Chapter 6. The Debian archives

There are three major distributions: the "stable" distribution, the "testing" distribution, and the "unstable" distribution. The "testing" distribution is sometimes "frozen" (see Section 6.5.1, “What about "testing"? How is it "frozen"?”). Next to these, there is the "oldstable" distribution (that's just the one from before "stable"), and the "experimental" distribution.

Experimental is used for packages which are still being developed, and with a high risk of breaking your system. It's used by developers who'd like to study and test bleeding edge software. Users shouldn't be using packages from there, because they can be dangerous and harmful even for the most experienced people.

See Chapter 3, Choosing a Debian distribution for help when choosing a Debian distribution.

They are just "codenames". When a Debian distribution is in the development stage, it has no version number but a codename. The purpose of these codenames is to make easier the mirroring of the Debian distributions (if a real directory like unstable suddenly changed its name to stable, a lot of stuff would have to be needlessly downloaded again).

Currently, stable is a symbolic link to bookworm (i.e. Debian GNU/Linux 12) and testing is a symbolic link to trixie. This means that bookworm is the current stable distribution and trixie is the current testing distribution.

unstable is a permanent symbolic link to sid, as sid is always the unstable distribution (see Section 6.3, “What about "sid"?”).

sid or unstable is the place where most of the packages are initially uploaded. It will never be released directly, because packages which are to be released will first have to be included in testing, in order to be released in stable later on. sid contains packages for both released and unreleased architectures.

The name "sid" also comes from the "Toy Story" animated motion picture: Sid was the boy next door who destroyed toys :-)

^[2]

Packages are installed into the "testing" directory after they have undergone some degree of testing in unstable.

They must be in sync on all architectures where they have been built and mustn't have dependencies that make them uninstallable; they also need to have fewer release-critical bugs than the versions currently in unstable. This way, we hope that "testing" is always close to being a release candidate.

More information about the status of "testing" in general and the individual packages is available at https://www.debian.org/devel/testing.

The "unstable" directory contains a snapshot of the current development system. Users are welcome to use and test these packages, but are warned about their state of readiness. The advantage of using the unstable distribution is that you are always up-to-date with the latest in GNU/Linux software industry, but if it breaks: you get to keep both parts :-)

There are also main, contrib and non-free subdirectories in "unstable", separated on the same criteria as in "stable".

The software that has been packaged for Debian GNU/Linux is available in one of several directory trees on each Debian mirror site.

The dists directory is short for "distributions", and it is the canonical way to access the currently available Debian releases (and pre-releases).

The pool directory contains the actual packages, see Section 6.10, “What's in the pool directory?”.

There are the following supplementary directories:

Within each of the major directory trees^[3], there are three sets of subdirectories containing index files.

There's one set of binary-something subdirectories which contain index files for binary packages of each available computer architecture, for example binary-i386 for packages which execute on Intel x86 PC machines or binary-sparc for packages which execute on Sun SPARCStations.

The complete list of available architectures for each release is available at the release's web page. For the current release, please see Section 4.1, “On what hardware architectures/systems does Debian GNU/Linux run?”.

The index files in binary-* are called Packages(.gz, .bz2) and they include a summary of each binary package that is included in that distribution. The actual binary packages reside in the top level pool directory.

Furthermore, there's a subdirectory called source/ which contains index files for source packages included in the distribution. The index file is called Sources(.gz, .bz2).

Last but not least, there's a set of subdirectories meant for the installation system index files, they are at debian-installer/binary-architecture.

Source code is included for everything in the Debian system. Moreover, the license terms of most programs in the system require that source code be distributed along with the programs, or that an offer to provide the source code accompany the programs.

The source code is distributed in the pool directory (see Section 6.10, “What's in the pool directory?”) together with all the architecture-specific binary directories. To retrieve the source code without having to be familiar with the structure of the archive, try a command like apt-get source mypackagename.

Due to restrictions in their licenses, source code may or may not be available for packages in the "contrib" and "non-free" areas, which are not formally part of the Debian system. In some cases only sourceless "binary blobs" can be distributed (see for instance firmware-misc-nonfree); in other cases the license prohibits the distribution of prebuilt binaries, but does allow packages of source code which users can compile locally (see broadcom-sta-dkms).

Packages are kept in a large "pool", structured according to the name of the source package. To make this manageable, the pool is subdivided by section ("main", "contrib" and "non-free") and by the first letter of the source package name. These directories contain several files: the binary packages for each architecture, and the source packages from which the binary packages were generated.

You can find out where each package is placed by executing a command like apt-cache showsrc mypackagename and looking at the "Directory:" line. For example, the apache packages are stored in pool/main/a/apache/.

Additionally, since there are so many lib* packages, these are treated specially: for instance, libpaper packages are stored in pool/main/libp/libpaper/.

^[4]

After a developer uploads a package, it stays for a short while in the "incoming" directory before it is checked that it's genuine and allowed into the archive.

Usually nobody should install things from this place. However, in some rare cases of emergency, the incoming directory is available at https://incoming.debian.org/. You can manually fetch packages, check the GPG signature and MD5sums in the .changes and .dsc files, and then install them.

Old releases are removed from the main archive and mirrors, which only keep the content of the releases up to "oldstable" (the stable release before the current one). If you are interested in obtaining older versions of packages, go to https://snapshot.debian.org/.

The snapshot archive is a wayback machine that allows access to old packages based on dates and version numbers. It consists of all past and current packages the Debian archive provides. It provides a valuable valuable resource for tracking down when regressions were introduced, or for providing a specific environment that a particular application may require to run. The snapshot archive is accessible like any normal apt repository, allowing it to be easily used by all.

If you have built some private Debian packages which you'd like to install using the standard Debian package management tools, you can set up your own apt-able package archive. This is also useful if you'd like to share your Debian packages while these are not distributed by the Debian project. Instructions on how to do this are given on the Debian Wiki.