http://archive.debian.org/debian-archive hamm mainTypes: deb
URIs: http://archive.debian.org/debian-archive
Suites: hamm
Components: mainUses HTTPS to access the archive at deb.debian.org, under the debian directory, and uses only the trixie/contrib area.
deb https://deb.debian.org/debian trixie contribTypes: deb
URIs: https://deb.debian.org/debian
Suites: trixie
Components: contribUses HTTPS to access the archive at deb.debian.org, under the debian directory, and uses only the unstable/contrib area. If this line appears as well as the one in the previous example in sources.list a single HTTPS session will be used for both resource lines.
deb https://deb.debian.org/debian unstable contribTypes: deb
URIs: https://deb.debian.org/debian
Suites: unstable
Components: contribUses HTTP to access the archive at ftp.tlh.debian.org, under the universe directory, and uses only files found under unstable/binary-i386 on i386 machines, unstable/binary-amd64 on amd64, and so forth for other supported architectures. [Note this example only illustrates how to use the substitution variable; official debian archives are not structured like this]
deb http://ftp.tlh.debian.org/universe unstable/binary-$(ARCH)/Types: deb
URIs: http://ftp.tlh.debian.org/universe
Suites: unstable/binary-$(ARCH)/Uses HTTP to get binary packages as well as sources from the stable, testing and unstable suites and the components main and contrib.
deb http://deb.debian.org/debian stable main contrib
deb-src http://deb.debian.org/debian stable main contrib
deb http://deb.debian.org/debian testing main contrib
deb-src http://deb.debian.org/debian testing main contrib
deb http://deb.debian.org/debian unstable main contrib
deb-src http://deb.debian.org/debian unstable main contribTypes: deb deb-src
URIs: http://deb.debian.org/debian
Suites: stable testing unstable
Components: main contribUses a specific timestamp for Snapshots.
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: stable testing unstable
Snapshot: 20250311T030104Z
Components: main contrib
\nDoesn't allow the optional parameter --snapshot.
Types: deb deb-src
URIs: http://deb.debian.org/debian-security
Suites: stable-security
Snapshot: disable
Components: main contrib non-free-firmware
\nSEE ALSO
apt-get(8), apt.conf(5), /usr/share/doc/apt/acquire-additional-files.md.gz
BUGS
APT bug page[1]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.
AUTHORS
Jason Gunthorpe
APT team
NOTES
- 1.
APT bug page