How to tell from what Ubuntu or Debian repository a package comes?

debian package-management ubuntu

79,360

Solution 1

I run apt-cache policy <package name>:

$ apt-cache policy wajig
wajig:
  Installed: 2.1
  Candidate: 2.1
  Version table:
 *** 2.1 0
        100 /var/lib/dpkg/status
     2.0.47 0
        500 file:/home/wena/.repo_bin/ squeeze/main i386 Packages
        500 ftp://ftp.is.co.za/debian/ squeeze/main i386 Packages

That means that there are three wajig packages:

One that is installed (/var/lib/dpkg/status)
One that is available from a local repository (file:/home/wena/.repo_bin/)
One that is available from a remote repository (ftp://ftp.is.co.za/debian), which also happens to have the same version (2.0.47) as the one in a local repository

Additionally, apt-cache madison <package name> will display similar information in a tabular format.

 wajig |        2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe amd64 Packages
 wajig |        2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe Sources

Solution 2

Aha! Apparently, the proper apt command is not apt-cache info, but instead, apt-cache showpkg.

$ apt-cache showpkg linux-generic
Package: linux-generic
Versions: 
2.6.31.19.32 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_karmic-security_main_binary-amd64_Packages) (/var/lib/dpkg/status)
 Description Language: 
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages
                  MD5: 5d722da329763b9342d322f5a140005c

2.6.31.14.27 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages
                  MD5: 5d722da329763b9342d322f5a140005c


Reverse Depends: 
Dependencies: 
2.6.31.19.32 - linux-image-generic (5 2.6.31.19.32) 
2.6.31.14.27 - linux-image-generic (5 2.6.31.14.27) 
Provides: 
2.6.31.19.32 - 
2.6.31.14.27 - 
Reverse Provides:

The File: line provides the repository information after the /var/lib/apt/lists/.

There is a bug report that aptitude cannot display the source repository, but it seems at present the feature is still on the wish list.

Solution 3

I wonder why no one mentioned aptitude. I use it all the time.

Aptitude is:

Shipped by default with many Debian-based distributions. Can be installed to other (such as Ubuntu) via sudo apt install aptitude.
Does not require administrative privileges (at least for the command below).
Does have a nice ncurses GUI (but most of the time used without it).

Provides a really pretty output. To show versions of packages, use aptitude versions command:

 me@wheezy:~$ aptitude versions kde-standard
 Package kde-standard:                        
 i A 5:77+deb7u1     stable              500
 p A 5:84            testing,unstable    130

Does NOT have Super Cow Powers.

The letter in front of each string indicates the package's status, i is installed and p is purged (or never installed), stable, testing and unstable are repository definitions, the number in the end is a pin priority.

One caveat regarding recent versions of aptitude worth a mentioning here: by default it shows all the packages, which include the name you search, so use a regex magic a little to search by the strict name, for example aptitude versions ^kde-workspace$.

Solution 4

This works for me (shows where the 2vcard package is):

$ grep 2vcard /var/lib/apt/lists/* | grep "Filename:"

/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_universe_binary-i386_Packages:Filename: pool/universe/2/2vcard/2vcard_0.5-3_all.deb

You can apply additional filtering to check versions, etc., if multiple versions are available.

Solution 5

Sadly, this information is not recorded during package installation. You can make a decent guess if the repository is still in the source list and the repository still has the package:

grep -l PKG /var/lib/apt/lists/*

apt-cache showpkg is showing data from the repository database (not what is installed) so it's another form of the same information from the grep.

Even synaptic cannot tell (in the Origin screen) if you disable the repository and update.

View more solutions

79,360

Author by

lmkirvan

Updated on September 17, 2022

Comments

lmkirvan over 1 year

On a Debian-based system, including Ubuntu, how can one tell which repository a package will be downloaded from, without actually beginning the download? aptitude show and apt-cache info will show the section (e.g., metapackage, base, graphics), but not the repository to which a package belongs (e.g., http://ppa.launchpad.net/mactel-support/ppa/ubuntu or http://us.archive.ubuntu.com/ubuntu/).

When installing the package, the actual repository appears during the download (it is printed out in the "downloading from ..." output from apt and similar programs), but how can one obtain information on the repository containing the package (or a specific version of a package) without downloading and installing it first?

Additionally, how can one determine the source repository for a package that is already installed?
- quack quixote over 14 years
  
  i find this one of the deficiencies of Apt; it's just not easy to tell from which repository provides a certain package within the package installer tools.
lmkirvan over 14 years

Pragmatic. I'm surprised this information is not accessible through any of the front ends to dpkg, though.
tshepang over 13 years

@got It is available: superuser.com/questions/106794/…
Adobe about 12 years

But it doesn't show where the installed package came from, does it?
tshepang about 12 years

@Adobe In my case, the 2.1 version isn't available from any repository. It's locally-built.
SuB over 10 years

What is sign of installed package? *** or /var/lib/dpkg/status ?
bjhend about 7 years

Nice command but it doesn't list the repository as requested.
Neurotransmitter about 7 years

Actually it does.
reinierpost almost 7 years

You don't understand. Additional PPAs can be installed. It is important to know whether a package is from such a PPA. As a matter of fact, that's what I'm trying to figure out right now - if it is, I can remove the PPA, reducing the risk of problems.
Neurotransmitter over 6 years

Yes, you're right, with versions you can simply check the apt pinning values of the given packages, not the associated repos. It is still useful though if you know all your repos and how they are pinned.
Csaba Toth about 6 years

That aptitude feature is still on whislist 8 years later and I don't know why this answer (apt-cache showpkg) is not marked as the correct one.
John McGehee almost 6 years

When the package is not installed, apt-cache policy says: Installed: (none).
michael over 4 years

fwiw (a decade later), in my case, I was trying to tell if a package was installed via a repo or deb file, which this approach would (obviously) not consider; however, the simple command apt-cache policy {package} does work as expected in both these cases to identify the source of the package. superuser.com/a/236605/73961