Ubuntu Sources List
We use CentOS, Debian, Ubuntu, and other OSes. If anyone inquires, "what OS do we use?" Most of us might reply, "We use Linux". But that is not Linux. Linux is only the kernel name. Actually, it is a different distribution of Linux.
Now, we may enquire, "what is Linux distribution?" Linux kernel can not do very stylish things itself. It is software that handles the hardware, allots memory to functions, helps us execute the program, and many other very low-level basic tasks for us. For example, if we want to edit any file using the nano text editor. The Linux Kernel does not have it. We need to install it separately on top of the Linux Kernel to use it.
- Linux Kernel would not help ordinary users without helpful programs.
- Installing programs again on top of the Linux kernel isn't something an ordinary user would like to do.
- So different individuals and companies packaged essential tools on top of the Linux kernel and grouped them for us.
- So, when we install it, we can begin working with the program we need. It is known as a Linux-based OS or a Linux distribution.
- Fedora, CentOS, Debian, Ubuntu, and others are Linux-based operating systems or Linux distributions. They are not just Linux.
- There are various software that we can not even count on Linux. Adding them all in one operating system package will make the operating system size unnecessarily harder and larger to distribute.
- So, the operating system requires a mechanism for easily installing packages as required.
- That way, they can add very basic services and make the process of installation smaller.
- It's easier to download, distribute, and develop for users and a more standard approach.
After that, the additional packages are hosted on an FTP server or web server of the Linux distro from which all users can get it. These FTP servers or web servers are known as package repositories. Also, we require a way to handle (install, delete, and download) the packages through the package repository. Thus, a package manager is added to our favorite distribution of Linux.
Ubuntu works on the basis of the Debian GNU/Linux distro. Ubuntu applies the APT (Advanced Package Tool) package manager for managing packages. This package manager and every graphical front end (aptitude, Muon, Ubuntu Software Center, etc.) apply the sources.list file for learning about which repositories or package repositories to use.
In this article, we will discuss how the file, i.e., sources.list, is utilized on Ubuntu.
The package manager and each of its graphical front end bring the package repository details from the file, i.e., /etc/apt/sources.list, and files from the directory, i.e., /etc/apt/sources.list.d.
Distinct package managers directly edit the file /etc/apt/sources.list in Ubuntu. We don't suggest adding custom package repositories there. If we require to add any extra package repository, it is best to add only these inside the directory, i.e., /etc/apt/sources.list.d/.
What is a sources.list?
The contents of the file, i.e., /etc/apt/sources.list, look something like the below image:
Here, lines beginning with the # (hash) symbol are comments. These are utilized for documentation on this file. Also, comments are used for disabling a package repository.
An APT line begins with deb, means that the package repository can share software packages as many pre-compiled binaries within the deb file format.
Also, An APT line begins with deb-src, means that this package repository can share software packages as a source code, which we will need to compile in our system to use. Every deb-src package repository is, by default, disabled in Ubuntu. We prefer them to be deactivated as we do not use them. Getting packages through sources takes some time, relying on the specification of our system.
After that, we have the FTP, HTTPS, or HTTP URL of the package repository. It is where every package database and package file is kept. The package manager can download the package metadata and other details for learning about what packages exist and where to install them.
Then, we need to enter inside the short codename of our Ubuntu operating system. It's different for all versions of Ubuntu. For instance, it's bionic in the 18.04 LTS version of Ubuntu.
We can check out what it's for our distribution using the below command:
Then, we put a space isolated list of distinct parts of that package repository. The package repository's packages may be categorized into several groups logically, as we can see in the highlighted section as follows.
The Ubuntu package repository is categorized into main, universe, restricted, and multiverse sections. We added only restricted and main segments of the bionic package depository in this example.
The directory, i.e., /etc/apt/sources.list.d, offers a way to include the entries of sources.list in isolates files. Two distinct file formats are permitted. Filenames require to have either the .sources and .list extension, depending on the included format. These filenames may just include period (.) characters, hyphen (-), underscore (_), digits (0-9), and letters (A-Z and a-z). In different circumstances, APT would print a note that it avoided a file, but that file should be the same as a pattern within the configuration list, i.e., Dir::Ignore-Files-Silently.
In this format, files have the .list extension. All lines defining a source begin with a type followed by arguments and options for this type. Single entries can't be stable onto any following line. Blank lines are avoided, and a # character on a line anywhere highlights the line's remainder as a comment. An entry can consequently be deactivated by commenting out the whole line. In case options should be given, they are isolated by spaces, and each of them together is enveloped by square brackets added in the line later the type isolated from it along with the space.
- If any option permits more than one value, they are isolated from each other along with a comma.
- The name of an option is isolated from its values by an equal (=) sign.
- Also, multi-value options have += and -= as separators, which rather than substituting the default with the provided value, change the default value to include or remove the provided values.
It is the traditional style and is supported by every apt version. Remember that not every option is supported by every version. Also, remember that a few previous applications parsing this style on their own may not imagine encountering options because they were abnormal before the multi-architecture support introduction.
In this format, files have the .sources extension. This format is the same in terms of the syntax of another file utilized by Debian and its derivatives, like the file of metadata that apt will install from the built sources or the control/Debian file in the Debian source package.
- Single entries are isolated by a black line; extra black lines are avoided, and a # character marks the whole line at the beginning of the line as a comment.
- Hence, an entry can be deactivated by commenting out all lines related to the stanza. However, it's easier to add the "Enabled: no" field to the stanza to deactivate the entry.
- Deleting the field and setting it yes to re-enable it.
- The options have a similar system as all other fields.
- The name of a field is isolated by a colon and spaces through its values optionally.
Note: More than one value is isolated by whitespaces (such as newlines, tabs, and spaces), not by commas. Multi-value fields, such as Architectures, also contain Architectures-Remove and Architectures-Add to change the default value instead of replacing it.
- It is a new format that has been supported via apt itself since the 1.1 version.
- Old versions ignore such files along with an alert message as defined earlier.
- It's intended to enable this format to the default format gradually, deprecating the earlier defined one-line-style format because it's easier to modify, extend, and create for machines and humans alike, especially when several options and sources are involved.
Developers working with parsing sources are encouraged for adding support in this format and for contacting the APT team to share and coordinate this work. Users can already accept this format but may face some problems with applications not supporting this format yet.
The file list one-line style (one source/line) includes multi-line stanzas describing multiple deb822 style (sources/stanza), with the most suggested source mentioned first. The information from the sources is inherited by the apt-get update command.
deb and deb-src options
All source entries can have many options specified to change which source is used and how data is inherited from it. Names, syntax, and formats of the options vary among the deb822-style and one-line-style formats as defined, but they have similar options available.
We mentioned the deb822 fieldname for simplicity and gave the one-line name inside the brackets. Note that alongside setting multi-value options, there is also an option to change them on the basis of the default. However, we are explicitly not mentioning those names here. Silently, unsupported options are avoided by every APT release.
- Architecture (arch): It is a multi-value option specifying for which architecture details must be downloaded. If Architecture is not configured, the default is every architecture specified by the config option, i.e., APT::Architecture.
- Language (lang): It is a multi-value option specifying for which language details, like converted package descriptions, must be downloaded. If language is not configured, the default is every language specified by the config option, i.e., Acquire::Languages.
- Target (target): It is a multi-value option specifying which download points apt will attempt to inherit from the source. The default set is specified by the configuration scope, i.e., Acquire::IndexTargets, if not specified (targets are described by names within the Created-By field). Targets can additionally be disabled or enabled by applying the Identifier field as any option along with a boolean value rather than applying this multi-value option.
- By-Hash (by-hash): This option can have the force, yes, or no values and manages if APT should attempt to inherit indexes by a URI configured from the expected files hashsum rather than using a stable filename of an index. It can ignore hashsum mismatches but needs a supporting mirror. A no or yes value enables or disables the use of this aspect if the source represents support for it, but force will activate the aspect irrespective of what the source represents. Defaults to the option's value of a similar name for a particular index file specified in the scope, i.e., Acquire::IndexTargets, which also defaults to the Acquire::By-Hash configuration option value, which defaults to the yes value.
- PDiffs (pdiffs): It is a no/yes value which handles if APT should attempt to apply PDiffs for entirely updating previous indexes rather than downloading the fresh indexes. This option's value is avoided if the repository does not announce the PDiffs availability. Defaults to the option's value with a similar name for a particular index file specified in the scope, i.e., Acquire::IndexTargets, which also defaults to the Acquire::PDiffs configuration option value, which defaults to the yes value.
Furthermore, there are many options which, if configured, affect every source with a similar Suite and URI, so they need to be configured on every such entry and can't be varied among different elements.
- Allow-Downgrade-To-Insecure (allow-downgrade-to-insecure), Allow-Weak (allow-weak), and Allow-Insecure (allow-insecure) are boolean values which each default to no. They circumvent segments of apt-secure and should not be lightly used if set to yes.
- Trusted (trusted): It is a tri-state value. By default, its value is APT, determining if a source is taken trusted or if alerts should be boosted before. For example, packages are downloaded using this source. The trusted option can be applied to override the decision. The yes value indicates that APT will always take this source trusted, even when it does not pass verification checks.
- Signed-By (signed-by): It is either a complete path to any keyring file (needs to be readable and accessible for the _apt user, so make sure that everyone contains read permissions on this file) or one or multiple fingerprints of the keys either inside the keyring, i.e., trusted.gpg, or the keyrings inside the directory, i.e., trusted.gpg.d/.
In this keyring, only the key or only the keys using these fingerprints are utilized for the apt-secure authentication of this repository if this option is set. Defaults to the option's value with a similar name if set within the old inherited Release file. If not, every key is taken as valid signers in the trusted keyrings for this repository.
- Check-Valid-Until (check-valid-until): It is a no/yes value which manages if APT should attempt to find replay attacks. The creator of a repository can announce a time until which the information given in the repository must be taken valid and when this time is completed. However, no new information is given, the information is considered expired, and a failure is raised.
Also, it helps users recognize mirrors that aren't updated. Although, a few repositories, like historic archives, aren't updated by design anymore, so this check could be deactivated by setting to no this option. Defaults to the Acquire::Check-Valid-Until configuration option value, which defaults to the yes value itself.
- Valid-Until-Max (valid-until-max) and Valid-Until-Min (valid-until-min): It can be used to lower and raise the time in seconds where the data is taken valid from this repository. Especially Max can be helpful if the repository gives no valid untilled on the release file for setting over value. At the same time, min can be used for increasing the valid time over seldom updated mirrors of less usable but more often updated archives rather than entirely deactivating the check. Defaults to the configuration options Acquire::Max-ValidTime and Acquire::Min-ValidTime value, which by default are unset.
- Check-Date (check-date): It is a no/yes value which manages if APT should consider the time of the machine correct and hence implement related checks, like authenticating that a Release file isn't from the future. Also, deactivating it deactivates the option, i.e., Check-Valid-Until.
- Date-Max-Future (date-max-future): It manages how far a repository may be from the future. Default to the Acquire::Max-FutureTime configuration option value which is by default 10 seconds.
- InRelease-Path (inrelease-path): It determines the way to the InRelease file, corresponding to the normal placement of an InRelease file. This option is by default unset, and APT will attempt to grab an InRelease, in case that fails, any Release file and its related Release.gpg file. The specified way will be attempted by setting the option rather than the InRelease file, and the Release file fallback will be deactivated.
The types of URI are as follows:
- http: The http scheme describes an HTTP server for any archive, and it is the most used technique.
- https: The http scheme describes an HTTP server, and it is the same in available options and usage as the http scheme. The primary difference between these two is that the negotiation between the server and apt is encrypted.
- file: It permits an arbitrary directory to be considered an archive within the file system. It is helpful for archives or local mirrors and NFS mounts.
- cdrom: This scheme permits APT to utilize a local USB, DVD, or CD-ROM with media swapping. We can apply the apt-cdrom program to make cdrom entries within the source list.
- copy: It is the same as the file scheme, except the packages are exact into the cache directory rather than directly used at their location. It is helpful for users using removable media for copying files with APT.
- ftp: This scheme defines an FTP server for any archive. On the decline, the uses of FTP are in https and http favor, and several archives either never provided or are separating FTP access. If we still need this technique, several configuration options for it are present inside the scope, i.e., Acquire::ftp and describe in apt.conf.
- ssh, rsh: It conjures RSH/SSH to link to a remote host and use the files. Prior configuration of RSA keys or rhosts is suggested. The standard commands are used for performing the file transfer through the remote host.
That is basically all we require to understand about source.list in Ubuntu.
Add multiverse, universe, and other repositories
By default, we should have the universe and main repositories enabled. But, if we wish to enable extra repositories from the command line, here are some commands below to do so.
- We can use the following command to activate the Universe repository:
- We can use the following command to activate the Restricted repository:
- We can use the following command to activate the Multiverse repository:
After adding the above repositories, we must run the command, i.e., sudo apt update, so that our system makes the local cache using package information.
- If we wish to delete a repository, we can add the -r option, like the below command:
- We can visit the Software & Updates section to graphically enable a repository. We will see an option to activate the partner repository within the Other Software tab.
- We can uncheck the option to deactivate the repository.