How to install packages from a newer distribution without installing unwanted

George Shuklin
Aug 1, 2017 · 2 min read

Debian and Ubuntu only.


We have an older version of distribution on a server and we want to install some (but not all) packages from a newer distro. We absolutely don’t want to have squall of system updates from the newer distribution and we want only few packets. To make it simple I’ll focus on ‘one packet’ case.

Solution: pinning by repository name

I will give example of package whois installed from xenial to trusty.

Step 1: Add new repository to apt sources. Normally it’s done by duplicating line in /etc/apt/sources.list (or corresponding file in the /etc/apt/sources.list.d). In this example before change we have file /etc/apt/sources.list with following content:

deb trusty main restricted universe 
deb trusty-security main restricted universe

After adding a new source:

deb trusty main restricted universe deb trusty-security main restricted universe
deb xenial main restricted universe
deb xenial-security main restricted universe

(please, be careful, as without later steps any apt-get update command will screw your system).

Step 2: Add preferences file for apt: /etc/apt/preferences.d/somename.pref:

Package: *
Pin: release n=xenial
Pin-Priority: -10
Package: whois
Pin: release n=trusty
Pin-Priority: 500

Step 3: apt-get update

Step 4: check if policy worked:

whois is coming from our new repo:

apt-cache policy whois
Installed: 5.1.1
Candidate: 5.2.11
Package pin: 5.2.11 <== pinning worked!
Version table:
5.2.11 500
-10 xenial/main amd64 Packages
*** 5.1.1 500
500 trusty/main amd64 Packages
100 /var/lib/dpkg/status

and libc-bin(an example of a very important system package we don’t want to upgrade) is coming from the older repo:

apt-cache policy libc-bin
Installed: 2.19-0ubuntu6.11
Candidate: 2.19-0ubuntu6.13
Version table:
2.23-0ubuntu9 0
-10 xenial-updates/main amd64 Packages
-10 xenial-security/main amd64 Packages
2.23-0ubuntu3 0
-10 xenial/main amd64 Packages
2.19-0ubuntu6.13 0
500 trusty-security/main amd64 Packages
500 trusty-updates/main amd64 Packages
*** 2.19-0ubuntu6.11 0
100 /var/lib/dpkg/status
2.19-0ubuntu6 0
500 trusty/main amd64 Packages

It’s really important to check if pinning is actually holding other packages on the old repo!

Now we can easily install newer version: apt-get upgrade, or just apt-get install whois.

And if we ever wonder about pinned packages, they all are listed at the end of apt-cache policy output:

Pinned packages:
pam-ssh-agent-auth -> 0.10.2-0ubuntu0ppa1
whois -> 5.2.11

George Shuklin

Written by

I work at, most of my stories are about Ansible, Ceph, Python, Openstack and Linux.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade