How to tell from what Ubuntu or Debian repository a package comes?
Solution 1
I run apt-cache policy <package name>
:
$ apt-cache policy wajig
wajig:
Installed: 2.1
Candidate: 2.1
Version table:
*** 2.1 0
100 /var/lib/dpkg/status
2.0.47 0
500 file:/home/wena/.repo_bin/ squeeze/main i386 Packages
500 ftp://ftp.is.co.za/debian/ squeeze/main i386 Packages
That means that there are three wajig
packages:
One that is installed (
/var/lib/dpkg/status
)One that is available from a local repository (
file:/home/wena/.repo_bin/
)One that is available from a remote repository (
ftp://ftp.is.co.za/debian
), which also happens to have the same version (2.0.47) as the one in a local repository
Additionally, apt-cache madison <package name>
will display similar information in a tabular format.
wajig | 2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe amd64 Packages
wajig | 2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe Sources
Solution 2
Aha! Apparently, the proper apt
command is not apt-cache info
, but instead, apt-cache showpkg
.
$ apt-cache showpkg linux-generic
Package: linux-generic
Versions:
2.6.31.19.32 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_karmic-security_main_binary-amd64_Packages) (/var/lib/dpkg/status)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages
MD5: 5d722da329763b9342d322f5a140005c
2.6.31.14.27 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages
MD5: 5d722da329763b9342d322f5a140005c
Reverse Depends:
Dependencies:
2.6.31.19.32 - linux-image-generic (5 2.6.31.19.32)
2.6.31.14.27 - linux-image-generic (5 2.6.31.14.27)
Provides:
2.6.31.19.32 -
2.6.31.14.27 -
Reverse Provides:
The File:
line provides the repository information after the /var/lib/apt/lists/
.
There is a bug report that aptitude
cannot display the source repository, but it seems at present the feature is still on the wish list.
Solution 3
I wonder why no one mentioned aptitude
. I use it all the time.
Aptitude is:
-
Shipped by default with many Debian-based distributions. Can be installed to other (such as Ubuntu) via
sudo apt install aptitude
. -
Does not require administrative privileges (at least for the command below).
-
Does have a nice
ncurses
GUI (but most of the time used without it). -
Provides a really pretty output. To show versions of packages, use
aptitude versions
command:me@wheezy:~$ aptitude versions kde-standard Package kde-standard: i A 5:77+deb7u1 stable 500 p A 5:84 testing,unstable 130
-
Does NOT have Super Cow Powers.
The letter in front of each string indicates the package's status, i is installed and p is purged (or never installed), stable, testing and unstable are repository definitions, the number in the end is a pin priority.
One caveat regarding recent versions of aptitude worth a mentioning here: by default it shows all the packages, which include the name you search, so use a regex magic a little to search by the strict name, for example aptitude versions ^kde-workspace$
.
Solution 4
This works for me (shows where the 2vcard package is):
$ grep 2vcard /var/lib/apt/lists/* | grep "Filename:"
/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_universe_binary-i386_Packages:Filename: pool/universe/2/2vcard/2vcard_0.5-3_all.deb
You can apply additional filtering to check versions, etc., if multiple versions are available.
Solution 5
Sadly, this information is not recorded during package installation. You can make a decent guess if the repository is still in the source list and the repository still has the package:
grep -l PKG /var/lib/apt/lists/*
apt-cache showpkg
is showing data from the repository database (not what is installed) so it's another form of the same information from the grep.
Even synaptic cannot tell (in the Origin screen) if you disable the repository and update.
lmkirvan
Updated on September 17, 2022Comments
-
lmkirvan over 1 year
On a Debian-based system, including Ubuntu, how can one tell which repository a package will be downloaded from, without actually beginning the download?
aptitude show
andapt-cache info
will show the section (e.g., metapackage, base, graphics), but not the repository to which a package belongs (e.g., http://ppa.launchpad.net/mactel-support/ppa/ubuntu or http://us.archive.ubuntu.com/ubuntu/).When installing the package, the actual repository appears during the download (it is printed out in the "downloading from ..." output from apt and similar programs), but how can one obtain information on the repository containing the package (or a specific version of a package) without downloading and installing it first?
Additionally, how can one determine the source repository for a package that is already installed?
-
quack quixote over 14 yearsi find this one of the deficiencies of Apt; it's just not easy to tell from which repository provides a certain package within the package installer tools.
-
-
lmkirvan over 14 yearsPragmatic. I'm surprised this information is not accessible through any of the front ends to
dpkg
, though. -
tshepang over 13 years@got It is available: superuser.com/questions/106794/…
-
Adobe about 12 yearsBut it doesn't show where the installed package came from, does it?
-
tshepang about 12 years@Adobe In my case, the
2.1
version isn't available from any repository. It's locally-built. -
SuB over 10 yearsWhat is sign of installed package?
***
or/var/lib/dpkg/status
? -
bjhend about 7 yearsNice command but it doesn't list the repository as requested.
-
Neurotransmitter about 7 yearsActually it does.
-
reinierpost almost 7 yearsYou don't understand. Additional PPAs can be installed. It is important to know whether a package is from such a PPA. As a matter of fact, that's what I'm trying to figure out right now - if it is, I can remove the PPA, reducing the risk of problems.
-
Neurotransmitter over 6 yearsYes, you're right, with
versions
you can simply check the apt pinning values of the given packages, not the associated repos. It is still useful though if you know all your repos and how they are pinned. -
Csaba Toth about 6 yearsThat aptitude feature is still on whislist 8 years later and I don't know why this answer (
apt-cache showpkg
) is not marked as the correct one. -
John McGehee almost 6 yearsWhen the package is not installed,
apt-cache policy
says:Installed: (none)
. -
michael over 4 yearsfwiw (a decade later), in my case, I was trying to tell if a package was installed via a repo or deb file, which this approach would (obviously) not consider; however, the simple command
apt-cache policy {package}
does work as expected in both these cases to identify the source of the package. superuser.com/a/236605/73961